%general-entities; ]> $LastChangedBy$ $Date$ vsftpd The vsftpd package contains a very secure and very small FTP daemon. This is useful for serving files over a network. &lfs90_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &vsftpd-md5sum; Download size: &vsftpd-size; Estimated disk space required: &vsftpd-buildsize; Estimated build time: &vsftpd-time; vsftpd Dependencies Required Optional , and User Notes: For security reasons, running vsftpd as an unprivileged user and group is encouraged. Also, a user should be created to map anonymous users. As the root user, create the needed directories, users, and groups with the following commands: install -v -d -m 0755 &vsftpd-empty; && install -v -d -m 0755 /home/ftp && groupadd -g 47 vsftpd && groupadd -g 45 ftp && useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd && useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp Build vsftpd as an unprivileged user using the following command: make This package does not come with a test suite. Once again, become the root user and install vsftpd with the following commands: install -v -m 755 vsftpd /usr/sbin/vsftpd && install -v -m 644 vsftpd.8 /usr/share/man/man8 && install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m 644 vsftpd.conf /etc install -v -d ...: This creates the directory that anonymous users will use (/home/ftp) and the directory the daemon will chroot into (&vsftpd-empty;). /home/ftp should not be owned by the user vsftpd, or the user ftp. echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: Use this prior to make to add support for tcpwrappers. echo "#define VSF_BUILD_SSL" >>builddefs.h: Use this prior to make to add support for SSL. install -v -m ...: The Makefile uses non-standard installation paths. These commands install the files in /usr and /etc. /etc/vsftpd.conf /etc/vsftpd.conf vsftpd comes with a basic anonymous-only configuration file that was copied to /etc above. While still as root, this file should be modified because it is now recommended to run vsftpd in standalone mode. Also, you should specify the privilege separation user created above. Finally, you should specify the chroot directory. man vsftpd.conf will give you all the details. cat >> /etc/vsftpd.conf << "EOF" background=YES listen=YES nopriv_user=vsftpd secure_chroot_dir=&vsftpd-empty; EOF The vsftpd daemon uses seccomp to improve security by default. But it's known to cause vsftpd unable to handle ftp LIST command with recent kernel versions. Append a line to /etc/vsftpd.conf (as the root user) to disable seccomp and workaround this issue: cat >> /etc/vsftpd.conf << "EOF" seccomp_sandbox=NO EOF To enable local logins, append the following to the /etc/vsftpd.conf file (as the root user): cat >> /etc/vsftpd.conf << "EOF" local_enable=YES EOF In addition, if using Linux-PAM and vsftpd with local user logins, you will need a Linux-PAM configuration file. As the root user, create the /etc/pam.d/vsftpd file, and add the needed configuration changes for Linux-PAM session support using the following commands: cat > /etc/pam.d/vsftpd << "EOF" && # Begin /etc/pam.d/vsftpd auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers \ onerr=succeed auth required pam_shells.so auth include system-auth account include system-account session include system-session EOF cat >> /etc/vsftpd.conf << "EOF" session_support=YES pam_service_name=vsftpd EOF Install the /etc/rc.d/init.d/vsftpd init script vsftpd.service unit included in the package. make install-vsftpd Installed Program Installed Libraries Installed Directories vsftpd None /usr/share/vsftpd, /home/ftp Short Descriptions vsftpd is the FTP daemon. vsftpd