FTP server in Ubuntu 14.04(530 login incorrect and chroot)

■Environment:

Ubuntu 14.04.1 LTS + vsftpd 3.0.2-1ubuntu2.14.04.1

■ Create a user for ftp.

#adduser ftpuser  (NOT useradd!!!!)
#passwd ftpuser

Note: if useradd command is mistakenly used,”530 login incorrect.” will occur when ftp login.(Even the home directory is added manually,there is a high risk that the directory permission is not properly set,which also will cause the “530 login incorrect. “).

■No chroot

root@localhost:/home# cat /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=NO
check_shell=NO
chroot_list_enable=NO

■Chroot

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
check_shell=NO
chroot_list_enable=NO

■About chroot

chroot_list_enable chroot_local_user Who are placed in chroot() jail
NO NO No one
NO YES All users
YES NO All users listed in /etc/vsftpd.chroot
NO YES All users except thoses listed in /etc/vsftpd.chroot_list

■FTPS configuration

We can use the certificate from letsencrypt.

ssl_enable=YES
rsa_cert_file=/etc/letsencrypt/live/b.changchao.me/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/b.changchao.me/privkey.pem
ssl_sslv2=YES
ssl_sslv3=YES
ssl_tlsv1=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES