Quotas in vsftpd?

linux ftp vsftpd quota

I tried to configure user disk quotas for vsftpd.

I configured quotas for ftp virtual users using the "quota" package on debian (you know, by editing /etc/fstab and all that stuff). Internet told me that it's the only solution with vsftpd.

The problem is : when a file is uploaded on the ftp server, its ownser is ftp:nogroup, so the quota doesn't apply to my user, for example bob:bob.

I also tried to chown ftp:bob the target folder, and use group quota on bob group, but I didn't work

So I went straight to the FAQ and didn't find this :) Do you have any solution on this quota problem ?

Cheers, Mehdi


Solution 1:

Here are the steps you should take to set this up:

VSFTPd

Create the /etc/vsftd.conf file

#nano /etc/vsftpd.conf

listen=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
download_enable=yes
guest_enable=NO
write_enable=yes

#If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot()
chroot_local_user=no
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

Next create your chroot list to keep users from browsing outside of their home directory

#nano /etc/vsftpd.chroot_list

someusernamehere

SSH

Now since this user has a real account on the system (disk quotas don't work on virual users), you should update SSH if it’s running. Add the following at the bottom line and make sure that the user above is not listed (ie only list users you want to access the server via SSH):

#nano /etc/ssh/sshd_config

AllowUsers username1 username2

Preparing Mount Points

Will will now install and enable quotas

This shows how to do this per user and per group. By the way, quota support is enabled as the file systems are mounted so you’ll need to reboot your server when you complete the following steps. Please don’t do the on a remote machine unless you know exactly what you’re doing.

Perform the following as root or use sudo:

#nano /etc/fstab

You need to have the following in your fstab file (usrquota or grpquota). Here are some examples depending on how you installed your ubuntu server:

/dev/hda1       /home       ext2    defaults,usrquota  1       1

or

# /home was on /dev/sda3 during installation
UUID=fce47086-925c-4164-80a4-4ba6b307123b /home           ext4    defaults,usrquota        0       2

or

# /home was on /dev/sda3 during installation
UUID=fce47086-925c-4164-80a4-4ba6b307123b /home           ext4    defaults,usrquota,grpquota        0       2

You can remount by rebooting or using the following example:

#mount -o remount,usrquota /home

Check your mounts:

#mount | grep quota

Load the quota kernel module:

#modprobe quota_v2 echo 'quota_v2' >> /etc/modules

Setting up you Quotas

Install the quota package.

#apt-get install quota quotatool

Create the following files if they do not already exist. These files store your quota limits:

#touch /home/aquota.user 
#touch /home/aquota.group 
#chmod 600 /home/aquota.user /home/aquota.group

turn on quatacheck without rebooting:

# quotacheck -vagum

If your kernel supports journaled quota but you are not using it you’ll probably get an error. Use this command in that case:

# quotacheck -fvagum

Set limits for user:

#quotatool -u someusername -bq 100M -l '200 Mb' /home

The first value is a soft limit, the second is a hard limit. Note that if a user attempts to load a 100Mb text file and they are already over their softlimit by 20Mb, their text file will be truncated by 20Mb to keep them under the 200Mb hard limit.

Check quotas:

#repquota /home

If ever you wish to remove a quota for a user simply set their hard and soft limits to '0'.

I know it's a lot but that should do it! I ran through the process from scratch before publishing this just to be sure.

Solution 2:

Patrick did a good howto. I would add 2 things.

1.) quotatool is not mandatory 2.) If you dont have an own physical partition for you ftp-folders you can use loop-files. I did this and it works really nice

mkdir /usr/loop_device

  • Create a 50MB file f.e

dd if = /dev /zero of = /usr/loop_device/ld1 bs = 1024 count = 50000

  • Create a file system on it

mkfs.ext4 /usr/loop_device/ld1

  • Create a directory for the ftp user

mkdir /home_ftp

  • mount the Loopdevice it

  • add the following entry to the /etc/fstab

/usr/loop_device/ld1 /home_ftp/ ext4 rw,loop,usrquota,grpquota 0 0

i wroted it down here with screenshots:

http://infofreund.de/user_quotas_vsftpd_en/

Bye Chris

Solution 3:

Quotas work only with system users. So you need to configure vsftp to use system users, you can't use virtual users.

Edit :

Here is a quick and dirty configuration that works :

listen=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
download_enable=yes
anon_mkdir_write_enable=yes
guest_enable=NO
anon_world_readable_only=no
anon_upload_enable=yes
write_enable=yes
chroot_local_user=no
anon_other_write_enable=yes

Then use "quotacheck" to setup quotas. Don't forget to add the "userquota" option to your fstab.

Related

Windows 7: Delprof replacement for deleting profiles
FastCGI and Apache 500 error intermittently
How to deal with a stubborn sysadmin? [closed]
Interactive shell tips?
Easy multi-level authentication for sudo
SQL server in VMware
Looking for an open source real-time network analysis program
Cisco 877 as a VPN server?
Second ENI in AWS VPC is not accessible on Ubuntu instance
How can I disconnect ssh users, or limit the number of ssh logins?
Linux console is unusable when LDAP server is down
Can I optimize these APC settings more?