nethserver-vsftpd¶
The FTP module uses the vsftpd daemon. It is accessible only from local network and it is disabled by default.
It supports both virtual and system users, but not at the same time.
All virtual home directories are created inside /var/lib/nethserver/ftp
.
The daemon will run as ftp
user with passive mode enabled.
Virtual users¶
Virtual users are enabled by default.
Add a new user¶
Create a record inside the accounts db and activate changes:
db accounts set <user> ftp status enabled Password <pass> Chroot enabled
signal-event nethserver-vsftpd-save
The event will generate /etc/vsftpd/ftpusers.db
(Berkeley db) containing all user credentials.
The db is used for pam authentication (see: /etc/pam.d/vsftpd-virtual
).
Properties:
status
: can beenabled
ordisabled
. Ifenabled
, the user can access the ftp serverPassword
: the user password in clear text, can not be blankChroot
: can beenabled
ordisabled
. Ifenabled
, the user will be chrooted to/var/lib/nethserver/ftp/<user>
directory. Ifdisabled
the user is not chrooted. ATTENTION: non-chrooted users can explore the entire file systemChrootDir
: set a custom ChrootDir, it may be used to chroot a user inside a shared folder
System users¶
Warning
This configuration is highly discouraged, because user’s password is transmitted in clear text
After enabling system users, all virtual users will be disabled.
Enable system users:
config setprop vsftpd UserType system
signal-event nethserver-vsftpd-save
Enable an existing system user to access FTP server:
db accounts setprop myuser FTPAccess enabled
db accounts setprop myuser Shell /bin/bash
signal-event user-modify myuser
Apply configuration:
signal-event nethserver-vsftpd-save
To disable an already enabled user:
db accounts setprop myuser FTPAccess disabled
signal-event nethserver-vsftpd-save
If not explicitly disabled, all system users are chrooted inside their home directories. To disable a chroot for a system user:
db accounts setprop myuser FTPChroot disabled
signal-event nethserver-vsftpd-save
Custom chroot¶
When the FTP server uses system users, custom chroot is not supported: all users are chrooted inside their own home directory. Although it’s possible to change a system user home directory. Use the command below if the system user will used only for FTP access:
lusermod -d <your_custom_home> <user>