NetAdminTools.com
 
Categories:
GNU/Linux | Homebrew designs | Perl | Ruby | Administration | Backup/Recovery | Bugs/Fixes | Certification | Database | Email | File/Print | Hardware | Information Grab Bag | Interoperability | GNU/Linux ABCs | Monitoring | Name Resolution | Network Services | Networking | Remote Control | Security | Desktop | Web | BSD | Solaris | GIAGD | ERP | REALbasic

Last 30 Days | Last 60 Days | Last 90 Days | All Articles | RSS


Categories:
·GNU/Linux
·Homebrew designs
·Perl
·Ruby
·Administration
·Backup/Recovery
·Bugs/Fixes
·Certification
·Database
·Email
·File/Print
·Hardware
·Information Grab Bag
·Interoperability
·GNU/Linux ABCs
·Monitoring
·Name Resolution
·Network Services
·Networking
·Remote Control
·Security
·Desktop
·Web
·BSD
·Solaris
·GIAGD
·ERP
·REALbasic
·All Categories


Configuring Vsftpd
Topic:Network Services   Date: 2004-07-09
Printer Friendly: Print   Mobile View: mobile

spacerspacer
<<  <   >  >>

Subject

Vsftpd is claimed to be,"Probably the most secure and fastest FTP server for UNIX-like systems." Well. That makes us want to look at it. What we need in this case, is for users with accounts on our system to have the ability to upload and download files without any other required client utilities; however, we don't want them to see other files on the system. This article will go through configuration of vsftp to this end. If you want a more secure chrooted environment, check out Building a Chrooted sftp Environment.

The first thing we'll do is copy the sample configuration file:

root@srv-1 vsftpd # cp vsftpd.conf.sample vsftpd.conf
root@srv-1 vsftpd # pwd
/etc/vsftpd
root@srv-1 vsftpd #

So, what happens if we try and FTP with the default config? Let's try:

[root@srv-3 root]# ftp srv-1
ftp: connect: Connection refused
ftp> exit

Probably, the service isn't listening. We had some issues with xinetd, so we'll use standalone for this. To do this add the following lines to /etc/vsftpd/vsftpd.conf:

background=YES
listen=YES

We'll have to start vsftpd:

root@srv-1 etc # /etc/init.d/vsftpd start
* Starting vsftpd...                                                     [ ok ]
root@srv-1 etc # 

Let's try again:

[root@srv-3 root]# ftp srv-1
Connected to srv-1 (10.50.100.1).
421 Service not available, remote server has closed connection
ftp>

OK. That is better. We might have to RTFM and configure this. :) Now, we do not want anonymous access, so we need to change these lines in vsftpd.conf:

anonymous_enable=NO
local_enable=YES

Let's try it again:

[root@srv-3 root]# ftp srv-1
Connected to srv-1 (10.50.100.1).
220 (vsFTPd 1.2.1)
Name (srv-1:root): u-1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls /
227 Entering Passive Mode (10,50,100,1,247,49)
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Jun 02 05:45 bin
drwxr-xr-x    6 0        0            1024 Jun 01 11:36 boot
drwxr-xr-x    1 0        0               0 Jan 01  1970 dev
.
.
.
drwxrwxrwt   24 0        0            4096 Jul 09 18:00 tmp
drwxr-xr-x   17 0        0            4096 May 30 20:42 usr
drwxr-xr-x   14 0        5            4096 Jan 16 15:45 var
226 Directory send OK.
ftp>

OK. Better, but we don't want the user to see /. We need to add a couple lines:

chroot_list_enable=YES
chroot_local_user=YES

Let's restart vsftpd:

root@srv-1 vsftpd # /etc/init.d/vsftpd restart
* Stopping vsftpd...                    [ ok ]
* Starting vsftpd...                    [ ok ]
root@srv-1 vsftpd # 

Now:

[root@srv-3 root]# ftp srv-1
Connected to srv-1 (10.50.100.1).
220 (vsFTPd 1.2.1)
Name (srv-1:root): u-1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls /
227 Entering Passive Mode (10,50,100,1,184,245)
150 Here comes the directory listing.
-rw-r--r--    1 1000     100          5497 Jan 20 14:49 000843.html
-rw-r--r--    1 1000     100             0 Feb 10  2003 0615060500
-rw-r--r--    1 1000     100        706169 Aug 09  2003 1.pdf
.
.
.
drwxr-xr-x    2 1000     100          4096 Jan 30  2003 xcircuitlibs
226 Directory send OK.
ftp> pwd
257 "/"
ftp> 
ftp> quit
221 Goodbye.

That is u-1's home directory, so we are set. The complete vsftpd.conf file is:

anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
connect_from_port_20=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
nopriv_user=nobody
chroot_list_enable=YES
chroot_local_user=YES
background=YES
listen=YES


People:
Places:
Things:
Times:





Please read our Terms of Use and our Privacy Policy
Microsoft, Windows, Windows Server are either trademarks or registered trademarks of Microsoft Corporation. NetAdminTools.com is not affiliated with Microsoft Corporation. Linux is a registered trademark of Linus Torvalds, and refers to the Linux kernel. The operating system of most distributions that contain the Linux kernel is GNU/Linux. All logos and trademarks in this site are property of their respective owner. Copyright 1997-2013 NetAdminTools.com