RoE | Wiki

User Tools

Site Tools

Trace: vsftpd
servers:linux:vsftpd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:linux:vsftpd [2024/08/13 17:54] – external edit 127.0.0.1servers:linux:vsftpd [2025/10/21 19:06] (current) – [fstab] Sean Rhone
Line 1: Line 1:
 ====== Information ====== ====== Information ======
  
-  * vsftpd ((https://security.appspot.com/vsftpd.html))+  * vsftpd 
 +  * FTP server
  
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[linux;distros;server;fedora_server|Fedora Server]]+  * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
  
 ====== Dependencies ====== ====== Dependencies ======
Line 11: Line 12:
 **** ****
  
-  sudo dnf install 'vsftpd'+  sudo zypper install 'vsftpd'
  
 ====== Firewall ====== ====== Firewall ======
- 
-  * See [[linux;notes;misc#firewalld|firewalld]] 
- 
-  * 20/tcp 
-  * 21/tcp 
-  * PASV: 40000-50000/tcp 
- 
-  sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='40000-50000/tcp' --permanent && sudo firewall-cmd --reload 
- 
-====== SELinux ====== 
- 
-  * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-file_transfer_protocol-booleans 
-  * https://hostodo.com/portal/knowledgebase/25/Setup-vsftp-with-SELinux.html 
- 
-  sudo setsebool -P 'ftpd_full_access' 'on' 
- 
-  sudo setsebool -P 'ftpd_use_passive_mode' 'on' 
- 
-  sudo grep "SELinux is preventing" /var/log/messages > k.txt 
- 
-===== Verify ===== 
  
 **** ****
  
-  getsebool -a | grep 'ftp'+  sudo firewall-cmd --add-service='vsftpd--permanent && sudo firewall-cmd --reload
  
 ====== Service ====== ====== Service ======
Line 50: Line 30:
 ===== General ===== ===== General =====
  
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'+  sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'
  
 <code> <code>
 # Custom # Custom
 +anonymous_enable=NO
 +write_enable=YES
 +listen=YES
 +listen_ipv6=NO
 pasv_enable=YES pasv_enable=YES
-pasv_max_port=50000 +local_root=/srv/ftp/NAS1 
-pasv_min_port=40000 +force_dot_files=YES
-local_root=/var/ftp +
-force_dot_files=YES</code>+
  
-===== Encryption Support =====+# End</code>
  
-==== Generate Certs ====+====== fstab ======
  
-  * CountryUS +  * [[linux:notes:disk_format_filesystems|Different FS Formats]] 
-  * StatePA +  * [[linux:notes:rsync_nas|rsync]]
-  * LocalityCharleroi +
-  * Org NameRealm of Espionage +
-  * Org Unit: NAS +
-  * YOUR Name: x +
-  * Email: x +
- +
-  sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem' +
- +
-==== Enable Encryption ==== +
- +
-  * :!: ''ssl_ciphers'' can be set to ''HIGH'' or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ((specifically on Oak with a Phenom II X4, ''HIGH'' caps around 60-70MB/s, whereas ''AES128-SHA'' is 70-80MB/s, and no encryption is 100-110MB/s)) +
- +
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd' +
- +
-<code> +
-ssl_enable=YES +
-allow_anon_ssl=NO +
-force_local_data_ssl=YES +
-force_local_logins_ssl=YES +
-require_ssl_reuse=YES +
- +
-ssl_ciphers=AES128-SHA +
-ssl_tlsv1=YES +
-ssl_sslv2=NO +
-ssl_sslv3=NO +
- +
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem +
-rsa_private_key_file=/etc/ssl/certs/vsftpd.pem</code> +
- +
-====== fstab ======+
  
 ===== UUID ===== ===== UUID =====
  
-  * Use either ''PARTUUID'' or ''UUID''+  * Use either ''PARTUUID'' (GPT) or ''UUID''
  
   sudo blkid   sudo blkid
Line 105: Line 57:
 ===== fstab ===== ===== fstab =====
  
-  sudo mkdir -p '/var/ftp/nas1' && sudo -e '/etc/fstab'+  sudo mkdir -p '/srv/ftp/NAS1' && sudo -e '/etc/fstab'
  
-  sudo mkdir -p '/var/ftp/nas2' && sudo -e '/etc/fstab'+  sudo mkdir -p '/srv/ftp/NAS1' '/srv/ftp/NAS2' && sudo -e '/etc/fstab'
  
 <code> <code>
 # NAS # NAS
-UUID=x /var/ftp/nas1 xfs defaults,nofail 0 2 +UUID=x /srv/ftp/NAS1 ext4 defaults,nofail 0 2 
-PARTUUID=x /var/ftp/nas2 ntfs defaults,nofail 0 2</code>+#UUID=x /srv/ftp/NAS2 ntfs defaults,prealloc,windows_names,nofail 0 2 
 + 
 +# End</code>
  
   sudo systemctl daemon-reload && sudo mount --all && sync   sudo systemctl daemon-reload && sudo mount --all && sync
  
 ===== Safe Unmount Externals ===== ===== Safe Unmount Externals =====
 +
 +  sudo zypper install 'udisks2'
  
   sudo udisksctl unmount --force --block-device='/dev/sdb'   sudo udisksctl unmount --force --block-device='/dev/sdb'
Line 126: Line 82:
 ===== chown ===== ===== chown =====
  
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas1' && sync+  sudo chown -'espionage724':'espionage724' '/srv/ftp/NAS1' && sync
  
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas2' && sync+  sudo chown -'espionage724':'espionage724' '/srv/ftp/NAS2' && sync
  
 ===== chmod ===== ===== chmod =====
  
-  * :?: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out +  sudo chmod -'0700' '/srv/ftp/NAS1' && sync
- +
-  sudo chmod --recursive '774' '/var/ftp/nas1' && sync +
- +
-  sudo chmod --recursive '774' '/var/ftp/nas2' && sync +
- +
-===== SELinux ===== +
- +
-  sudo restorecon -F -I -R '/var/ftp/nas1' && sync+
  
-  sudo restorecon -F -I -R '/var/ftp/nas2' && sync+  sudo chmod -R '0700' '/srv/ftp/NAS2' && sync
  
/usr/local/www/wiki/data/attic/servers/linux/vsftpd.1723586064.txt.gz · Last modified: by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki