Differences
This shows you the differences between the selected revision and the current version of the page.
howto:vsftpd 2009/02/04 23:11 | howto:vsftpd 2017/09/06 18:38 current | ||
---|---|---|---|
Line 2: | Line 2: | ||
I like "vim" as my editor and have that installed so I will use that but feel free to use any other editor like "joe" if you feel more comfortable with it. Thanks to fonz for helping me out with my installation. This wouldn't be possible without him! | I like "vim" as my editor and have that installed so I will use that but feel free to use any other editor like "joe" if you feel more comfortable with it. Thanks to fonz for helping me out with my installation. This wouldn't be possible without him! | ||
- | ====== Why USE VSFTP? ====== | ||
- | Well you may have a different reason but mine was that I simply wanted more control over my ftp client and I wanted to force my users to use some sort of encryption. I have the DNS-321 which is a great little device and according to my reading these instructions should work for the dns-323 and well any CH3SNAS device. | ||
+ | ====== Why Use VSFTP? ====== | ||
+ | Well, you may have a different reason but mine was that I simply wanted more control over my ftp client. I also wanted to force my users to use some sort of encryption. I have the DNS-321 which is a great little device and according to my reading these instructions should work for the DNS-323, DNS-343, and probably any CH3SNAS device. | ||
- | ====== How to vsftpd ====== | ||
- | First step is of course install fun-plug. | + | |
- | You can find the wiki [[http://wiki.dns323.info/howto:fun_plug]] and that should get you going. | + | ====== How to Set Up VSFTPD ====== |
- | or you can use these instructions [[http://www.iterasi.net/openviewer.aspx?sqrlitid=1hqeasef7eavz8rdkus60a]] which were the original ones I used. | + | |
+ | The first step is to install fun_plug. You can find the wiki [[http://dns323.kood.org/]] and that should get you going. | ||
+ | Or you can use these instructions [[http://www.iterasi.net/openviewer.aspx?sqrlitid=1hqeasef7eavz8rdkus60a]] which were the original ones I used. | ||
Line 92: | Line 93: | ||
By the way these must be real users on your box. If they dont exist you must create them. | By the way these must be real users on your box. If they dont exist you must create them. | ||
- | ====== Adding Users to your box ====== | ||
- | You can check which users exist in your box by seeing the contents of your /etc/passd file | + | ====== Adding Users to Your Box ====== |
- | By default after installation of fun-plug yours should look like this | + | You can check which users exist on your box by seeing the contents of your /etc/passwd file. |
+ | |||
+ | After installation of fun_plug, your default user list should look like this: | ||
<code bash> | <code bash> | ||
Line 106: | Line 108: | ||
</code> | </code> | ||
- | now we add a user using the useradd command heres a brief example | + | Now we add a user via the useradd command. Here is an example: |
-d = home directory this is where your user will be chrooted | -d = home directory this is where your user will be chrooted | ||
-s = shell /bin/sh is like a false shell to my understanding | -s = shell /bin/sh is like a false shell to my understanding | ||
Line 113: | Line 115: | ||
useradd bob | useradd bob | ||
passwd bob (enter your password twice) | passwd bob (enter your password twice) | ||
- | usermod - d /mnt/HD_a2/bob | + | usermod -d /mnt/HD_a2/bob bob |
- | usermod -s /bin/sh | + | usermod -s /bin/sh bob |
</code> | </code> | ||
- | Ok now we added our user bob so we can see the /etc/passwd file has changed. | + | Ok now user bob is added, so we can see the /etc/passwd file has changed: |
<code bash> | <code bash> | ||
Line 129: | Line 131: | ||
- | :!: But wait don't go too fast! | + | :!: But wait! Don't go too fast! |
- | We need to save our changes because if we reboot now that user we just added will go bye-bye. | + | We need to save our changes because if we reboot now that new user go bye-bye. Save changes with: |
<code bash> | <code bash> | ||
Line 137: | Line 139: | ||
- | Ok at this point we have our users, user_list and chrootlist files, our log directory set up, our chroot directory set up, and the pachkage installed. The last thing that needs to be done is to set up the certificate file and key, configure the server and write our startup script. We are almost there I promise. | + | Now we have our users, user_list, and chrootlist files, our log directory set up, our chroot directory set up, and the package installed. The last things that need to be done are to set up the certificate file and key, configure the server, and write our startup script. We are almost done, I promise. |
- | + | ||
====== To create your ssl key and crt files ====== | ====== To create your ssl key and crt files ====== | ||
Line 148: | Line 148: | ||
<code bash> | <code bash> | ||
cd /ffp/pkg/ | cd /ffp/pkg/ | ||
- | rsync -av --delete inreto.de::dns323/fun-plug/0.5/packages/openssl-0.9.8h-1.tgz . | + | rsync -av --delete inreto.de::dns323/fun-plug/0.5/packages/openssl-0.9.8k-1.tgz . |
</code> | </code> | ||
(note the version number at the time of my install this was the latest and greatest) | (note the version number at the time of my install this was the latest and greatest) | ||
Line 156: | Line 156: | ||
<code bash> | <code bash> | ||
- | funpkg -i openssl-0.9.8h-1.tgz | + | funpkg -i openssl-0.9.8k-1.tgz |
</code> | </code> | ||
Line 223: | Line 223: | ||
This completes the SSL portion lets move on to the configuration | This completes the SSL portion lets move on to the configuration | ||
+ | |||
+ | ====== Alternate Creation of SSL ====== | ||
+ | |||
+ | Another way to create the SSL is to use the following command: | ||
+ | <code bash> | ||
+ | openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem | ||
+ | </code> | ||
+ | |||
Line 251: | Line 259: | ||
xferlog_file=/ffp/var/log/vsftpdxf.log | xferlog_file=/ffp/var/log/vsftpdxf.log | ||
vsftpd_log_file=/ffp/var/log/vsftpd.log | vsftpd_log_file=/ffp/var/log/vsftpd.log | ||
- | idle_session_timeout=600 | + | idle_session_timeout=600 |
- | data_connection_timeout=120 | + | data_connection_timeout=120 |
- | nopriv_user=nobody | + | nopriv_user=nobody |
- | ascii_upload_enable=YES | + | ascii_upload_enable=YES |
- | ascii_download_enable=YES | + | ascii_download_enable=YES |
ftpd_banner=Your Fancy Banner Here! | ftpd_banner=Your Fancy Banner Here! | ||
#The following will allow you to put specific users in a chroot so that they cant move back from the chroot dir | #The following will allow you to put specific users in a chroot so that they cant move back from the chroot dir | ||
- | chroot_list_enable=YES | + | chroot_list_enable=YES |
#file to keep the chroot users | #file to keep the chroot users | ||
- | chroot_list_file=/ffp/etc/vsftpd/vsftpd.chroot_list | + | chroot_list_file=/ffp/etc/vsftpd/vsftpd.chroot_list |
- | userlist_deny=NO | + | userlist_deny=NO |
- | userlist_enable=YES | + | userlist_enable=YES |
#file to keep all users able to access ftp | #file to keep all users able to access ftp | ||
- | userlist_file=/ffp/etc/vsftpd/vsftpd.user_list | + | userlist_file=/ffp/etc/vsftpd/vsftpd.user_list |
- | #background=YES | + | #background=YES |
#enable the listen to allow the ftp to listen we use this also so that we can write a startup script... | #enable the listen to allow the ftp to listen we use this also so that we can write a startup script... | ||
- | listen=YES | + | listen=YES |
- | #pasv_promiscuous=YES | + | #pasv_promiscuous=YES |
- | pasv_enable=YES | + | pasv_enable=YES |
- | pasv_min_port=5000 | + | pasv_min_port=5000 |
- | pasv_max_port=5500 | + | pasv_max_port=5500 |
# You should not need this if you not going to use it through the web | # You should not need this if you not going to use it through the web | ||
- | pasv_address=YOUR.PUBLIC.IP.HERE | + | pasv_address=YOUR.PUBLIC.IP.HERE |
- | ls_recurse_enable=NO | + | ls_recurse_enable=NO |
#finally force the ssl connection | #finally force the ssl connection | ||
- | ssl_enable=YES | + | ssl_enable=YES |
- | allow_anon_ssl=NO | + | allow_anon_ssl=NO |
- | force_local_data_ssl=YES | + | force_local_data_ssl=YES |
- | force_local_logins_ssl=YES | + | force_local_logins_ssl=YES |
- | ssl_tlsv1=YES | + | ssl_tlsv1=YES |
- | ssl_sslv2=YES | + | ssl_sslv2=YES |
- | ssl_sslv3=YES | + | ssl_sslv3=YES |
- | #point to your certificate and key | + | #point to your certificate and key |
- | rsa_cert_file=/ffp/etc/vsftpd/xxx.crt | + | rsa_cert_file=/ffp/etc/vsftpd/xxx.crt |
- | rsa_private_key_file=/ffp/etc/vsftpd/xxx.key | + | rsa_private_key_file=/ffp/etc/vsftpd/xxx.key |
</code> | </code> | ||
Line 301: | Line 309: | ||
</code> | </code> | ||
- | <code> | + | <code bash> |
# vsftpd configuration file | # vsftpd configuration file | ||
# | # | ||
# This file is for multiple users sharing the same ftp directory but such | # This file is for multiple users sharing the same ftp directory but such | ||
# that each user has his own login and the uploaded files are stored with | # that each user has his own login and the uploaded files are stored with | ||
- | # each user's userid | + | # the userid of each user |
# | # | ||
# Anonymous access is turned off such that only local users can login | # Anonymous access is turned off such that only local users can login | ||
Line 390: | Line 398: | ||
Now John and Jane share the same configuration. You can also make special files to each if you want. | Now John and Jane share the same configuration. You can also make special files to each if you want. | ||
+ | |||
Line 418: | Line 427: | ||
name="vsftpd" | name="vsftpd" | ||
command="/ffp/sbin/vsftpd" | command="/ffp/sbin/vsftpd" | ||
- | vsftpd_flags="/ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &" | + | vsftpd_flags="/ffp/etc/vsftpd.conf" |
required_files="/ffp/etc/vsftpd.conf" | required_files="/ffp/etc/vsftpd.conf" | ||
start_cmd="vsftpd_start" | start_cmd="vsftpd_start" | ||
Line 426: | Line 435: | ||
proc_start_bg "$command" | proc_start_bg "$command" | ||
} | } | ||
+ | |||
+ | run_rc_command "$1" | ||
+ | |||
</code> | </code> | ||