BestHub
Sign in
Operations 7 min read

Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

This guide explains how to configure the vsftpd FTP server on Linux, covering port settings, disabling anonymous and real user logins, active and passive mode configuration, firewall rules, and step‑by‑step creation of virtual users with PAM authentication and per‑user configuration files.

php中文网 Courses
php中文网 Courses
php中文网 Courses
Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

After installing vsftpd and understanding its main configuration file /etc/vsftpd/vsftpd.conf , you can set up a functional FTP service.

Port and basic options

Set the listening port and enable downloads and client limits:

listen_port=21

download_enable=YES

max_clients=100

max_per_ip=100

Disable anonymous login

anonymous_enable=NO

Real users are discouraged from using FTP because of its plaintext nature; instead, use SFTP.

Active and passive mode configuration

Enable active mode:

connect_from_port_20=YES

Open firewall for port 21 and allow established connections:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT # FTP service

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Enable passive mode with a port range of 10001‑11000:

pasv_enable=YES

pasv_min_port=10001

pasv_max_port=11000

Allow the passive ports through the firewall:

iptables -A INPUT -p tcp --dport 10001::11000 -j ACCEPT # ftp passive ports

Configure virtual users

1. Create a password file /etc/vsftpd/vusers where odd lines are usernames and even lines are passwords, e.g.:

ftptest1

111111

ftptest2

222222

2. Generate the authentication database:

db_load -T -t hash -f /etc/vsftpd/vusers /etc/vsftpd/login.db

Set its permissions:

chmod 600 login.db

3. Edit the PAM file /etc/pam.d/vsftpd to use the database:

auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/login

account required /lib64/security/pam_userdb.so db=/etc/vsftpd/login

4. Create a system user to own the virtual users’ directories (optional):

# useradd -d /home/vsftp -s /sbin/nologin ftpuser

Set directory permissions:

# chmod 755 /home/vsftp/

5. Add the following lines to /etc/vsftpd/vsftpd.conf to enable virtual users:

# Enable virtual user login

guest_enable=YES

# Map virtual users to a local user

guest_username=ftpuser

# PAM service name

pam_service_name=vsftpd

# Allow writable chroot

allow_writeable_chroot=YES

6. To give each virtual user a separate configuration file, add:

user_config_dir=/etc/vsftpd/config

Then create per‑user config files, for example for ftptest1 :

local_root=/home/vsftp/ftptest1

download_enable=yes

anon_upload_enable=yes

anon_other_write_enable=YES

anon_mkdir_write_enable=yes

anon_world_readable_only=no

anon_max_rate=100000

Users without a dedicated config (e.g., ftptest2 ) will use the main configuration file.

LinuxsecurityServer ConfigurationFTPVirtual Usersvsftpd
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment