vsftpd-chroot-nginx.as

=== VSFTPd with chroot and nginx compatibility ===

* curator: Mayur Pipaliya [ mayur {at} pipaliya {dot} com ]
* copyleft (ɔ) distribute, alter and use at your own risk.
* apply necessary alternation accordingly.


~~ Install vsftpd, nginx & nano editor ~~

$ sudo apt-get install vsftpd nginx nano


* To create user files, enable root by default and adding banner file.
$ sudo echo root >> /etc/vsftpd.chroot_list
$ sudo echo root >> /etc/vsftpd.user_list
$ sudo echo vsftpd to rescue! > /etc/vsftpd.banner

* To backup & add vsftpd configuration
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak && sudo echo > vsftpd.conf
$ sudo nano /etc/vsftpd

-- vsftpd config snap --
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO

chroot_local_user=NO

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
banner_file=/etc/vsftpd.banner
userlist_enable=YES
userlist_deny=NO

pam_service_name=vsftpd

allow_writeable_chroot=YES
pasv_enable=Yes
pasv_max_port=40000
pasv_min_port=40100
pasv_addr_resolve=YES

# ssl_enable=Yes
pasv_address=0.0.0.0
listen_port=21
-- /vsftpd config snap --



~ To Add FTP User & associate it with domain
** "/var/www/domain1.com" is home directory for domain 'domain1.com' and ftpuser named as `domain1`
** Assuming we are having nginx web server, ftp user should be under group 'nginx' to comply with user/group permissions.

$ sudo mkdir /var/www/domain1.com
$ sudo useradd --home /var/www/domain1.com --group nginx --shell /bin/sh domain1
$ sudo chmown -R domain1:nginx /var/www/domain1.com

$ sudo echo domain1 >> /etc/vsftpd.chroot_list
$ sudo echo domain1 >> /etc/vsftpd.user_list



* Setting up password
$ sudo passwd domain1




---
* To debug vsftpd
$ sudo tail  -f /var/log/vsftpd.log

* To restart vsftpd
$ sudo service vsftpd restart

* To check vsftpd status
$ sudo netstat -tunpl | grep vsftpd && ps aux | grep vsftpd