Description

This document explains how to install and set up the vsftpd FTP server.

Features:

• Supports local users
• Supports virtual users
• Allows chrooting (restricting users to a specific directory)
• Supports unsecure connections and TLS v1
• Supports both explicit and implicit TLS
• Can run multiple vsftpd instances

Does not include:

• Creation of SSL certificates and keys

Role Installation

$ git clone https://github.com/Xat59/ansible-role-vsftpd

Variables

• vsftpd_enable_local_users: Allows local user connections.
  Note: If vsftpd_enable_virt_users is 'true', this will also be set to 'true'.

  • Required: No
  • Default: true
  • Options: true or false

• vsftpd_chroot_local_users: Enables chrooting for local users.
  Note: Users must be chrooted in a valid path.

  • Required: No
  • Default: false
  • Options: true or false

• vsftpd_ftp_banner: The greeting message displayed when a user connects.

  • Required: No
  • Default: Private FTP server

• vsftpd_passive_min_port: Minimum port number for data connections. Useful for firewall settings.

  • Required: No

• vsftpd_passive_max_port: Maximum port number for data connections. Useful for firewall settings.

  • Required: No

• vsftpd_passive_address: IP address used for connections.

  • Required: No

• vsftpd_ssl_enabled: Controls SSL support.

  • Required: No
  • Default: false
  • Options: true or false

• vsftpd_ssl_privkey: Path to the SSL private key.

  • Required: Yes if SSL is enabled.

• vsftpd_ssl_certificate: Path to the SSL certificate.

  • Required: Yes if SSL is enabled.

• vsftpd_ssl_implicit: Controls implicit TLS.
  If enabled, SSL handshake occurs first on all connections (FTPs); if disabled, explicit TLS is used (FTPes).

  • Required: No
  • Default: true
  • Options: true or false

• vsftpd_systemd_service_name: Name for the vsftpd instance.
  Note: Changing this will also change the config and service file names.

  • Required: No
  • Default: vsftpd

• vsftpd_guest_username: Maps guest logins to the specified real user.

  • Required: No

• vsftpd_enable_virt_users: Allows virtual users for this instance.
  Note: Setting this to 'true' will also set vsftpd_chroot_local_users to 'true'.

  • Required: No. Must be set to 'True' if defining virtual users.
  • Default: false
  • Options: true or false

• vsftpd_no_log: Turns off logging for tasks that manage sensitive information.

  • Required: No.
  • Default: true
  • Options: true or false

• vsftpd_virt_users: List of virtual users with specific settings.

  • Required: No

    User Parameters:

    • username: Virtual user name (Required)
    • password: Virtual user password (Required)
    • local_root: User's home directory (Optional)
    • write_enable: Permission to write (Optional)
    • guest_username: Maps to a local user (Optional)

    Example: See below.

Usage

• For Unsecure FTP

---
- hosts: host01
  gather_facts: yes
  become: yes
    - role: ansible-role-vsftpd

• For Secure FTP with explicit TLS (FTPes)

---
- hosts: host01
  gather_facts: yes
  become: yes
    - role: ansible-role-vsftpd
      vsftpd_ssl_enabled: true
      vsftpd_ssl_privkey: /etc/vsftpd/ssl/vsftpd.key
      vsftpd_ssl_certificate: /etc/vsftpd/ssl/vsftpd.crt
      vsftpd_ssl_implicit: false

• For Secure FTP with implicit TLS (FTPs)

---
- hosts: host01
  gather_facts: yes
  become: yes
    - role: ansible-role-vsftpd
      vsftpd_ssl_enabled: true
      vsftpd_ssl_privkey: /etc/vsftpd/ssl/vsftpd.key
      vsftpd_ssl_certificate: /etc/vsftpd/ssl/vsftpd.crt
      vsftpd_ssl_implicit: true

• For Unsecure FTP with virtual users

---
- hosts: host01
  gather_facts: yes
  become: yes
    - role: ansible-role-vsftpd
      vsftpd_enable_virt_users: true
      vsftpd_virt_users:
        - username: xat
          password: xat
          guest_username: www-data
          local_root: /var/www/
          write_enable: yes
        - username: jdoe
          password: jdoe
          guest_username: www-data
          local_root: /var/www
          write_enable: no

Contribute

Roadmap