Vsftpd
Download Source: | ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.5.tar.gz |
---|---|
Download Patch | http://svn.cross-lfs.org/svn/repos/patches/vsftpd/vsftpd-2.0.5-syscall-1.patch |
Contents
Introduction to Vsftpd
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable.
Project Homepage: http://vsftpd.beasts.org/
Dependencies
Recommended
Optional
Add the vsftpd User / Group
groupadd -g 47 vsftpd && useradd -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd
Add the ftp User / Group
groupadd -g 45 ftp && useradd -c "Anonymous FTP User" -d /home/ftp -g ftp -s /bin/false -u 45 ftp && install -dv -m0755 /home/ftp
Non-Multilib
Enable TCP Wrappers Support with the following command:
sed -i "/VSF_BUILD_TCPWRAPPERS/s/^#undef/#define/" builddefs.h
Adjust the default path to the secure chroot dir and change the default unprivilged user from nobody to vsftpd:
sed -i -e '/secure_chroot_dir/s:".*".$:"/var/ftp/empty";:' \ -e '/nopriv_user/s:".*".$:"vsftpd";:' tunables.c
Compile the package:
patch -Np1 -i ../vsftpd-2.0.5-syscall-1.patch && sed -i -e '/LIBS.*=/s:`:$(shell :' -e '/LIBS.*=/s:`:):' Makefile && make
Install the package:
install -v -m755 vsftpd /usr/sbin/vsftpd && install -v -m644 vsftpd.8 /usr/share/man/man8 && install -v -m644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m644 vsftpd.conf /etc
Multilib
This package does not provide any libraries so only one installation is needed.
32Bit
Enable TCP Wrappers Support with the following command:
sed -i "/VSF_BUILD_TCPWRAPPERS/s/^#undef/#define/" builddefs.h
Adjust the default path to the secure chroot dir and change the default unprivilged user from nobody to vsftpd:
sed -i -e '/secure_chroot_dir/s:".*".$:"/var/ftp/empty";:' \ -e '/nopriv_user/s:".*".$:"vsftpd";:' tunables.c
Compile the package:
patch -Np1 -i ../vsftpd-2.0.5-syscall-1.patch && sed -i -e '/LIBS.*=/s:`:$(shell :' -e '/LIBS.*=/s:`:):' Makefile && make CC="gcc ${BUILD32}"
Install the package:
install -v -m755 vsftpd /usr/sbin/vsftpd && install -v -m644 vsftpd.8 /usr/share/man/man8 && install -v -m644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m644 vsftpd.conf /etc
N32
Enable TCP Wrappers Support with the following command:
sed -i "/VSF_BUILD_TCPWRAPPERS/s/^#undef/#define/" builddefs.h
Adjust the default path to the secure chroot dir and change the default unprivilged user from nobody to vsftpd:
sed -i -e '/secure_chroot_dir/s:".*".$:"/var/ftp/empty";:' \ -e '/nopriv_user/s:".*".$:"vsftpd";:' tunables.c
Compile the package:
patch -Np1 -i ../vsftpd-2.0.5-syscall-1.patch && sed -i "s:lib/:lib32/:g" vsf_findlibs.sh && sed -i -e '/LIBS.*=/s:`:$(shell :' -e '/LIBS.*=/s:`:):' Makefile && make CC="gcc ${BUILDN32}"
Install the package:
install -v -m755 vsftpd /usr/sbin/vsftpd && install -v -m644 vsftpd.8 /usr/share/man/man8 && install -v -m644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m644 vsftpd.conf /etc
64Bit
Enable TCP Wrappers Support with the following command:
sed -i "/VSF_BUILD_TCPWRAPPERS/s/^#undef/#define/" builddefs.h
Adjust the default path to the secure chroot dir and change the default unprivilged user from nobody to vsftpd:
sed -i -e '/secure_chroot_dir/s:".*".$:"/var/ftp/empty";:' \ -e '/nopriv_user/s:".*".$:"vsftpd";:' tunables.c
Compile the package:
patch -Np1 -i ../vsftpd-2.0.5-syscall-1.patch && sed -i "s:lib/:lib64/:g" vsf_findlibs.sh && sed -i -e '/LIBS.*=/s:`:$(shell :' -e '/LIBS.*=/s:`:):' Makefile && make CC="gcc ${BUILD64}"
Install the package:
install -v -m755 vsftpd /usr/sbin/vsftpd && install -v -m644 vsftpd.8 /usr/share/man/man8 && install -v -m644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m644 vsftpd.conf /etc
Configuring
Create the jail directory:
install -dv -m755 /var/ftp/empty
Create the ftp root directory:
install -dv -m775 -ovsftpd -gvsftpd /srv/ftp
If you built vsftpd against pam, Which you did unless you explicitly disabled it, you also need to create a rule for ftp.
cat > /etc/pam.d/ftp << "EOF" #%PAM-1.0 # # The common PAM configuration file for ftp # auth required pam_listfile.so item=user sense=allow file=/etc/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 EOF
This pam configuration file will only allow logins for users listed in /etc/ftpusers. One user per line.
There are 2 ways to run the vsftpd daemon. The first method is to have xinetd spawn an individual process for each incoming connection. The second method is to run vsftpd as a daemon and let it manage that itself.
Xinetd
Ensure that you have xinetd installed then create the service file:
cat > /etc/xinetd.d/vsftpd << "EOF" # Begin /etc/xinetd.d/vsftpd service ftp { disable = no wait = no socket_type = stream user = root server = /usr/sbin/vsftpd nice = 10 } # End /etc/xinetd.d/vsftpd EOF
Bootscript
Install the bootscript from the Bootscripts package with the following command:
make install-vsftpd
You also need to add the following to /etc/vsftpd.conf
cat >> /etc/vsftpd.conf << "EOF" background=YES listen=YES EOF