1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-11-24 08:52:31 +02:00
dockerfiles/vsftpd/README.md
2016-02-03 21:10:58 +08:00

3.6 KiB

vsftpd

vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though.

Directory Tree

~/fig/vsftpd/
├── docker-compose.yml
├── ftp/
│   └── README
├── pam.d/
│   └── vsftpd          => For Virutal User
└── vsftpd/
    ├── passwd          => For Virtual User
    ├── vsftpd.conf
    └── vsftpd.pem      => For SSL

vsftpd/vsftpd.conf

# DEFAULT SETTINGS
allow_writeable_chroot=YES
anonymous_enable=YES
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
ftpd_banner=Welcome to VSFTPD service.
listen=YES
local_enable=YES
no_anon_password=YES
pasv_addr_resolve=YES
pasv_address=my-ftp-server # <== PLEASE CHANGE THIS
pasv_enable=YES
pasv_max_port=30010
pasv_min_port=30000
port_enable=YES
seccomp_sandbox=NO
write_enable=YES
xferlog_enable=YES

# VIRTUAL USER SETTINGS
#guest_enable=YES
#guest_username=virtual
#local_root=/home/virtual/$USER
#pam_service_name=vsftpd
#user_sub_token=$USER
#virtual_use_local_privs=YES

# SSL SETTINGS
#force_local_data_ssl=YES
#force_local_logins_ssl=YES
#rsa_cert_file=/etc/vsftpd/vsftpd.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd.pem
#ssl_enable=YES

Please set pasv_address to your ftp server.

pam.d/vsftpd

auth required pam_pwdfile.so pwdfile=/etc/vsftpd/passwd
account required pam_permit.so

docker-compose.yml

vsftpd:
  image: vimagick/vsftpd
  net: host
# ports:
#   - "20:20"
#   - "21:21"
#   - "30000-30010:30000-30010"
  volumes:
    - ./vsftpd:/etc/vsftpd
    - ./ftp:/var/lib/ftp
#   - ./pam.d/vsftpd:/etc/pam.d/vsftpd
#   - ./virtual:/home/virtual
  privileged: true
  restart: always

You can use ports instead of net: host. Make sure these ports are allowed by firewall.

Server

$ cd ~/fig/vsftpd/
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vsftpd/vsftpd.pem -out vsftpd/vsftpd.pem
$ echo "tom:$(openssl passwd -1 uzia9Tu6)" >> vsftpd/passwd
$ echo "ftp's home" > ./ftp/README
$ docker-compose up -d
$ docker exec -it vsftpd_vsftpd_1 sh
>>>
>>> adduser kev
Changing password for kev
New password: ******
Retype password: ******
Password for kev changed by root
>>> echo "kev's home" > ~kev/README
>>>
>>> mkdir ~virtual/tom
>>> echo "tom's home" > ~virtual/tom/README
>>> chown -R virutal:virtual ~virtual
>>>
>>> exit

I added a local user called kev, a virtual user called tom here.
You can edit /etc/vsftpd/vsftpd.conf to enable more functions.

Client

You can login as kev(local user), tom(virtual user) or ftp(anonymous user).

$ ftp my-ftp-server
Connected to my-ftp-server.
220 Welcome to VSFTPD service.
Name (my-ftp-server:kev): ftp
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

ftp> verbose off
Verbose mode off.

ftp> ls
-rw-r--r--    1 0        0               0 Jan 31 15:06 README.md

ftp> get README.md
     0        0.00 KiB/s

ftp> !cat README.md

ftp> put README.md
Permission denied.

ftp> bye

Only local user or virtual user can upload file.

$ lftp
lftp :~> set ssl:verify-certificate no
lftp :~> open tom@my-ftp-server
Password: ******
lftp root@my-ftp-server:~> put README.md
lftp root@my-ftp-server:~> ls
-rw-------    1 0        0             337 Jan 31 16:26 README.md
lftp root@my-ftp-server:~> bye