vsftpd

From Gentoo Wiki
Jump to:navigation Jump to:search

Resources

vsftpd (Very Secure FTP Daemon) is an FTP server for UNIX-like systems.

Installation

USE flags

USE flags for net-ftp/vsftpd Very Secure FTP Daemon

pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
ssl Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)
tcpd Add support for TCP wrappers

Emerge

root #emerge --ask net-ftp/vsftpd

Configuration

Anonymous read access

FILE /etc/vsftpd/vsftpd.conf
listen=YES
local_enable=NO
anonymous_enable=YES
write_enable=NO
anon_root=/home/ftp

Anonymous read/write access

root #chown ftp /home/ftp
FILE /etc/vsftpd/vsftpd.conf
listen=YES
local_enable=NO
anonymous_enable=YES
anon_upload_enable=YES
write_enable=YES
anon_mkdir_write_enable=YES
anon_root=/home/ftp
Important
Allowing anonymous public read/write access is considered a high security risk.

Service

OpenRC

root #rc-update add vsftpd default
root #/etc/init.d/vsftpd start

systemd

root #systemctl enable vsftpd
root #systemctl start vsftpd

Troubleshooting

seccomp filter sanboxing

Following error might show using ftp clients with vsftpd 3.0.x version:

500 OOPS: priv_sock_get_cmd

This is caused by seccomp filter sanboxing, and enabled by default on amd64. To workaround this issue, disable seccomp filter sanboxing:

FILE /etc/vsftpd/vsftpd.conf
seccomp_sandbox=NO

For further information, refer to Red Hat bug #845980.

See also