vsftpd - Secure and fast FTP server ChangeLog

HOWTO


# vsftpd 3.0.5
# ============
# Slackware 13.37: vsftpd 2.3.4
# Slackware 14.0, 14.1: vsftpd 3.0.2
# Slackware 14.2: vsftpd 3.0.3
# Always check 'patches' for updates

# Prerequisites:
# tcp wrappers (optional)
# PAM (optional)
# OpenSSL (optional)

# 3.0.3 will not build with SSL enabled and OpenSSL >= 1.1.0 installed,
# after a quick look around, I did not come across a patch

# Get the source
cd
test -f installed/vsftpd-3.0.5.tar.gz && mv installed/vsftpd-3.0.5.tar.gz .
test ! -f vsftpd-3.0.5.tar.gz &&
wget https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz

# Verify tarball w/ sha256sum:
# (this came from my gpg-verified tarball)
echo "26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91\
d3  vsftpd-3.0.5.tar.gz" | sha256sum -c

# Verify tarball w/ gnupg:
# [ get old key from keyservers if you don't have it already, then new key,
#   verify new key with old key, then verify tarball ]
( gpg --list-keys 3C0E751C > /dev/null 2>&1 || gpg --recv-keys 3C0E751C ) &&
wget -nc https://security.appspot.com/downloads/scarybeasts_gmail_pubkey.gpg
test -s scarybeasts_gmail_pubkey.gpg &&
gpg --import scarybeasts_gmail_pubkey.gpg && rm scarybeasts_gmail_pubkey.gpg
wget -nc https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz.asc &&
gpg --verify vsftpd-3.0.5.tar.gz.asc && rm vsftpd-3.0.5.tar.gz.asc

# Extract the tarball
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1  -type d -name "vsftpd-*" -exec rm -r {} \;
tar xzvf ~/vsftpd-3.0.5.tar.gz
cd vsftpd-3.0.5
test $UID = 0 && chown -R root:root .

## If you have OpenSSL >= 1.1.0 installed, and you want to enable SSL for
## vsftpd, apply these three patches from Slackware64-current.  I did not
## check if these are 64-bit specific, so you may want to look in the regular
## Slackware-current if you are not 64-bit.
#wget -nc ftp://ftp.slackware.com/pub/slackware/slackware64-current/source/\
#n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch.gz &&
# zcat 0021-Introduce-support-for-DHE-based-cipher-suites.patch.gz |
#  patch -p1
#wget -nc ftp://ftp.slackware.com/pub/slackware/slackware64-current/source/\
#n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch.\
#gz &&
# zcat 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch.gz |
#  patch -p1
#wget -nc ftp://ftp.slackware.com/pub/slackware/slackware64-current/source/\
#n/vsftpd/vsftpd.link-with-openssl-1.1.diff.gz &&
# zcat vsftpd.link-with-openssl-1.1.diff.gz |
#  patch -p1

# Open up ./builddefs.h to enable or disable certain features that will be
# built in.  To enable the feature make sure it says 'define', to disable it
# make sure it says 'undef'.
# VSF_BUILD_TCPWRAPPERS = use TCP wrappers (/etc/hosts.allow, hosts.deny)
# VSF_BUILD_PAM = use PAM
# VSF_BUILD_SSL = use SSL (this will allow you to use ftp + SSL (ftps))

# If you use source-installed OpenSSL < 1.1.0 installed under the
# /usr/local/ssl prefix, and would like to update the LDFLAGS and CFLAGS
# that are in the Makefile with the location of your OpenSSL libraries and
# includes, here's a way of updating the Makefile.  If you want to see what
# it did, run this: diff -u Makefile.orig Makefile
LIBDIR=lib
test $(uname -m) = "x86_64" && LIBDIR=lib64
cp -a Makefile Makefile.orig
cat Makefile.orig | sed \
-e "s%^LDFLAGS\t=\t%LDFLAGS\t=\t-L/usr/local/ssl/${LIBDIR} %" \
-e "s%^CFLAGS\t=\t%CFLAGS\t=\t-I/usr/local/ssl/include %" > Makefile
unset LIBDIR

# See README.ssl for more
#
# If you do build in SSL support, and will actually be using it - you need
# to use ssl_enable=YES in vsftpd.conf also.
#
# The hard-set default path that it will look for the certificate is
# /usr/share/ssl/certs/vsftpd.pem
# You can create that location if it does not exist,
# put a symlink in there, or change it in tunables.c before you build it
# (and vsftpd.conf.5 if you want the man page to match)
# ...or just use 'rsa_cert_file' in vsftpd.conf

# Build it
make

# Become root to install and configure it
su

# Back up your existing configuration file, if there is one:
test -f /etc/vsftpd.conf &&
( mkdir -p -m 0700 ~/backup
   cp --preserve=timestamps /etc/vsftpd.conf \
    ~/backup/vsftpd.conf-$(date +%Y%m%d)
   chmod 600 ~/backup/vsftpd.conf-$(date +%Y%m%d) )

# Remove the Slackware package, if there is one
test -x /sbin/removepkg && /sbin/removepkg vsftpd

# Rather than 'make install' which would put everything under the /usr/local
# prefix, run 'install' (or cp if you prefer) for each item:
install -m 755 -s vsftpd /usr/sbin/vsftpd
install -m 644 -p vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5
install -m 644 -p vsftpd.8 /usr/man/man8/vsftpd.8

# You can go with the default user "nobody", but I like to create
# a user just for vsftpd (because so many other things use nobody).  If you
# do decide to do this too, add "nopriv_user: vsftpd" to your vsftpd.conf
getent group | egrep "^vsftpd:" > /dev/null || groupadd vsftpd
id vsftpd > /dev/null 2>&1 ||
useradd -d /home/ftp -s /bin/false -g vsftpd vsftpd

# Create the directory that the chroot will use, if you set it to use one:
# (Slackware already has a /var/empty too...)
mkdir -p /usr/share/empty

# Set up the anonymous ftp directory, if you're going to have anonymous
# ftp.  You don't have to use uid 14 and gid 50 for the user and group, I
# just put that here so I don't have mismatched uid and gid numbers on
# different servers.  If you already have an ftp user and you decide to go
# with the /home/blahblah/ftp directory, make sure you change the ftp
# user's home directory to that.
mkdir -p /home/ftp
chown root:root /home/ftp
chmod 755 /home/ftp
getent group | egrep "^ftp:" > /dev/null || groupadd -g 50 ftp
id ftp > /dev/null 2>&1 || useradd -d /home/ftp -g ftp -u 14 ftp

# If you compiled-in PAM support, create a /etc/pam.d/ftp (or an ftp section
# of /etc/pam.conf).  If you use pam_ldap you can get a sample from it's
# source (./pam.d/ftp).  You'll find an example in the Linux-PAM source in
# conf/pam.conf  You can get a sample intended for use with RedHat from the
# vsftpd source:
test -d /etc/pam.d && test ! -e /etc/pam.d/ftp &&
cp RedHat/vsftpd.pam /etc/pam.d/ftp

# Install the example configuration file:
test ! -e /etc/vsftpd.conf && cp vsftpd.conf /etc/
chown root:root /etc/vsftpd.conf
chmod 600 /etc/vsftpd.conf

# If you want to keep a full un-modified example config:
install -m 600 -p vsftpd.conf /etc/vsftpd.conf.dist

# If you compiled-in SSL support and would like to enable it, read through
# ./README.ssl, and read through 'man vsftpd.conf' for info about the
# SSL-related configuration items like ssl_enable, rsa_cert_file, and so on.
# You will at least need to specify "ssl_enable=YES" and specify the full
# path to a PEM-format certificate for vsftpd to use configured as
# "rsa_cert_file=/wherever/you/put/it/vsftpd.pem"

## Here is a sample configuration that I have set up on one FTP server that
## runs as anonymous-only with no uploads, no passive.  vsftpd runs as the
# 'vsftpd' user, the anonymous ftp tree is the ftp user's home directory
## (/home/ftp).  vsftpd runs standalone (not via inetd).  Here it is:
# background=YES
# connect_from_port_20=YES
# dirmessage_enable=YES
# hide_ids=YES
# listen=YES
# syslog_enable=YES
# delay_failed_login=3
# max_clients=3
# max_per_ip=2
# nopriv_user=vsftpd
# tcp_wrappers=YES
# log_ftp_protocol=YES
# pasv_enable=NO

# (re-)start vsftpd:
killall vsftpd
sleep 1
test -x /usr/sbin/vsftpd && /usr/sbin/vsftpd
test -x /usr/local/sbin/vsftpd && /usr/local/sbin/vsftpd

## Set something like this in /etc/rc.d/rc.local to start vsftpd on boot-up:
# if [ -x /usr/sbin/vsftpd ]; then
#   echo "Starting vsftpd..."
#   /usr/sbin/vsftpd
# fi

# If you have the logrotate /etc/logrotate.d/ directory set up (if you have
# a recent version of Slackware, you should), this will handle rotating
# vsftpd.log, if it exists:
cat <<EOF > /etc/logrotate.d/vsftpd
/var/log/vsftpd.log {
    daily
    rotate 6
    copytruncate
    nocompress
    missingok
}
EOF
chmod 600 /etc/logrotate.d/vsftpd

# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .

# Become yourself again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/vsftpd-*.tar.*
mv vsftpd-3.0.5.tar.gz installed/


# If you ever want to uninstall vsftpd, this should do it:
su
killall vsftpd
rm -f /etc/vsftpd.conf* /etc/logrotate.d/vsftpd /usr/sbin/vsftpd \
/usr/man/man5/vsftpd.conf.5 /usr/man/man8/vsftpd.8
exit
find ~/src -maxdepth 1 -type d -name "vsftpd-*" -exec rm -r {} \;
rm -f ~/installed/vsftpd-*.tar.*

List of HOWTOs

Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2021-09-14 1:23am
Copyright © 2001-2024 Jason Englander. All Rights reserved.
[HTML5]