Reflection of the process, install vsftpd and assign the user group/folder
Need to properly add the user and the user group as well as user’s directory
User directory chown and chmod need to be correct
Properly setup the passive forward and passive ports
The firewall issue
The certificate and key issue (in the example it’s the same PEM file...)
Possible routine for the FTP
- Install server
- Add user
- Change user password
- Change user directory
- Change user group
- Change directory ownership
- Set passive mode
pasv_enable=Yes
pasv_max_port=10091
pasv_min_port=10091 - Set firewall to open 21 and 10091
- Generate the certificate and key, .conf correct setup
- FTP set to require explicit FTP over TLS
Use TLS / SSL to secure the connection
http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29#Generate_a_Certificate
[root@vps] openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout /etc/vsftpd/vsftpd.pem \
-out /etc/vsftpd/vsftpd.pem
To configure vsftpd you edit the file /etc/vsftpd/vsftpd.conf and add the following lines:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Vsftpd config passive mode
To configure passive mode for vsftpd you need to
set some parameters in vsftpd.conf.
pasv_enable=Yes
pasv_max_port=20100
pasv_min_port=20090
Otherwise it’ll come with directory list error.
Ubuntu change user home directory
# You either need to be logged on as root, not recommended, or prefix the command with sudo. The command does not create the folder so you will need to create it first.
cd /home
sudo mkdir peter
sudo chown peter:peter peter
sudo usermod -d /home/peter peter
If want to
move current user directory to new:
sudo usermod -d new_home_dir -m username
Linux user group etc.
Linux: Show All Members of a Group
The /etc/group file is a text file that defines the groups on the Linux and Unix based systems. You can simply query this file to find and list all members of a group.
- /etc/group file – User group file
- members command – List members of a group
- lid command – List user’s groups or group’s users
Linux: List all members of a group using /etc/group file
# Use grep command as follows:
$ grep 'grpup-name-here' /etc/group
$ grep 'ftponly' /etc/group
$ grep -i --color 'ftponly' /etc/group
# Sample outputs:
ftponly:x:1001:raj,vivek,archana,sai,sayali
To get just a list of all members of a group called ftponly, type:
| awk -F':' '/ftponly/{print $4}' /etc/group |
Other ways:
# All users:
$ getent passwd
# All groups:
$ getent group
# All groups with a specific user:
$ getent group | grep username
Understanding the /etc/passwd file
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
Task: See User List
/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd
/etc/passwd file permission
The permission on the /etc/passwd file should be read only to users (-rw-r–r–) and the owner must be root:
$ ls -l /etc/passwd
Output:
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd
Vsftpd install
https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps
Command to list all users with their UID?
http://askubuntu.com/questions/645236/command-to-list-all-users-with-their-uid
Awk way
List all users with a /home folder:
awk -F: '/\/home/ {printf "%s:%s\n",$1,$3}' /etc/passwd
or all users with a UID >= 1000:
awk -F: '($3 >= 1000) {printf "%s:%s\n",$1,$3}' /etc/passwd
a combination
awk -F: '/\/home/ && ($3 >= 1000) {printf "%s:%s\n",$1,$3}' /etc/passwd
or for all entries
awk -F: '{printf "%s:%s\n",$1,$3}' /etc/passwd
A command to list all users? And how to add, delete, modify users?
http://askubuntu.com/questions/410244/a-command-to-list-all-users-and-how-to-add-delete-modify-users
To list all users you can use:
cut -d: -f1 /etc/passwd
To add a new user you can use:
sudo adduser
new_username
or:
sudo useradd
new_username
See also: What is the difference between adduser and useradd?
To remove/delete a user, first you can use:
sudo userdel
username
Then you may want to delete the home directory for the deleted user account :
sudo rm -r /home/
username
(Please use with caution the above command!)
To modify the username of a user:
usermod -l
new_username old_username
To change the password for a user:
sudo passwd
username
To change the shell for a user:
sudo chsh
username
To change the details for a user (for example real name):
sudo chfn
username
And, of course, see also: man adduser, man useradd, man userdel... and so on.