Q) Can I restrict users to their home directories?
A) Yes You are probably after the setting:
chroot_local_user=YES
Q) Does vsftpd support a limit on the number of users connected?
A) Yes indirectly vsftpd is an inetdbased service If use the popular
xinetd as your inetd this supports perservice perIP connection limits
There is an example of this in the EXAMPLE directory
A) If you run vsftpd in standalone mode with the setting listen=YES then
you can investigate the setting (eg):
max_clients=
Q) Help! Im getting the error message refusing to run with writable anonymous
root
A) vsftpd is protecting against dangerous configurations The cause of this
message is usually dodgy ownership of the ftp home directory The home
directory should NOT be owned by the ftp user itself Neither should it
be writable by the ftp user A way to fix this is:
chown root ~ftp; chmod w ~ftp
Q) Help! Im getting the error message str_getpwnam
A) The most likely cause of this is that the nobody user does not exist on
your system vsftpd needs this user to run bits of itself with no privilege
Q) Help! Local users cannot log in
A) There are various possible problems
A) By default vsftpd disables any logins other than anonymous logins Put
local_enable=YES in your /etc/nf to allow local users to log in
A) vsftpd tries to link with PAM (Run ldd vsftpd and look for libpam to
find out whether this has happened or not) If vsftpd links with PAM then
you will need to have a PAM file installed for the vsftpd service There is
a sample one for RedHat systems included in the RedHat directory put it
under /etc/pamd
A) If vsftpd didnt link with PAM then there are various possible issues Is
the users shell in /etc/shells? If you have shadowed passwords does your
system have a shadowh file in the include path?
A) If you are not using PAM then vsftpd will do its own check for a valid
user shell in /etc/shells You may need to disable this if you use an invalid
shell to disable logins other than FTP logins Put check_shell=NO in your
/etc/nf
Q) Help! Uploads or other write commands give me Unknown command
A) By default write commands including uploads and new directories are
disabled This is a security measure To enable writes put write_enable=YES
in your /etc/nf
Q) Help! What are the security implications referred to in the
chroot_local_user option?
A) Firstly note that other ftp daemons have the same implications It is a
generic problem
The problem isnt too severe but it is this: Some people have FTP user
accounts which are not trusted to have full shell access If these
accounts can also upload files there is a small risk A bad user now has
control of the filesystem root which is their home directory The ftp
daemon might cause some config file to be read eg /etc/some_file With
chroot() this file is now under the control of the user vsftpd is
careful in this area But the systems libc might want to open locale
config files or other settings
Q) Help! Uploaded files are appearing with permissions rw
A) Depending on if this is an upload by a local user or an anonymous user
use local_umask or anon_umask to change this For example use
anon_umask= to give anonymously uploaded files permissions
rwrr Note that the before the is important
Q) Help! How do I integrate with LDAP users and logins?
A) Use vsftpds PAM integration to do this and have PAM authenticate against
an LDAP repository
Q) Help! Does vsftpd do virtual hosting setups?
A) Yes If you integrate vsftpd with xinetd you can use xinetd to bind to
several different IP addresses For each IP address get xinetd to launch
vsftpd with a different config file This way you can get different behaviour
per virtual address
A) Alternatively run as many copies as vsftpd as necessary in standalone
mode Use listen_address=xxxx to set the virtual IP
Q) Help! Does vsftpd support virtual users?
A) Yes via PAM integration Set guest_enable=YES in /etc/nf This
has the effect of mapping every nonanonymous successful login to the local
username specified in guest_username Then use PAM and (eg) its pam_userdb
module to provide authentication against an external (ie non/etc/passwd)
repository of users
Note currently there is a restriction that with guest_enable enabled local
users also get mapped to guest_username
There is an example of virtual users setup in the EXAMPLE directory
Q) Help! Does vsftpd support different settings for different users?
A) Yes in a very powerful way Look at the setting user_config_dir in the
manual page
Q) Help! Can I restrict vsftpd data connections to a specific range of ports?
A) Yes See the config settings pasv_min_port and pasv_max_port
Q) Help! Im getting the message OOPS: chdir
A) If this is for an anonymous login check that the home directory for the
user ftp is correct If you are using the config setting anon_root check
that is correct too
