■Environment:
Ubuntu 14.04.1 LTS + vsftpd 3.0.2-1ubuntu2.14.04.1
■ Create a user for ftp.
#adduser ftpuser (NOT useradd!!!!)
#passwd ftpuser
Note: if useradd command is mistakenly used,”530 login incorrect.” will occur when ftp login.(Even the home directory is added manually,there is a high risk that the directory permission is not properly set,which also will cause the “530 login incorrect. “).
■No chroot
root@localhost:/home# cat /etc/vsftpd.conf listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 use_localtime=YES xferlog_enable=YES connect_from_port_20=YES ascii_upload_enable=YES ascii_download_enable=YES chroot_local_user=NO check_shell=NO chroot_list_enable=NO
■Chroot
listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 use_localtime=YES xferlog_enable=YES connect_from_port_20=YES ascii_upload_enable=YES ascii_download_enable=YES chroot_local_user=YES allow_writeable_chroot=YES check_shell=NO chroot_list_enable=NO
■About chroot
| chroot_list_enable | chroot_local_user | Who are placed in chroot() jail |
|---|---|---|
| NO | NO | No one |
| NO | YES | All users |
| YES | NO | All users listed in /etc/vsftpd.chroot |
| NO | YES | All users except thoses listed in /etc/vsftpd.chroot_list |
■FTPS configuration
We can use the certificate from letsencrypt.
ssl_enable=YES
rsa_cert_file=/etc/letsencrypt/live/b.changchao.me/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/b.changchao.me/privkey.pem
ssl_sslv2=YES
ssl_sslv3=YES
ssl_tlsv1=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES