Setup VSFTPD Server with Virtual Users On CentOS, RHEL, Scientific Linux 6.5/6.4/6.3

We have already shown you How to Setup VSFTPD Server on CentOS 6.5/6.4 in our previous article. In that method, the users created in the server itself were logged-in to FTP server (i.e. local users). But what if the users who don’t have a local account in FTP server?

Well, in this article we let us setup vsftpd server with virtual users. ie. the users who don’t have local account in the FTP server itself can login to FTP server.

I assume that you already have installed and configured FTP server. If didn’t, visit to the above mentioned link to setup FTP server.

Install Berkeley Database(db4)

In this method, we use Berkeley database(db4(version4) to store virtual user names with their passwords. First install db4-utils package if it not installed:

# yum install db4-utils db4 -y

Create database file for virtual users

First create a plain text file and enter the virtual user names and their passwords one by one. Then create the db file from the plain text file.

For instance, i create a plain text file called virtual_users.txt in /home directory with username senthil and password centos:

# vi /home/virtual_users.txt

Add username and password one by one.

senthil
centos

Save and exit the file. Run the following command to create database file:

# db_load -T -t hash -f /home/virtual_users.txt /etc/vsftpd/virtual_users.db

Here virtual.db is the actual database file for virtual users.

Create a PAM file

Now create a PAM file to use the database virtual_users.db which we created from the plain text file. Create a file/etc/pam.d/vsftpd_virtual,

# vi /etc/pam.d/vsftpd_virtual

Add the following lines:

#%PAM-1.0
auth    required        pam_userdb.so   db=/etc/vsftpd/virtual_users
account required        pam_userdb.so   db=/etc/vsftpd/virtual_users
session required        pam_loginuid.so

Save and exit the file.

vsftpd configuration

Edit file /etc/vsftpd/vsftpd.conf,

# vi /etc/vsftpd/vsftpd.conf

Make sure that you have added or edited the following lines as shown below:

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

## Enable virtual users
guest_enable=YES

## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES

#
# Uncomment this to enable any form of FTP write command.
write_enable=YES

## PAM file name
pam_service_name=vsftpd_virtual

## Home Directory for virtual users
user_sub_token=$USER
local_root=/ftp/virtual/$USER

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES

## Hide ids from user
hide_ids=YES

Save and exit the file.

Now create home directories for virtual users:

# mkdir -p /ftp/virtual/senthil
# chown -R ftp:ftp /ftp/virtual/senthil/

Start or restart vsftpd service:

# service vsftpd restart

Now try to login to FTP server using virtual user senthil with password centos:

# ftp 192.168.1.101
Connected to 192.168.1.101 (192.168.1.101).
220 Welcome to UNIXMEN FTP service.
Name (192.168.1.101:root): senthil
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> 

Now you will able to login to FTP server with user senthil since i didn’t create any user called senthil.

Verify the log files using the following command:

# tail -f /var/log/secure

Sample output:

Dec 24 18:32:04 server vsftpd[3557]: pam_userdb(vsftpd_virtual:auth): user 'senthil' granted access

Login via your browser