Context Navigation

-              r21a08bf
+              r4472e923
     <title>Introduction to vsftpd</title>
+    <para>The <application>vsftpd</application> package contains a very
+    secure and very small FTP daemon. This is useful for serving files
+    over a network.</para>
+    <para>
+      The <application>vsftpd</application> package contains a very
+      secure and very small FTP daemon. This is useful for serving files
+      over a network.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&vsftpd-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&vsftpd-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &vsftpd-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &vsftpd-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &vsftpd-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &vsftpd-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&vsftpd-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&vsftpd-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &vsftpd-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &vsftpd-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &vsftpd-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &vsftpd-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <title>Installation of vsftpd</title>
+    <para>For security reasons, running <application>vsftpd</application>
+    as an unprivileged user and group is encouraged. Also, a user should be
+    created to map anonymous users. As the <systemitem
+    class="username">root</systemitem> user, create the needed directories,
+    users, and groups with the following commands:</para>
+    <para>
+      For security reasons, running <application>vsftpd</application>
+      as an unprivileged user and group is encouraged. Also, a user should be
+      created to map anonymous users. As the <systemitem
+      class="username">root</systemitem> user, create the needed directories,
+      users, and groups with the following commands:
+    </para>
 <screen role="root"><userinput>install -v -d -m 0755 &vsftpd-empty; &amp;&amp;
 …
 useradd -c "vsftpd User"  -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &amp;&amp;
 useradd -c anonymous_user -d /home/ftp -g ftp    -s /bin/false -u 45 ftp</userinput></screen>
+<!--
+    <para>If you did not install the optional <application>libcap2</application> package,
+    run the following to avoid a build error:</para>
+<screen><userinput>sed -i -e 's|#define VSF_SYSDEP_HAVE_LIBCAP|//&amp;|' sysdeputil.c</userinput></screen>-->
+    <para>Build <application>vsftpd</application> as an unprivileged user
+    using the following command:</para>
+    <para>
+      Build <application>vsftpd</application> as an unprivileged user
+      using the following command:
+    </para>
 <screen><userinput>make</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Once again, become the <systemitem class="username">root</systemitem>
+    user and install <application>vsftpd</application> with the following
+    commands:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Once again, become the <systemitem class="username">root</systemitem>
+      user and install <application>vsftpd</application> with the following
+      commands:
+    </para>
 <screen role="root"><userinput>install -v -m 755 vsftpd        /usr/sbin/vsftpd    &amp;&amp;
 …
     <title>Command Explanations</title>
+    <para><command>install -v -d ...</command>: This creates the
+    directory that anonymous users will use (<filename
+    class='directory'>/home/ftp</filename>)
+    and the directory the daemon will chroot into
+    (<filename class='directory'>&vsftpd-empty;</filename>).</para>
+    <para>
+      <command>install -v -d ...</command>: This creates the
+      directory that anonymous users will use (<filename
+      class='directory'>/home/ftp</filename>)
+      and the directory the daemon will chroot into
+      (<filename class='directory'>&vsftpd-empty;</filename>).
+    </para>
     <note>
+      <para><filename class="directory">/home/ftp</filename> should not be
+      owned by the user <systemitem class="username">vsftpd</systemitem>,
+      or the user <systemitem class="username">ftp</systemitem>.</para>
+      <para>
+        <filename class="directory">/home/ftp</filename> should not be
+        owned by the user <systemitem class="username">vsftpd</systemitem>,
+        or the user <systemitem class="username">ftp</systemitem>.
+      </para>
     </note>
+    <para><command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>:
+    Use this prior to <command>make</command> to add support for
+    <application>tcpwrappers</application>.</para>
+    <para><command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>:
+    Use this prior to <command>make</command> to add support for SSL.</para>
+    <para><command>install -v -m ...</command>:
+    The <filename>Makefile</filename> uses non-standard installation paths.
+    These commands install the files in
+    <filename class='directory'>/usr</filename> and
+    <filename class='directory'>/etc</filename>.</para>
+    <para>
+      <command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>:
+      Use this prior to <command>make</command> to add support for
+      <application>tcpwrappers</application>.
+    </para>
+    <para>
+      <command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>:
+      Use this prior to <command>make</command> to add support for SSL.
+    </para>
+    <para>
+      <command>install -v -m ...</command>:
+      The <filename>Makefile</filename> uses non-standard installation paths.
+      These commands install the files in
+      <filename class='directory'>/usr</filename> and
+      <filename class='directory'>/etc</filename>.
+    </para>
   </sect2>
 …
       <title>Config Files</title>
+      <para><filename>/etc/vsftpd.conf</filename></para>
+      <para>
+        <filename>/etc/vsftpd.conf</filename>
+      </para>
       <indexterm zone="vsftpd vsftpd-config">
 …
       <title>Configuration Information</title>
+      <para><application>vsftpd</application> comes with a basic
+      anonymous-only configuration file that was copied to
+      <filename class='directory'>/etc</filename> above. While still as
+      <systemitem class="username">root</systemitem>, this file should be
+      modified because it is now recommended to run <command>vsftpd</command>
+      in standalone mode. <!-- as opposed to
+      <command>inetd</command>/<command>xinetd</command> mode. -->Also, you
+      should specify the privilege separation user created above. Finally,
+      you should specify the <command>chroot</command> directory.
+      <command>man vsftpd.conf</command> will give you all the details.</para>
+      <para>
+        <application>vsftpd</application> comes with a basic
+        anonymous-only configuration file that was copied to
+        <filename class='directory'>/etc</filename> above. While still as
+        <systemitem class="username">root</systemitem>, this file should be
+        modified because it is now recommended to run <command>vsftpd</command>
+        in standalone mode. Also, you
+        should specify the privilege separation user created above. Finally,
+        you should specify the <command>chroot</command> directory.
+        <command>man vsftpd.conf</command> will give you all the details.
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
 …
       <!-- recheck this issue when vsftpd is updated -->
+      <para>The vsftpd daemon uses seccomp to improve security by default.
+      But it's known to cause vsftpd unable to handle ftp
+      <literal>LIST</literal> command with recent kernel versions.  Append
+      a line to <filename>/etc/vsftpd.conf</filename> (as the
+      <systemitem class="username">root</systemitem> user) to disable
+      seccomp and workaround this issue:</para>
+      <para>
+        The vsftpd daemon uses seccomp to improve security by default.
+        But it's known to cause vsftpd unable to handle ftp
+        <literal>LIST</literal> command with recent kernel versions.  Append
+        a line to <filename>/etc/vsftpd.conf</filename> (as the
+        <systemitem class="username">root</systemitem> user) to disable
+        seccomp and workaround this issue:
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>To enable local logins, append the following to the
+      <filename>/etc/vsftpd.conf</filename> file (as the
+      <systemitem class="username">root</systemitem> user):</para>
+      <para>
+        To enable local logins, append the following to the
+        <filename>/etc/vsftpd.conf</filename> file (as the
+        <systemitem class="username">root</systemitem> user):
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>In addition, if using <application>Linux-PAM</application> and
+      <application>vsftpd</application> with local user logins, you will need
+      a <application>Linux-PAM</application> configuration file. As the
+      <systemitem class="username">root</systemitem> user, create the
+      <filename>/etc/pam.d/vsftpd</filename> file, and add the needed
+      configuration changes for <application>Linux-PAM</application> session
+      support using the following commands:</para>
+      <para>
+        In addition, if using <application>Linux-PAM</application> and
+        <application>vsftpd</application> with local user logins, you will need
+        a <application>Linux-PAM</application> configuration file. As the
+        <systemitem class="username">root</systemitem> user, create the
+        <filename>/etc/pam.d/vsftpd</filename> file, and add the needed
+        configuration changes for <application>Linux-PAM</application> session
+        support using the following commands:
+      </para>
 <screen role="root"><userinput>cat &gt; /etc/pam.d/vsftpd &lt;&lt; "EOF" &amp;&amp;
 …
              <phrase revision="systemd">Systemd Unit</phrase></title>
+      <para>Install the
+      <phrase revision="sysv"><filename>/etc/rc.d/init.d/vsftpd</filename> init
+      script</phrase>
+      <phrase revision="systemd"><filename>vsftpd.service</filename>
+      unit</phrase> included in the
+      <xref linkend="bootscripts" revision="sysv"/>
+      <xref linkend="systemd-units" revision="systemd"/> package.</para>
+      <para>
+        Install the
+        <phrase revision="sysv"><filename>/etc/rc.d/init.d/vsftpd</filename>
+        init script</phrase>
+        <phrase revision="systemd"><filename>vsftpd.service</filename>
+        unit</phrase> included in the
+        <xref linkend="bootscripts" revision="sysv"/>
+        <xref linkend="systemd-units" revision="systemd"/> package:
+      </para>
 <screen role="root"><userinput>make install-vsftpd</userinput></screen>
 …
         <term><command>vsftpd</command></term>
         <listitem>
+          <para>is the FTP daemon.</para>
+          <para>
+            is the FTP daemon.
+          </para>
           <indexterm zone="vsftpd vsftpd-prog">
             <primary sortas="b-vsftpd">vsftpd</primary>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 4472e923 for server/major/vsftpd.xml

Legend:

server/major/vsftpd.xml

Download in other formats: