Setup of VSFTPD virtual users

If you are hosting several web sites, for security reason, you may want the webmasters to access their own files only. One of the good way is to give them FTP access by setup of VSFTPD virtual users and directories. This article describes how you can do that easily.
(See also: Setup of VSFTPD virtual users – another approach)

1. Installation of VSFTPD

For Red Hat, CentOS and Fedora, you may install VSFTPD by the command

# yum install vsftpd

For Debian and Ubuntu,

# apt-get install vsftpd

2. Virtual users and authentication

We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db’ format – a common database format. We need `db_load’ program. For CentOS, Fedora, you may install the package `db4-utils’:

# yum install db4-utils

For Ubuntu,

# apt-get install db4.2-util

To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:


Then execute the following command to create the actual database:

# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:

auth required db=/etc/vsftpd/virtual-users
account required db=/etc/vsftpd/virtual-users

3. Configuration of VSFTPD

Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,

# disables anonymous FTP
# enables non-anonymous FTP
# activates virtual users
# virtual users to use local privs, not anon privs
# enables uploads and new directories
# the PAM file used by authentication of virtual uses
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
# the virtual user is restricted to the virtual FTP area
# hides the FTP server user IDs and just display "ftp" in directory listings
# runs vsftpd in standalone mode
# listens on this port for incoming FTP connections
# the minimum port to allocate for PASV style data connections
# the maximum port to allocate for PASV style data connections
# controls whether PORT style data connections use port 20 (ftp-data)
# the umask for file creation

4. Creation of home directories

Create each user’s home directory in /var/www/virtual, and change the owner of the directory to the user `ftp’:

# mkdir /var/www/virtual/mary
# chown ftp:ftp /var/www/virtual/mary

5. Startup of VSFTPD and test
Now we can start VSFTPD by the command:

# /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf

and test the FTP access of a virtual user:

# lftp -u mary -p 60021

The virtual user should have full access to his directory.


  1. Erik Says:

    Great tutorial, but if the ftp server is up and running, how can I add and delete users?

  2. coolmig Says:

    This is fair easy:

    1. Redo some things of step 2:

    Update the plain text file `virtual-users.txt’ you did before with the usernames and passwords on alternating lines:


    Then execute again the following command to create the actual database:

    # db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

    Redo the step 4 for the new user folder:

    # mkdir /var/www/virtual/mynewuser
    # chown ftp:ftp /var/www/virtual/mynewuser

    That’ll do.

  3. vladimir Says:

    Great howto! Useful for a standalone set up but where can find one where I can set up virtual users and regular accounts all running on port 21? Meaning those with shell access and those without shell access can both use an ftp client on port 21.

    I use pair networks and I have ftp access for my shell account and can set up virtual ftp accounts all on port 21.

  4. babola Says:

    I’d like to know the same thing… How do I set up vsftpd so that regular users (those in /etc/passwd) AND virtual users have access? Thx, B.

  5. oscar Says:

    Excellent. Did it in 20 min. with ssl !!!!
    Easier than I thought

  6. dsc Says:

    How to I reset all pertinent config files resulting from previous attempts with other tutorials, in order to try a “pure” version of this one? I’m using centos. I’m not really hopeful that it would really make a difference, as this tutorial sets its own configuration files, so it shouldn’t be an issue, I guess. But anyway, if anyone knows about some easier way to do that (get rid of configuration files that may be conflicting), I’d like a lot to know. Thanks.

  7. jacob fich Says:

    I get this on debian lenny, when I run “db_load -T -t hash -f vsftpd_users.txt /etc/vsftpd/virtual-users.db”:

    bash: db_load: command not found


  8. jack Says:

    yeah im getting same error as jacob

    bash: db_load: command not found ??? any ideas im using ubuntu hardy

  9. jack Says:

    doesn’t matter i fixed it via using the following command

    db4.2_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

  10. Wirtualni userzy ftp w Ubuntu : Says:

    […] Źródło: […]

  11. Steen Says:

    I get this error when starting the ftp server:
    500 OOPS: could not bind listening IPv4 socket

    Can anyone help?

  12. Mariusz Nowak Says:

    Is there anyway to have domain centric authentication ?
    So domains and will have different users ?

  13. CentOS 5.5 vsftpd virtual users with pam_passwdfile, 530 login incorrect Says:

    […] Why mess with pam? You can use the scripts provided here to setup virtual users, or follow this howto if you prefer a more hands-on experience. […]

  14. Setup of VSFTPD virtual users - another approach | Linux for Fun Says:

    […] my last article, I described how to setup VSFTPD virtual users. In this article, I will describe another approach […]

  15. LHIX Says:

    I have followed these instructions Steps 1 through 4. When I try step 5, I get “500 OOPS: missing value in config file for: for each virtual user”. I’m using CentOS 5.6. I have removed vsftpd, rebooted and reinstalled. Again, I get the same message when trying to start vsftpd (Step 5). I copied the entire config text from Step 3 without making changes..

    Yes, I am a NOOB. Please Advise.

  16. sandajian Says:

    It seems your config file has some error, did you mis-delete the first ‘#’ in the first line beblow?

    # specifies a home directory for each virtual user

  17. LHIX Says:

    Found the issue – When I copied the configuration from Step 3, there was a return between “specifies a home directory” and “for each virtual user”.

    Also, on Step 4, I found I needed to use the switch “-p” to create the directory.


  18. Ftp login problem Says:

    […] Do you have a firewall blocking those ports? I tried what was in your other post and this one,, and that was what my first problem […]

  19. John Says:


    it worked for me but how can i combine this with SSL ?


  20. CS & IT Solutions » Blog Archive » how to Setup of VSFTPD with virtual users Says:

    […] Source Here […]

  21. Vsftpd virtual | Selvaganesh Says:

    […] Setup of VSFTPD virtual users | Linux for FunApr 5, 2008 … A simple instruction on setup of VSFTPD virtual users and directories. […]

  22. dilip Says:

    I want to convert the aboue virtual ftp users to LDAP user auth. Is it possible? If possible then how ? could it be possible to get the steps to do it.

    Note: I have a LDAP server to manage the users and for other systems i use ldap://

  23. dilip Says:

    Any body could answer me at the earliest……

  24. FTP users and directories Says:

    […] help on how to make virtual directories.…ies-in-vsftpd/ With these tutorials you will have to set a directory ex. /var/ftp and all the users will have a […]

  25. Shawn Says:

    Thank you, worked like a charm!

  26. Виртуальные пользователи vsftpd | Dormestmass Says:

    […] за основу (с вольным переводом и […]

  27. Installation et configuration de VSFTPD avec des utilisateurs virtuels | Pierre MOREAU Says:

    […] VSFTPD Virtual Users […]

  28. Instalar vsftpd con usuarios virtuales | El Hombre que Reventó de Información Says:

    […] […]

  29. Tran Quoc Toan Says:

    Im did step by step, but still cant connect from ftp client.
    Anyone can help me ?,
    Thanks you very muh

  30. oops Says:

    500 OOPS: vsftpd: refusing to run with writable root inside chroot()

  31. jpamps Says:

    I’m getting stuck at the end of step two.

    auth required db=/etc/vsftpd/virtual-users – this does not work for me.

    i get error ‘bash: auth: command not found…’ when i use the above command. anyone can help me?

  32. jpamps Says:

    nd… i got it. i’m such a noob

  33. auth command not found. Says:

    […] Thank you for the reply, I was trying to follow this tutorial. […]

  34. Eric Says:

    You should note that on Debian, after an upgrade to to Wheezy the configuration above stops working with ‘LOGIN failed’.

    In Wheezy, vsftpd won’t log because the pamd libraries have been moved to a different path.

    editing your etc/pam.d/vsftpd and changing the paths should solve the problem :

    auth required /lib/i386-linux-gnu/security/ db=/etc/vsftpd/virtual-users
    account required /lib/i386-linux-gnu/security/ db=/etc/vsftpd/virtual-users

    (change the /lib//lib/i386-linux-gnu/security according to your system).

    If you can’t easily find them :
    # sudo apt-get install locate (if you don’t already have locate installed)
    # sudo updatedb
    # locate

    That one had me searching a whole morning for the reason i couldn’t login in with vsftpd anymore, i though I’d share :)

Leave a comment