BestHub
Sign in
Backend Development 9 min read

Secure FTP with vsftpd: PAM & MySQL Virtual User Setup Guide

This tutorial walks through installing and configuring vsftpd on CentOS, explaining its core principles, response codes, PAM authentication, and step‑by‑step creation of MySQL‑backed virtual FTP users with customized access controls.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Secure FTP with vsftpd: PAM & MySQL Virtual User Setup Guide

Introduction

vsftpd is a lightweight, secure FTP server widely used in Linux distributions. This article explains its basic features and shows how to implement virtual user access control using PAM and MySQL/MariaDB.

Basic Configuration Overview

Working Principle

Status Response Codes

1xx: Informational

2xx: Success

3xx: Further information required

4xx: Client error

5xx: Server error

User Authentication

Virtual users are mapped to a specific system account and access a designated home directory.

nsswitch: network server switch, configuration file: /etc/nsswitch.conf
pam: pluggable authentication module, configuration file: /etc/pam.d.conf

Configuration Files

Key locations on CentOS 6.6:

/etc/pam.d/vsftpd   # PAM authentication file
/etc/rc.d/init.d/vsftpd   # Service script
/etc/vsftpd/   # Configuration directory
/etc/vsftpd/vsftpd.conf   # Main config file
/var/ftp   # Anonymous user shared resources

Virtual User Access Control

Virtual users are stored either as hashed files (odd lines username, even lines password) or in a relational database via the pam_mysql module.

Workflow Diagram

Configuration Steps

Environment Preparation

FTP server: 172.16.10.10 (CentOS 6.6)

Database server: 172.16.10.211 (CentOS 6.6, MariaDB)

Install vsftpd and pam_mysql on the FTP server; install MySQL/MariaDB on the database server.

Create Virtual Users

# MySQL commands
CREATE DATABASE vsftpd;
USE vsftpd;
GRANT SELECT ON vsftpd.* TO vsftp@'172.16.10.10' IDENTIFIED BY 'vpass';
FLUSH PRIVILEGES;
CREATE TABLE users (
  id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
  name VARCHAR(50) BINARY NOT NULL,
  password CHAR(48) BINARY NOT NULL
);
INSERT INTO users (name, password) VALUES ('tom', PASSWORD('scholar'));
INSERT INTO users (name, password) VALUES ('alice', PASSWORD('scholar'));

vsftpd Configuration

# /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftp passwd=vpass host=172.16.10.211 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftp passwd=vpass host=172.16.10.211 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

# Create system user for virtual accounts
useradd -s /sbin/nologin -d /var/ftproot vuser
chmod go+rx /var/ftproot

# /etc/vsftpd/vsftpd.conf (ensure the following)
anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
chroot_local_user=YES
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql

Per‑User Access Permissions

Enable per‑user configuration by setting user_config_dir=/etc/vsftpd/vusers_config in vsftpd.conf, then create a directory and individual files for each virtual user.

# mkdir /etc/vsftpd/vusers_config
# touch /etc/vsftpd/vusers_config/tom /etc/vsftpd/vusers_config/alice
# vim /etc/vsftpd/vusers_config/tom
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# vim /etc/vsftpd/vusers_config/alice
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO

Start Service

Enable vsftpd to start on boot and verify that port 21 is listening.

Test Virtual Users

Connect with the created virtual accounts to confirm proper permissions.

Conclusion

The guide demonstrates how to set up vsftpd with PAM and MySQL/MariaDB for virtual user access control, highlighting important configuration details and common pitfalls.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

pamFTPVirtual Usersvsftpd
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment