vsftpd

From Gentoo Wiki
Jump to: navigation, search

Resources

vsftpd (Very Secure FTP Daemon) is an FTP server for UNIX-like systems.

Installation

USE flags

USE flags for net-ftp/vsftpd Very Secure FTP Daemon written with speed, size and security in mind

caps Use Linux capabilities library to control privilege global
libressl Use dev-libs/libressl as SSL provider (might need ssl USE flag), packages should not depend on this USE flag global
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip global
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur global
ssl Add support for Secure Socket Layer connections global
tcpd Add support for TCP wrappers global
xinetd Add support for the xinetd super-server global

Emerge

root #emerge --ask net-ftp/vsftpd

Configuration

Anonymous read access

FILE /etc/vsftpd/vsftpd.conf
listen=YES
local_enable=NO
anonymous_enable=YES
write_enable=NO
anon_root=/home/ftp

Anonymous read/write access

Warning
Allowing anonymous public read/write access is considered a very high security risk.
root #chown ftp /home/ftp
FILE /etc/vsftpd/vsftpd.conf
listen=YES
local_enable=NO
anonymous_enable=YES
anon_upload_enable=YES
write_enable=YES
anon_mkdir_write_enable=YES
anon_root=/home/ftp

Service

OpenRC

root #rc-update add vsftpd default
root #/etc/init.d/vsftpd start

systemd

root #systemctl enable vsftpd
root #systemctl start vsftpd

Troubleshooting

seccomp filter sanboxing with vsftpd 3.0.x

The following error may occur on ftp clients with vsftpd 3.0.x:

500 OOPS: priv_sock_get_cmd

This is caused by seccomp filter sanboxing, which is enabled by default on amd64. To workaround this issue, disable seccomp filter sanboxing:

FILE /etc/vsftpd/vsftpd.conf
seccomp_sandbox=NO

For further information, refer to Red Hat bug #845980.

See also