Changeset 4472e923 for server/major/vsftpd.xml
- Timestamp:
- 03/07/2020 09:40:50 AM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 99c61a4
- Parents:
- 21a08bf
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/major/vsftpd.xml
r21a08bf r4472e923 31 31 <title>Introduction to vsftpd</title> 32 32 33 <para>The <application>vsftpd</application> package contains a very 34 secure and very small FTP daemon. This is useful for serving files 35 over a network.</para> 33 <para> 34 The <application>vsftpd</application> package contains a very 35 secure and very small FTP daemon. This is useful for serving files 36 over a network. 37 </para> 36 38 37 39 &lfs91_checked; … … 40 42 <itemizedlist spacing="compact"> 41 43 <listitem> 42 <para>Download (HTTP): <ulink url="&vsftpd-download-http;"/></para> 43 </listitem> 44 <listitem> 45 <para>Download (FTP): <ulink url="&vsftpd-download-ftp;"/></para> 46 </listitem> 47 <listitem> 48 <para>Download MD5 sum: &vsftpd-md5sum;</para> 49 </listitem> 50 <listitem> 51 <para>Download size: &vsftpd-size;</para> 52 </listitem> 53 <listitem> 54 <para>Estimated disk space required: &vsftpd-buildsize;</para> 55 </listitem> 56 <listitem> 57 <para>Estimated build time: &vsftpd-time;</para> 44 <para> 45 Download (HTTP): <ulink url="&vsftpd-download-http;"/> 46 </para> 47 </listitem> 48 <listitem> 49 <para> 50 Download (FTP): <ulink url="&vsftpd-download-ftp;"/> 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 Download MD5 sum: &vsftpd-md5sum; 56 </para> 57 </listitem> 58 <listitem> 59 <para> 60 Download size: &vsftpd-size; 61 </para> 62 </listitem> 63 <listitem> 64 <para> 65 Estimated disk space required: &vsftpd-buildsize; 66 </para> 67 </listitem> 68 <listitem> 69 <para> 70 Estimated build time: &vsftpd-time; 71 </para> 58 72 </listitem> 59 73 </itemizedlist> … … 80 94 <title>Installation of vsftpd</title> 81 95 82 <para>For security reasons, running <application>vsftpd</application> 83 as an unprivileged user and group is encouraged. Also, a user should be 84 created to map anonymous users. As the <systemitem 85 class="username">root</systemitem> user, create the needed directories, 86 users, and groups with the following commands:</para> 96 <para> 97 For security reasons, running <application>vsftpd</application> 98 as an unprivileged user and group is encouraged. Also, a user should be 99 created to map anonymous users. As the <systemitem 100 class="username">root</systemitem> user, create the needed directories, 101 users, and groups with the following commands: 102 </para> 87 103 88 104 <screen role="root"><userinput>install -v -d -m 0755 &vsftpd-empty; && … … 93 109 useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd && 94 110 useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp</userinput></screen> 95 <!-- 96 <para>If you did not install the optional <application>libcap2</application> package, 97 run the following to avoid a build error:</para> 98 99 <screen><userinput>sed -i -e 's|#define VSF_SYSDEP_HAVE_LIBCAP|//&|' sysdeputil.c</userinput></screen>--> 100 101 <para>Build <application>vsftpd</application> as an unprivileged user 102 using the following command:</para> 111 112 <para> 113 Build <application>vsftpd</application> as an unprivileged user 114 using the following command: 115 </para> 103 116 104 117 <screen><userinput>make</userinput></screen> 105 118 106 <para>This package does not come with a test suite.</para> 107 108 <para>Once again, become the <systemitem class="username">root</systemitem> 109 user and install <application>vsftpd</application> with the following 110 commands:</para> 119 <para> 120 This package does not come with a test suite. 121 </para> 122 123 <para> 124 Once again, become the <systemitem class="username">root</systemitem> 125 user and install <application>vsftpd</application> with the following 126 commands: 127 </para> 111 128 112 129 <screen role="root"><userinput>install -v -m 755 vsftpd /usr/sbin/vsftpd && … … 120 137 <title>Command Explanations</title> 121 138 122 <para><command>install -v -d ...</command>: This creates the 123 directory that anonymous users will use (<filename 124 class='directory'>/home/ftp</filename>) 125 and the directory the daemon will chroot into 126 (<filename class='directory'>&vsftpd-empty;</filename>).</para> 139 <para> 140 <command>install -v -d ...</command>: This creates the 141 directory that anonymous users will use (<filename 142 class='directory'>/home/ftp</filename>) 143 and the directory the daemon will chroot into 144 (<filename class='directory'>&vsftpd-empty;</filename>). 145 </para> 127 146 128 147 <note> 129 <para><filename class="directory">/home/ftp</filename> should not be 130 owned by the user <systemitem class="username">vsftpd</systemitem>, 131 or the user <systemitem class="username">ftp</systemitem>.</para> 148 <para> 149 <filename class="directory">/home/ftp</filename> should not be 150 owned by the user <systemitem class="username">vsftpd</systemitem>, 151 or the user <systemitem class="username">ftp</systemitem>. 152 </para> 132 153 </note> 133 154 134 <para><command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>: 135 Use this prior to <command>make</command> to add support for 136 <application>tcpwrappers</application>.</para> 137 138 <para><command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>: 139 Use this prior to <command>make</command> to add support for SSL.</para> 140 141 <para><command>install -v -m ...</command>: 142 The <filename>Makefile</filename> uses non-standard installation paths. 143 These commands install the files in 144 <filename class='directory'>/usr</filename> and 145 <filename class='directory'>/etc</filename>.</para> 155 <para> 156 <command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>: 157 Use this prior to <command>make</command> to add support for 158 <application>tcpwrappers</application>. 159 </para> 160 161 <para> 162 <command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>: 163 Use this prior to <command>make</command> to add support for SSL. 164 </para> 165 166 <para> 167 <command>install -v -m ...</command>: 168 The <filename>Makefile</filename> uses non-standard installation paths. 169 These commands install the files in 170 <filename class='directory'>/usr</filename> and 171 <filename class='directory'>/etc</filename>. 172 </para> 146 173 147 174 </sect2> … … 153 180 <title>Config Files</title> 154 181 155 <para><filename>/etc/vsftpd.conf</filename></para> 182 <para> 183 <filename>/etc/vsftpd.conf</filename> 184 </para> 156 185 157 186 <indexterm zone="vsftpd vsftpd-config"> … … 164 193 <title>Configuration Information</title> 165 194 166 <para><application>vsftpd</application> comes with a basic 167 anonymous-only configuration file that was copied to 168 <filename class='directory'>/etc</filename> above. While still as 169 <systemitem class="username">root</systemitem>, this file should be 170 modified because it is now recommended to run <command>vsftpd</command> 171 in standalone mode. <!-- as opposed to 172 <command>inetd</command>/<command>xinetd</command> mode. -->Also, you 173 should specify the privilege separation user created above. Finally, 174 you should specify the <command>chroot</command> directory. 175 <command>man vsftpd.conf</command> will give you all the details.</para> 195 <para> 196 <application>vsftpd</application> comes with a basic 197 anonymous-only configuration file that was copied to 198 <filename class='directory'>/etc</filename> above. While still as 199 <systemitem class="username">root</systemitem>, this file should be 200 modified because it is now recommended to run <command>vsftpd</command> 201 in standalone mode. Also, you 202 should specify the privilege separation user created above. Finally, 203 you should specify the <command>chroot</command> directory. 204 <command>man vsftpd.conf</command> will give you all the details. 205 </para> 176 206 177 207 <screen role="root"><userinput>cat >> /etc/vsftpd.conf << "EOF" … … 183 213 184 214 <!-- recheck this issue when vsftpd is updated --> 185 <para>The vsftpd daemon uses seccomp to improve security by default. 186 But it's known to cause vsftpd unable to handle ftp 187 <literal>LIST</literal> command with recent kernel versions. Append 188 a line to <filename>/etc/vsftpd.conf</filename> (as the 189 <systemitem class="username">root</systemitem> user) to disable 190 seccomp and workaround this issue:</para> 215 <para> 216 The vsftpd daemon uses seccomp to improve security by default. 217 But it's known to cause vsftpd unable to handle ftp 218 <literal>LIST</literal> command with recent kernel versions. Append 219 a line to <filename>/etc/vsftpd.conf</filename> (as the 220 <systemitem class="username">root</systemitem> user) to disable 221 seccomp and workaround this issue: 222 </para> 191 223 192 224 <screen role="root"><userinput>cat >> /etc/vsftpd.conf << "EOF" … … 194 226 EOF</userinput></screen> 195 227 196 <para>To enable local logins, append the following to the 197 <filename>/etc/vsftpd.conf</filename> file (as the 198 <systemitem class="username">root</systemitem> user):</para> 228 <para> 229 To enable local logins, append the following to the 230 <filename>/etc/vsftpd.conf</filename> file (as the 231 <systemitem class="username">root</systemitem> user): 232 </para> 199 233 200 234 <screen role="root"><userinput>cat >> /etc/vsftpd.conf << "EOF" … … 202 236 EOF</userinput></screen> 203 237 204 <para>In addition, if using <application>Linux-PAM</application> and 205 <application>vsftpd</application> with local user logins, you will need 206 a <application>Linux-PAM</application> configuration file. As the 207 <systemitem class="username">root</systemitem> user, create the 208 <filename>/etc/pam.d/vsftpd</filename> file, and add the needed 209 configuration changes for <application>Linux-PAM</application> session 210 support using the following commands:</para> 238 <para> 239 In addition, if using <application>Linux-PAM</application> and 240 <application>vsftpd</application> with local user logins, you will need 241 a <application>Linux-PAM</application> configuration file. As the 242 <systemitem class="username">root</systemitem> user, create the 243 <filename>/etc/pam.d/vsftpd</filename> file, and add the needed 244 configuration changes for <application>Linux-PAM</application> session 245 support using the following commands: 246 </para> 211 247 212 248 <screen role="root"><userinput>cat > /etc/pam.d/vsftpd << "EOF" && … … 232 268 <phrase revision="systemd">Systemd Unit</phrase></title> 233 269 234 <para>Install the 235 <phrase revision="sysv"><filename>/etc/rc.d/init.d/vsftpd</filename> init 236 script</phrase> 237 <phrase revision="systemd"><filename>vsftpd.service</filename> 238 unit</phrase> included in the 239 <xref linkend="bootscripts" revision="sysv"/> 240 <xref linkend="systemd-units" revision="systemd"/> package.</para> 270 <para> 271 Install the 272 <phrase revision="sysv"><filename>/etc/rc.d/init.d/vsftpd</filename> 273 init script</phrase> 274 <phrase revision="systemd"><filename>vsftpd.service</filename> 275 unit</phrase> included in the 276 <xref linkend="bootscripts" revision="sysv"/> 277 <xref linkend="systemd-units" revision="systemd"/> package: 278 </para> 241 279 242 280 <screen role="root"><userinput>make install-vsftpd</userinput></screen> … … 269 307 <term><command>vsftpd</command></term> 270 308 <listitem> 271 <para>is the FTP daemon.</para> 309 <para> 310 is the FTP daemon. 311 </para> 272 312 <indexterm zone="vsftpd vsftpd-prog"> 273 313 <primary sortas="b-vsftpd">vsftpd</primary>
Note:
See TracChangeset
for help on using the changeset viewer.