mikeplate/setup-vsftpd.sh

## setup-vsftpd.sh
#!/bin/bash
#
# This script is used to set up vsftpd for multiple virtual users with predefined passwords
# fetched from a text file. The vsftpd configuration file that is outputted enforces
# FTP Explicit TLS for all client connections.
#
# The text file with predefined users and passwords must have the following format:
# <username>:<password>
#
userfile=users.txt
wwwpath=/srv/ftp
configfile=/etc/vsftpd.conf
passwdfile=/etc/vsftpd.passwd
certfile=/etc/vsftpd.pem

if [ ! -f $userfile ]; then
    echo "The file $userfile is missing"
    exit
fi

if [ ! -d $wwwpath ]; then
    echo "The directory $wwwpath is missing"
    exit
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script is designed to run as root"
    exit
fi

apt-get -y install vsftpd apache2-utils libpam-pwdfile

touch $passwdfile

while read userline
do
    if [ ${#userline} -gt 2 ]; then
        username=${userline%:*}
        password=${userline#*:}
        mkdir -p "$wwwpath/$username"
        htpasswd -bd $passwdfile $username $password
    fi
done < $userfile
chmod 600 $passwdfile

openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout $certfile -out $certfile
chmod 600 $certfile

tee "$configfile" > /dev/null << EOF
anonymous_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
guest_enable=YES
guest_username=www-data
hide_ids=YES
listen=YES
local_enable=YES
local_root=$wwwpath/\$USER
local_umask=0022
pam_service_name=vsftpd
secure_chroot_dir=/var/run/vsftpd
user_sub_token=\$USER
virtual_use_local_privs=YES
write_enable=YES
xferlog_enable=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=$certfile
EOF
chmod 600 $configfile

tee "/etc/pam.d/vsftpd" > /dev/null << EOF
auth    required pam_pwdfile.so pwdfile $passwdfile
account required pam_permit.so
EOF
	#!/bin/bash
	#
	# This script is used to set up vsftpd for multiple virtual users with predefined passwords
	# fetched from a text file. The vsftpd configuration file that is outputted enforces
	# FTP Explicit TLS for all client connections.
	#
	# The text file with predefined users and passwords must have the following format:
	# <username>:<password>
	#
	userfile=users.txt
	wwwpath=/srv/ftp
	configfile=/etc/vsftpd.conf
	passwdfile=/etc/vsftpd.passwd
	certfile=/etc/vsftpd.pem

	if [ ! -f $userfile ]; then
	echo "The file $userfile is missing"
	exit
	fi

	if [ ! -d $wwwpath ]; then
	echo "The directory $wwwpath is missing"
	exit
	fi

	if [ "$(id -u)" != "0" ]; then
	echo "This script is designed to run as root"
	exit
	fi

	apt-get -y install vsftpd apache2-utils libpam-pwdfile

	touch $passwdfile

	while read userline
	do
	if [ ${#userline} -gt 2 ]; then
	username=${userline%:*}
	password=${userline#*:}
	mkdir -p "$wwwpath/$username"
	htpasswd -bd $passwdfile $username $password
	fi
	done < $userfile
	chmod 600 $passwdfile

	openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout $certfile -out $certfile
	chmod 600 $certfile

	tee "$configfile" > /dev/null << EOF
	anonymous_enable=NO
	chroot_local_user=YES
	connect_from_port_20=YES
	guest_enable=YES
	guest_username=www-data
	hide_ids=YES
	listen=YES
	local_enable=YES
	local_root=$wwwpath/\$USER
	local_umask=0022
	pam_service_name=vsftpd
	secure_chroot_dir=/var/run/vsftpd
	user_sub_token=\$USER
	virtual_use_local_privs=YES
	write_enable=YES
	xferlog_enable=YES
	ssl_enable=YES
	allow_anon_ssl=NO
	force_local_data_ssl=NO
	force_local_logins_ssl=YES
	ssl_tlsv1=YES
	ssl_sslv2=NO
	ssl_sslv3=NO
	rsa_cert_file=$certfile
	EOF
	chmod 600 $configfile

	tee "/etc/pam.d/vsftpd" > /dev/null << EOF
	auth required pam_pwdfile.so pwdfile $passwdfile
	account required pam_permit.so
	EOF