Join Log in
Score:0
avatar Server

vsftpd - Config for exactly one virtual user

th flag
RaspyVotan

I cannot get vsftpd to work correctly - grateful for any help.

Ultimate goal: I would like to have one virtual user that can only upload files to location "/srv/ftp/scanner" . This user should have the least privileges possible.

System

Debian 11 (bullseye)

vsftpd version: 3.0.3

Installation so far I created a linux user "ftp" on the system:

$ sudo cat /etc/passwd | grep ftp
ftp:x:109:115:ftp daemon,,,:/srv/ftp:/bin/bash

I created a config file:

$ sudo cat /etc/vsftpd.conf
listen=YES
listen_ipv6=NO
use_localtime=YES

xferlog_enable=YES


anonymous_enable=NO
local_enable=YES
guest_enable=YES
pam_service_name=vsftpd_virtual
guest_username=ftp
nopriv_user=ftp
#virtual_use_local_privs=YES

write_enable=YES
download_enable=YES
dirlist_enable=YES
chmod_enable=YES
hide_ids=Yes

chroot_local_user=YES
allow_writeable_chroot=YES
local_root=/srv/ftp/

secure_chroot_dir=/var/run/vsftpd/empty

local_umask=022

ssl_enable=NO

pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30500

I also created the pam_service in /etc/pam.d:

#%PAM-1.0
auth    required pam_pwdfile.so pwdfile /etc/vsftpd/virtual_users.pwd
account required pam_permit.so

The user rights in the respective folders are as follows:

$ ls -la
insgesamt 12
drwxr-xr-x 3 ftp  ftp  4096 15. Dez 18:41 .
drwxr-xr-x 3 root root 4096 13. Dez 22:57 ..
drwxrwx--- 2 ftp  ftp  4096 16. Dez 13:33 scanner

Expected behaviour: I would like start an ftp session remotely and send a file to the server

Acutal behaviour as of now: I manage to log in, but I cannot send a file to the server. I can change folders and show the current folder.

$ftp username@address
Connected to address.
220 (vsFTPd 3.0.3)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
Remote directory: /
ftp> ls -la
229 Entering Extended Passive Mode (|||30396|)
150 Here comes the directory listing.
drwxr-xr-x    3 ftp      ftp          4096 Dec 15 18:41 .
drwxr-xr-x    3 ftp      ftp          4096 Dec 15 18:41 ..
drwxrwx---    2 ftp      ftp          4096 Dec 16 13:33 scanner
226 Directory send OK.
ftp> send _file_ftp
local: _file_ftp remote: _file_ftp
229 Entering Extended Passive Mode (|||30091|)
550 Permission denied.
ftp>

I suspect that I

  • either do not set up the linux user correctly to ftp (should be managed by "guest_username=ftp")
  • the rights are not set correctly on the folder system

Any help on this?

Raspyvotan

73
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.