BestHub
Sign in
Operations 7 min read

Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

This guide explains how to configure the vsftpd FTP server on Linux, covering port settings, disabling anonymous and real user logins, active and passive mode configuration, firewall rules, and step‑by‑step creation of virtual users with PAM authentication and per‑user configuration files.

php Courses
php Courses
php Courses
Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

After installing vsftpd and understanding its main configuration file /etc/vsftpd/vsftpd.conf, you can set up a functional FTP service.

Port and basic options

Set the listening port and enable downloads and client limits:

listen_port=21
download_enable=YES
max_clients=100
max_per_ip=100

Disable anonymous login anonymous_enable=NO Real users are discouraged from using FTP because of its plaintext nature; instead, use SFTP.

Active and passive mode configuration

Enable active mode: connect_from_port_20=YES Open firewall for port 21 and allow established connections:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT # FTP service
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Enable passive mode with a port range of 10001‑11000:

pasv_enable=YES
pasv_min_port=10001
pasv_max_port=11000

Allow the passive ports through the firewall:

iptables -A INPUT -p tcp --dport 10001::11000 -j ACCEPT # ftp passive ports

Configure virtual users

1. Create a password file /etc/vsftpd/vusers where odd lines are usernames and even lines are passwords, e.g.:

ftptest1
111111
ftptest2
222222

2. Generate the authentication database:

db_load -T -t hash -f /etc/vsftpd/vusers /etc/vsftpd/login.db

Set its permissions: chmod 600 login.db 3. Edit the PAM file /etc/pam.d/vsftpd to use the database:

auth    required    /lib64/security/pam_userdb.so  db=/etc/vsftpd/login
account required    /lib64/security/pam_userdb.so  db=/etc/vsftpd/login

4. Create a system user to own the virtual users’ directories (optional): # useradd -d /home/vsftp -s /sbin/nologin ftpuser Set directory permissions: # chmod 755 /home/vsftp/ 5. Add the following lines to /etc/vsftpd/vsftpd.conf to enable virtual users:

# Enable virtual user login
guest_enable=YES
# Map virtual users to a local user
guest_username=ftpuser
# PAM service name
pam_service_name=vsftpd
# Allow writable chroot
allow_writeable_chroot=YES

6. To give each virtual user a separate configuration file, add: user_config_dir=/etc/vsftpd/config Then create per‑user config files, for example for ftptest1:

local_root=/home/vsftp/ftptest1
download_enable=yes
anon_upload_enable=yes
anon_other_write_enable=YES
anon_mkdir_write_enable=yes
anon_world_readable_only=no
anon_max_rate=100000

Users without a dedicated config (e.g., ftptest2) will use the main configuration file.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxSecurityServer ConfigurationFTPVirtual Usersvsftpd
php Courses
Written by

php Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment