RoE | Wiki

User Tools

Site Tools

Trace:
servers:vsftpd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
servers:vsftpd [2023/06/15 15:56] – old revision restored (2022/12/18 10:21) Sean Rhoneservers:vsftpd [2023/09/09 15:53] Sean Rhone
Line 5: Line 5:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[distros:fedora_workstation_gnome|Fedora]] ((notes link to Workstation, but this can be done on Server))+  * [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]]
  
 ====== Dependencies ====== ====== Dependencies ======
Line 11: Line 11:
 **** ****
  
-  sudo dnf install 'vsftpd'+  sudo zypper install 'vsftpd'
  
 ====== Firewall ====== ====== Firewall ======
  
-  * See [[distros:opensuse_tumbleweed_server#firewalld|firewalld]] +  * See [[notes:misc_linux#firewalld|firewalld]]
-  * TODO: Update firewall link above to Fedora+
  
-  sudo firewall-cmd --add-service='ftp' --permanent && sudo firewall-cmd --reload+  * 20/tcp 
 +  * 21/tcp 
 +  * PASV: 30000-30100/tcp
  
-====== SELinux ======+<code>sudo firewall-cmd --add-service='vsftpd' --permanent && sudo firewall-cmd --reload</code>
  
-  * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-file_transfer_protocol-booleans +===== Custom =====
-  * https://hostodo.com/portal/knowledgebase/25/Setup-vsftp-with-SELinux.html +
- +
-  sudo setsebool -P 'ftpd_full_access' 'on' +
- +
-  sudo setsebool -P 'ftpd_use_passive_mode' 'on' +
- +
-  mkdir -p ~/'policies' && cd ~/'policies' && sudo grep 'vsftp' '/var/log/audit/audit.log' | sudo audit2allow -M 'vsftp' && sudo semodule -i 'vsftp.pp' && cd ~ +
- +
-===== Verify =====+
  
 **** ****
  
-  getsebool -a | grep 'ftp'+<code>sudo firewall-cmd --add-port='20/tcp--permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='30000-30100/tcp' --permanent && sudo firewall-cmd --reload</code>
  
 ====== Service ====== ====== Service ======
Line 47: Line 39:
 ===== General ===== ===== General =====
  
-  * For ''local_root'', even though ''nas1'' is used more frequently, Kodi clients are configured to start from the actual ftp root in order to go into the ''nas2'' folder for media +  sudo -e '/etc/vsftpd.conf&& sudo systemctl restart 'vsftpd'
-  * To make ''nas1'' convenient, set the root folder from FileZilla+
  
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'+<code> 
 +write_enable=YES</code>
  
 <code> <code>
 # Custom # Custom
-local_root=/var/ftp+pasv_enable=YES 
 +local_root=/srv/ftp
 force_dot_files=YES</code> force_dot_files=YES</code>
  
Line 105: Line 98:
   * :!: This expects 1 drive each with a XFS partition   * :!: This expects 1 drive each with a XFS partition
  
-  sudo mkdir -p '/var/ftp/nas1' '/var/ftp/nas2' && sudo -e '/etc/fstab'+  sudo mkdir -p '/srv/ftp/nas1' '/srv/ftp/nas2' '/srv/ftp/internal' && sudo -e '/etc/fstab'
  
 <code> <code>
 # NAS # NAS
-PARTUUID=x /var/ftp/nas1 xfs defaults 0 2 +PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2 
-PARTUUID=x /var/ftp/nas2 xfs defaults 0 2</code>+PARTUUID=x /srv/ftp/nas2 xfs defaults 0 2</code>
  
-  sudo mount --all+  sudo systemctl daemon-reload && sudo mount --all && sync 
 + 
 +===== Safe Unmount Externals ===== 
 + 
 +  * :!: TODO: See if there's another command that has less dependencies than ''udisks2'' on openSUSE TW 
 + 
 +  sudo udisksctl unmount --force --block-device='/dev/sdb' 
 + 
 +  sudo udisksctl power-off --block-device='/dev/sdb'
  
 ====== Permissions ====== ====== Permissions ======
Line 118: Line 119:
 ===== chown ===== ===== chown =====
  
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas1' && sync+  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync
  
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas2' && sync+  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas2' && sync 
 + 
 +  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/internal' && sync
  
 ===== chmod ===== ===== chmod =====
Line 126: Line 129:
   * :!: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out   * :!: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out
  
-  sudo chmod --recursive '774' '/var/ftp/nas1' && sync +  sudo chmod --recursive '774' '/srv/ftp/nas1' && sync
- +
-  sudo chmod --recursive '774' '/var/ftp/nas2' && sync +
- +
-===== SELinux =====+
  
-  sudo restorecon --I -R '/var/ftp/nas1' && sync+  sudo chmod --recursive '774' '/srv/ftp/nas2' && sync
  
-  sudo restorecon --I -R '/var/ftp/nas2' && sync+  sudo chmod --recursive '774' '/srv/ftp/internal' && sync
  
/var/www/wiki/data/pages/servers/vsftpd.txt · Last modified: 2023/09/09 15:55 by Sean Rhone