2015-07-27 16:36:02 +02:00
|
|
|
vsftpd
|
|
|
|
======
|
|
|
|
|
2016-01-31 17:04:20 +02:00
|
|
|
[vsftpd][1] is a GPL licensed FTP server for UNIX systems, including Linux.
|
2015-07-27 16:36:02 +02:00
|
|
|
It is secure and extremely fast. It is stable. Don't take my word for it, though.
|
2016-01-31 17:04:20 +02:00
|
|
|
|
2016-01-31 18:37:18 +02:00
|
|
|
## Directory Tree
|
|
|
|
|
|
|
|
```
|
|
|
|
~/fig/vsftpd/
|
|
|
|
├── docker-compose.yml
|
|
|
|
├── ftp/
|
2016-02-03 14:26:26 +02:00
|
|
|
│ └── README
|
2016-02-02 19:25:42 +02:00
|
|
|
├── pam.d/
|
|
|
|
│ └── vsftpd => For Virutal User
|
2016-01-31 18:37:18 +02:00
|
|
|
└── vsftpd/
|
2016-02-02 20:07:27 +02:00
|
|
|
├── passwd => For Virtual User
|
2016-01-31 18:37:18 +02:00
|
|
|
├── vsftpd.conf
|
2016-02-02 19:25:42 +02:00
|
|
|
└── vsftpd.pem => For SSL
|
2016-01-31 18:37:18 +02:00
|
|
|
```
|
|
|
|
|
2016-02-02 20:07:27 +02:00
|
|
|
## vsftpd/vsftpd.conf
|
2016-01-31 18:37:18 +02:00
|
|
|
|
|
|
|
```bash
|
2016-02-02 19:25:42 +02:00
|
|
|
# DEFAULT SETTINGS
|
2016-01-31 18:37:18 +02:00
|
|
|
allow_writeable_chroot=YES
|
|
|
|
anonymous_enable=YES
|
|
|
|
chroot_local_user=YES
|
|
|
|
connect_from_port_20=YES
|
|
|
|
dirmessage_enable=YES
|
|
|
|
ftpd_banner=Welcome to VSFTPD service.
|
|
|
|
listen=YES
|
|
|
|
local_enable=YES
|
2016-01-31 19:53:38 +02:00
|
|
|
no_anon_password=YES
|
2016-01-31 18:37:18 +02:00
|
|
|
pasv_addr_resolve=YES
|
2016-02-02 20:07:27 +02:00
|
|
|
pasv_address=my-ftp-server # <== PLEASE CHANGE THIS
|
2016-01-31 18:37:18 +02:00
|
|
|
pasv_enable=YES
|
|
|
|
pasv_max_port=30010
|
|
|
|
pasv_min_port=30000
|
|
|
|
port_enable=YES
|
|
|
|
seccomp_sandbox=NO
|
|
|
|
write_enable=YES
|
|
|
|
xferlog_enable=YES
|
2016-02-02 19:25:42 +02:00
|
|
|
|
|
|
|
# VIRTUAL USER SETTINGS
|
|
|
|
#guest_enable=YES
|
|
|
|
#guest_username=virtual
|
|
|
|
#local_root=/home/virtual/$USER
|
|
|
|
#pam_service_name=vsftpd
|
|
|
|
#user_sub_token=$USER
|
|
|
|
#virtual_use_local_privs=YES
|
|
|
|
|
|
|
|
# SSL SETTINGS
|
|
|
|
#force_local_data_ssl=YES
|
|
|
|
#force_local_logins_ssl=YES
|
|
|
|
#rsa_cert_file=/etc/vsftpd/vsftpd.pem
|
|
|
|
#rsa_private_key_file=/etc/vsftpd/vsftpd.pem
|
|
|
|
#ssl_enable=YES
|
2016-01-31 18:37:18 +02:00
|
|
|
```
|
|
|
|
|
2016-02-02 19:25:42 +02:00
|
|
|
> Please set `pasv_address` to your ftp server.
|
2016-01-31 18:37:18 +02:00
|
|
|
|
2016-02-02 20:07:27 +02:00
|
|
|
## pam.d/vsftpd
|
|
|
|
|
|
|
|
```
|
|
|
|
auth required pam_pwdfile.so pwdfile=/etc/vsftpd/passwd
|
|
|
|
account required pam_permit.so
|
|
|
|
```
|
|
|
|
|
2016-01-31 17:04:20 +02:00
|
|
|
## docker-compose.yml
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
vsftpd:
|
|
|
|
image: vimagick/vsftpd
|
2016-02-02 19:25:42 +02:00
|
|
|
net: host
|
|
|
|
# ports:
|
|
|
|
# - "20:20"
|
|
|
|
# - "21:21"
|
|
|
|
# - "30000-30010:30000-30010"
|
2016-01-31 17:04:20 +02:00
|
|
|
volumes:
|
2016-01-31 18:37:18 +02:00
|
|
|
- ./vsftpd:/etc/vsftpd
|
2016-01-31 17:04:20 +02:00
|
|
|
- ./ftp:/var/lib/ftp
|
2016-02-02 19:25:42 +02:00
|
|
|
# - ./pam.d/vsftpd:/etc/pam.d/vsftpd
|
|
|
|
# - ./virtual:/home/virtual
|
2016-01-31 17:04:20 +02:00
|
|
|
privileged: true
|
|
|
|
restart: always
|
|
|
|
```
|
|
|
|
|
2016-02-02 19:25:42 +02:00
|
|
|
> You can use `ports` instead of `net: host`.
|
2016-01-31 18:37:18 +02:00
|
|
|
> Make sure these ports are allowed by firewall.
|
|
|
|
|
2016-01-31 17:04:20 +02:00
|
|
|
## Server
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ cd ~/fig/vsftpd/
|
2016-01-31 18:37:18 +02:00
|
|
|
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vsftpd/vsftpd.pem -out vsftpd/vsftpd.pem
|
2016-02-03 14:26:26 +02:00
|
|
|
$ echo "tom:$(openssl passwd -1 uzia9Tu6)" >> vsftpd/passwd
|
|
|
|
$ echo "ftp's home" > ./ftp/README
|
2016-02-02 20:07:27 +02:00
|
|
|
$ docker-compose up -d
|
2016-01-31 17:04:20 +02:00
|
|
|
$ docker exec -it vsftpd_vsftpd_1 sh
|
|
|
|
>>>
|
|
|
|
>>> adduser kev
|
|
|
|
Changing password for kev
|
|
|
|
New password: ******
|
|
|
|
Retype password: ******
|
|
|
|
Password for kev changed by root
|
2016-02-03 14:26:26 +02:00
|
|
|
>>> echo "kev's home" > ~kev/README
|
2016-01-31 17:04:20 +02:00
|
|
|
>>>
|
2016-02-03 14:26:26 +02:00
|
|
|
>>> mkdir ~virtual/tom
|
|
|
|
>>> echo "tom's home" > ~virtual/tom/README
|
|
|
|
>>> chown -R virutal:virtual ~virtual
|
2016-02-02 19:25:42 +02:00
|
|
|
>>>
|
2016-01-31 17:04:20 +02:00
|
|
|
>>> exit
|
|
|
|
```
|
|
|
|
|
2016-02-02 20:07:27 +02:00
|
|
|
> I added a local user called `kev`, a virtual user called `tom` here.
|
2016-01-31 18:37:18 +02:00
|
|
|
> You can edit [/etc/vsftpd/vsftpd.conf][2] to enable more [functions][3].
|
2016-01-31 17:04:20 +02:00
|
|
|
|
|
|
|
## Client
|
|
|
|
|
2016-02-02 19:25:42 +02:00
|
|
|
You can login as `kev`(local user), `tom`(virtual user) or `ftp`(anonymous user).
|
2016-01-31 17:04:20 +02:00
|
|
|
|
|
|
|
```bash
|
|
|
|
$ ftp my-ftp-server
|
|
|
|
Connected to my-ftp-server.
|
|
|
|
220 Welcome to VSFTPD service.
|
|
|
|
Name (my-ftp-server:kev): ftp
|
|
|
|
230 Login successful.
|
|
|
|
Remote system type is UNIX.
|
|
|
|
Using binary mode to transfer files.
|
|
|
|
|
|
|
|
ftp> verbose off
|
|
|
|
Verbose mode off.
|
|
|
|
|
|
|
|
ftp> ls
|
|
|
|
-rw-r--r-- 1 0 0 0 Jan 31 15:06 README.md
|
|
|
|
|
|
|
|
ftp> get README.md
|
|
|
|
0 0.00 KiB/s
|
|
|
|
|
|
|
|
ftp> !cat README.md
|
|
|
|
|
|
|
|
ftp> put README.md
|
|
|
|
Permission denied.
|
|
|
|
|
|
|
|
ftp> bye
|
|
|
|
```
|
|
|
|
|
2016-02-02 19:25:42 +02:00
|
|
|
Only local user or virtual user can upload file.
|
2016-01-31 18:37:18 +02:00
|
|
|
|
|
|
|
```bash
|
|
|
|
$ lftp
|
|
|
|
lftp :~> set ssl:verify-certificate no
|
2016-02-02 20:07:27 +02:00
|
|
|
lftp :~> open tom@my-ftp-server
|
2016-01-31 18:37:18 +02:00
|
|
|
Password: ******
|
|
|
|
lftp root@my-ftp-server:~> put README.md
|
|
|
|
lftp root@my-ftp-server:~> ls
|
|
|
|
-rw------- 1 0 0 337 Jan 31 16:26 README.md
|
|
|
|
lftp root@my-ftp-server:~> bye
|
|
|
|
```
|
2016-01-31 17:04:20 +02:00
|
|
|
|
|
|
|
[1]: https://security.appspot.com/vsftpd.html
|
2016-01-31 18:37:18 +02:00
|
|
|
[2]: http://vsftpd.beasts.org/vsftpd_conf.html
|
|
|
|
[3]: https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon
|
2016-02-02 20:07:27 +02:00
|
|
|
[4]: https://github.com/tiwe-de/libpam-pwdfile
|
|
|
|
[5]: http://linux.die.net/man/8/pam_listfile
|