User Tools

Site Tools


servers:vsftpd

Information

  • vsftpd 1)

Prerequisites

Dependencies

sudo zypper install 'vsftpd'

Firewall

  • 20/tcp
  • 21/tcp
  • PASV: 30000-30100/tcp
sudo firewall-cmd --add-service='vsftpd' --permanent && sudo firewall-cmd --reload

Custom

sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='30000-30100/tcp' --permanent && sudo firewall-cmd --reload

Service

sudo systemctl enable 'vsftpd' --now

Settings

General

sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'
write_enable=YES
# Custom
pasv_enable=YES
local_root=/srv/ftp
force_dot_files=YES

Encryption Support

Generate Certs

  • Country: US
  • State: PA
  • Locality: Charleroi
  • Org Name: Realm of Espionage
  • Org Unit: NAS
  • YOUR Name: x
  • Email: x
sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'

Enable Encryption

  • :!: ssl_ciphers can be set to HIGH or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit 2)
sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=YES

ssl_ciphers=AES128-SHA
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem

fstab

PARTUUID

  • :!: Be sure to get the PARTUUID towards the end of the line, and not UUID
sudo blkid

fstab

  • :!: Change the x in PARTLABEL=
  • :!: This expects 1 drive each with a XFS partition
sudo mkdir -p '/srv/ftp/nas1' '/srv/ftp/nas2' '/srv/ftp/internal' && sudo -e '/etc/fstab'
# NAS
PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2
PARTUUID=x /srv/ftp/nas2 xfs defaults 0 2
sudo systemctl daemon-reload && sudo mount --all && sync

Safe Unmount Externals

  • :!: TODO: See if there's another command that has less dependencies than udisks2 on openSUSE TW
sudo udisksctl unmount --force --block-device='/dev/sdb'
sudo udisksctl power-off --block-device='/dev/sdb'

Permissions

chown

sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync
sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas2' && sync
sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/internal' && sync

chmod

  • :!: 664 makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out
sudo chmod --recursive '774' '/srv/ftp/nas1' && sync
sudo chmod --recursive '774' '/srv/ftp/nas2' && sync
sudo chmod --recursive '774' '/srv/ftp/internal' && sync

IPTV

2)
specifically on Oak with a Phenom II X4, HIGH caps around 60-70MB/s, whereas AES128-SHA is 70-80MB/s, and no encryption is 100-110MB/s
/var/www/wiki/data/pages/servers/vsftpd.txt · Last modified: 2023/09/09 15:55 by Sean Rhone