Differences

This shows you the differences between two versions of the page.

--- servers:linux:vsftpd [2024/10/19 22:07] – [fstab] Sean Rhone
+++ servers:linux:vsftpd [2025/09/11 21:45] (current) – Sean Rhone
@@ Line 1: / Line 1: @@
 ====== Information ======
-  * vsftpd ((https://security.appspot.com/vsftpd.html))
+  * vsftpd
+  * FTP server
 ===== Prerequisites =====
-  * [[linux;distros;server;fedora_server|Fedora Server]]
+  * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
 ====== Dependencies ======
@@ Line 11: / Line 12: @@
 ****
-  sudo dnf install 'vsftpd'
+  sudo zypper install 'vsftpd'
 ====== Firewall ======
-  * See [[linux;notes;misc#firewalld|firewalld]]
-  * 20/tcp
-  * 21/tcp
-  * PASV: 40000-50000/tcp
-  sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='40000-50000/tcp' --permanent && sudo firewall-cmd --reload
-====== SELinux ======
-  * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-file_transfer_protocol-booleans
-  * https://hostodo.com/portal/knowledgebase/25/Setup-vsftp-with-SELinux.html
-  sudo setsebool -P 'ftpd_full_access' 'on'
-  sudo setsebool -P 'ftpd_use_passive_mode' 'on'
-  sudo grep "SELinux is preventing" /var/log/messages > k.txt
-===== Verify =====
 ****
-  getsebool -a | grep 'ftp'
+  sudo firewall-cmd --add-service='vsftpd' --permanent && sudo firewall-cmd --reload
 ====== Service ======
@@ Line 50: / Line 30: @@
 ===== General =====
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
+  sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'
 <code>
 # Custom
+anonymous_enable=NO
+write_enable=YES
+listen=YES
+listen_ipv6=NO
 pasv_enable=YES
-pasv_max_port=50000
+local_root=/srv/ftp/NAS1
-pasv_min_port=40000
+force_dot_files=YES
-local_root=/var/ftp
-force_dot_files=YES</code>
-===== Encryption Support =====
+# End</code>
-==== Generate Certs ====
+====== fstab ======
-  * Country: US
+  * [[linux:notes:disk_format_filesystems|Different FS Formats]]
-  * State: PA
+  * [[linux:notes:rsync_nas|rsync]]
-  * Locality: Charleroi
-  * Org Name: Realm of Espionage
-  * Org Unit: NAS
-  * YOUR Name: x
-  * Email: x
-  sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'
-==== Enable Encryption ====
-  * :!: ''ssl_ciphers'' can be set to ''HIGH'' or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ((specifically on Oak with a Phenom II X4, ''HIGH'' caps around 60-70MB/s, whereas ''AES128-SHA'' is 70-80MB/s, and no encryption is 100-110MB/s))
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
-<code>
-ssl_enable=YES
-allow_anon_ssl=NO
-force_local_data_ssl=YES
-force_local_logins_ssl=YES
-require_ssl_reuse=YES
-ssl_ciphers=AES128-SHA
-ssl_tlsv1=YES
-ssl_sslv2=NO
-ssl_sslv3=NO
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-rsa_private_key_file=/etc/ssl/certs/vsftpd.pem</code>
-====== fstab ======
 ===== UUID =====
@@ Line 105: / Line 57: @@
 ===== fstab =====
-  sudo mkdir -p '/var/ftp/nas1' && sudo -e '/etc/fstab'
+  sudo mkdir -p '/srv/ftp/NAS1' && sudo -e '/etc/fstab'
-  sudo mkdir -p '/var/ftp/nas1' '/var/ftp/nas2' && sudo -e '/etc/fstab'
+  sudo mkdir -p '/srv/ftp/NAS1' '/srv/ftp/NAS2' && sudo -e '/etc/fstab'
 <code>
 # NAS
-PARTUUID=x /var/ftp/nas1 ext4 defaults,nofail 0 2
+UUID=x /srv/ftp/NAS1 xfs defaults,nofail 0 2
-UUID=x /var/ftp/nas2 ntfs defaults,prealloc,windows_names,nofail 0 2</code>
+#UUID=x /srv/ftp/NAS2 ntfs defaults,prealloc,windows_names,nofail 0 2
+# End</code>
   sudo systemctl daemon-reload && sudo mount --all && sync
 ===== Safe Unmount Externals =====
+  sudo zypper install 'udisks2'
   sudo udisksctl unmount --force --block-device='/dev/sdb'
@@ Line 126: / Line 82: @@
 ===== chown =====
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas1' && sync
+  sudo chown -R 'espionage724':'espionage724' '/srv/ftp/NAS1' && sync
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas2' && sync
+  sudo chown -R 'espionage724':'espionage724' '/srv/ftp/NAS2' && sync
 ===== chmod =====
-  sudo chmod --recursive '774' '/var/ftp/nas1' && sync
+  sudo chmod -R '0700' '/srv/ftp/NAS1' && sync
-  sudo chmod --recursive '774' '/var/ftp/nas2' && sync
-===== SELinux =====
-  sudo restorecon -F -I -R '/var/ftp/nas1' && sync
-  sudo restorecon -F -I -R '/var/ftp/nas2' && sync
+  sudo chmod -R '0700' '/srv/ftp/NAS2' && sync