Gentoo Linux - Installing and Configuring vsftpd

December 2016






Vsftpd is an FTP server, which can be easily install and used
  • To install under Gentoo, you must run the command:

emerge vsftpd
  • Once installed, it is possible to start the Daemon using /etc/init.d/vsftpd start
  • You can program it to launch at start up your machine using rc-update add vsftpd default.

Configuration


The configuration of vsftpd is mainly done by changing the settings in /etc/vsftpd/vsftpd.conf

Configuration using ssl


To configure the use of ssl, it must generate an ssl certificate as follows:
/etc/ssl/certs/openssl req -x509 -nodes -days 7300 -newkey rsa:2048 \
  -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem


You must carefully follow the steps during creation of certificate by providing the necessary information.
It must then return the configuration file /etc/vsftpd/vsftpd.conf by incorporating the following parameters:


#Activate ssl
ssl_enable=YES

#Choose to enable or disable anonymous access via ssl
# allow_anon_ssl=NO

#This parameter must be enabled to run ssl
ssl_tlsv1=YES

#Optional parameters 
force_local_logins_ssl=YES
ssl_sslv2=YES
ssl_sslv3=YES


Management of virtual users authentication with PAM


It requires:
Create a text file at /etc/vsftpd/ containing the list of users to create their passwords with the following structure:

User1 
Password1
User2 
Password2
... 
UtilisateurX 
Passwordx


Note that: the file must end with a newline.
Generate the user database from this file:

DbX.Y_load -T -t hash -f /etc/vsftpd/users.txt /etc/vsftpd/users.db


Note that it is necessary to install the library dbx-util via the command:
emerge db


Where X.Y is the version.
    • Then we must protect the database


chmod 600 /etc/vsftpd/users.db
    • Add to the file /etc/pam.d/vsftpd the two lines


auth required /lib/security/pam_userdb.so db=/etc/vsftpd/users
account required /lib/security/pam_userdb.so db=/etc/vsftpd/users
  • Note that to install if not already on the library via the pam_userdb

emerge pam_userdb
.
To identify users using the /etc/passwd and database PAM, add the following lines:

auth sufficient pam_unix.so
account sufficient pam_unix.so
  • Edit the file vsftpd.conf to add the parameters:


llocal_enable=YES
chroot_local_user=YES
guest_enable=YES
guest_username=ftpuser


Note that the virtual users have the same privileges as anonymous users. In order to have write access to the shared folder, in addition to the option:

write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Related :

This document entitled « Gentoo Linux - Installing and Configuring vsftpd » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.