Information
- Prerequisites
Dependencies
Firewall
- Custom
Service
Settings
- General
- Encryption Support
  - Generate Certs
  - Enable Encryption
fstab
Permissions
- chown
- chmod
IPTV

Information

vsftpd ¹⁾

Prerequisites

openSUSE Tumbleweed

Dependencies

sudo zypper install 'vsftpd'

Firewall

See firewalld

20/tcp
21/tcp
PASV: 30000-30100/tcp

sudo firewall-cmd --add-service='vsftpd' --permanent && sudo firewall-cmd --reload

Custom

sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='30000-30100/tcp' --permanent && sudo firewall-cmd --reload

Service

sudo systemctl enable 'vsftpd' --now

Settings

General

sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'

write_enable=YES

# Custom
pasv_enable=YES
local_root=/srv/ftp
force_dot_files=YES

Encryption Support

Generate Certs

Country: US
State: PA
Locality: Charleroi
Org Name: Realm of Espionage
Org Unit: NAS
YOUR Name: x
Email: x

sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'

Enable Encryption

ssl_ciphers can be set to HIGH or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ²⁾

sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=YES

ssl_ciphers=AES128-SHA
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem

fstab

PARTUUID

Be sure to get the PARTUUID towards the end of the line, and not UUID

sudo blkid

fstab

Change the x in PARTLABEL=
This expects 1 drive each with a XFS partition

sudo mkdir -p '/srv/ftp/nas1' '/srv/ftp/nas2' '/srv/ftp/internal' && sudo -e '/etc/fstab'

# NAS
PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2
PARTUUID=x /srv/ftp/nas2 xfs defaults 0 2

sudo systemctl daemon-reload && sudo mount --all && sync

Safe Unmount Externals

TODO: See if there's another command that has less dependencies than udisks2 on openSUSE TW

sudo udisksctl unmount --force --block-device='/dev/sdb'

sudo udisksctl power-off --block-device='/dev/sdb'

Permissions

chown

sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync

sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas2' && sync

sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/internal' && sync

chmod

664 makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out

sudo chmod --recursive '774' '/srv/ftp/nas1' && sync

sudo chmod --recursive '774' '/srv/ftp/nas2' && sync

sudo chmod --recursive '774' '/srv/ftp/internal' && sync

IPTV

See iptv

¹⁾

https://security.appspot.com/vsftpd.html

²⁾

specifically on Oak with a Phenom II X4, HIGH caps around 60-70MB/s, whereas AES128-SHA is 70-80MB/s, and no encryption is 100-110MB/s

Table of Contents

Information

Prerequisites

Dependencies

Firewall

Custom

Service

Settings

General

Encryption Support

Generate Certs

Enable Encryption

fstab

PARTUUID

fstab

Safe Unmount Externals

Permissions

chown

chmod

IPTV