For those of you who don’t know vsftpd is probably the most secure ftp out there right now. As a whole I think that ftp is going the way of telnet, but it seems that developers still use it quite a bit (at least that’s what my developers tell me). So anyway, if you have to use an ftp server, I highly recommend vsftpd.
Onto the topic at hand: Virtual Users. One of the outstanding security features of vsftpd is the ability to have virtual users that can connect to the ftp server. From a security standpoint this helps to lock down server access via other means (ssh, telnet, etc) because the users are restricted to only that ftp server. In addition, you can also lock the ftp users into the directory of your choosing, which also prevents unauthorized file-system browsing.
While setting this up I had a hard time finding a cohesive set of instructions on how to do this (one that newer than 2009 at least). They way I settled on seems to be only one possible way, but uses db to generate a database file that is used to lookup usernames and passwords. I am going to make the instructions as generic as possible so that it applies to as many *NIX platforms and distributions as possible.
»Read More
