Gentoo Linux - Installing and Configuring vsftpd

August 2017






Vsftpd is an FTP server, which can be easily install and used
  • To install under Gentoo, you must run the command:

emerge vsftpd
  • Once installed, it is possible to start the Daemon using /etc/init.d/vsftpd start
  • You can program it to launch at start up your machine using rc-update add vsftpd default.

Configuration


The configuration of vsftpd is mainly done by changing the settings in /etc/vsftpd/vsftpd.conf

Configuration using ssl


To configure the use of ssl, it must generate an ssl certificate as follows:
/etc/ssl/certs/openssl req -x509 -nodes -days 7300 -newkey rsa:2048 \
  -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem


You must carefully follow the steps during creation of certificate by providing the necessary information.
It must then return the configuration file /etc/vsftpd/vsftpd.conf by incorporating the following parameters:


#Activate ssl
ssl_enable=YES

#Choose to enable or disable anonymous access via ssl
# allow_anon_ssl=NO

#This parameter must be enabled to run ssl
ssl_tlsv1=YES

#Optional parameters 
force_local_logins_ssl=YES
ssl_sslv2=YES
ssl_sslv3=YES


Management of virtual users authentication with PAM


It requires:
Create a text file at /etc/vsftpd/ containing the list of users to create their passwords with the following structure:

User1 
Password1
User2 
Password2
... 
UtilisateurX 
Passwordx


Note that: the file must end with a newline.
Generate the user database from this file:

DbX.Y_load -T -t hash -f /etc/vsftpd/users.txt /etc/vsftpd/users.db


Note that it is necessary to install the library dbx-util via the command:
emerge db


Where X.Y is the version.
    • Then we must protect the database


chmod 600 /etc/vsftpd/users.db
    • Add to the file /etc/pam.d/vsftpd the two lines


auth required /lib/security/pam_userdb.so db=/etc/vsftpd/users
account required /lib/security/pam_userdb.so db=/etc/vsftpd/users
  • Note that to install if not already on the library via the pam_userdb

emerge pam_userdb
.
To identify users using the /etc/passwd and database PAM, add the following lines:

auth sufficient pam_unix.so
account sufficient pam_unix.so
  • Edit the file vsftpd.conf to add the parameters:


llocal_enable=YES
chroot_local_user=YES
guest_enable=YES
guest_username=ftpuser


Note that the virtual users have the same privileges as anonymous users. In order to have write access to the shared folder, in addition to the option:

write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Related


Published by jak58. Latest update on August 20, 2009 at 06:57 AM by jak58.
This document, titled "Gentoo Linux - Installing and Configuring vsftpd," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).