glfs/server/major/vsftpd.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

    <!-- Inserted as a reminder to do this. The mention of a test suite
         is usually right before the root user installation commands. Please
         delete these 12 (including one blank) lines after you are done.-->

    <!-- Use one of the two mentions below about a test suite,
         delete the line that is not applicable. Of course, if the
         test suite uses syntax other than "make check", revise the
         line to reflect the actual syntax to run the test suite -->

    <!-- <para>This package does not come with a test suite.</para> -->
    <!-- <para>To test the results, issue: <command>make check</command>.</para> -->

  <!ENTITY vsftpd-download-http " ">
  <!ENTITY vsftpd-download-ftp  "ftp://vsftpd.beasts.org/users/cevans/vsftpd-&vsftpd-version;.tar.gz">
  <!ENTITY vsftpd-md5sum        "c0bf8c7b8e15ab15827172786fc56115">
  <!ENTITY vsftpd-size          "152 KB">
  <!ENTITY vsftpd-buildsize     "1.4 MB">
  <!ENTITY vsftpd-time          "less than 0.1 SBU">
]>

<sect1 id="vsftpd" xreflabel="vsftpd-&vsftpd-version;">
  <?dbhtml filename="vsftpd.html"?>

  <sect1info>
    <othername>$LastChangedBy$</othername>
    <date>$Date$</date>
  </sect1info>

  <title>vsftpd-&vsftpd-version;</title>

  <indexterm zone="vsftpd">
    <primary sortas="a-vsftpd">vsftpd</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to vsftpd</title>

    <para>The <application>vsftpd</application> package contains a very
    secure and very small FTP daemon. This is useful for serving files
    over a network.</para>

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>Download (HTTP): <ulink url="&vsftpd-download-http;"/></para>
      </listitem>
      <listitem>
        <para>Download (FTP): <ulink url="&vsftpd-download-ftp;"/></para>
      </listitem>
      <listitem>
        <para>Download MD5 sum: &vsftpd-md5sum;</para>
      </listitem>
      <listitem>
        <para>Download size: &vsftpd-size;</para>
      </listitem>
      <listitem>
        <para>Estimated disk space required: &vsftpd-buildsize;</para>
      </listitem>
      <listitem>
        <para>Estimated build time: &vsftpd-time;</para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">vsftpd Dependencies</bridgehead>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional"><xref linkend="linux-pam"/>,
    <xref linkend="openssl"/>, and
    <xref linkend="tcpwrappers"/></para>

    <para condition="html" role="usernotes">User Notes:
    <ulink url="&blfs-wiki;/vsftpd"/></para>

  </sect2>

  <sect2 role="installation">
    <title>Installation of vsftpd</title>

    <para>For security reasons, running <application>vsftpd</application>
    as an unprivileged user and group is encouraged. Also, a user should be
    created to map anonymous users. As the <systemitem
    class="username">root</systemitem> user, create the needed directories,
    users, and groups with the following commands:</para>

<screen role="root"><userinput>install -v -d -m 0755 /var/ftp/empty &amp;&amp;
install -v -d -m 0755 /home/ftp &amp;&amp;
groupadd -g 47 vsftpd &amp;&amp;
useradd -d /dev/null -c "vsftpd User" -g vsftpd -s /bin/false \
        -u 47 vsftpd &amp;&amp;
groupadd -g 45 ftp &amp;&amp;
useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp</userinput></screen>

    <para>Build <application>vsftpd</application> as an unprivileged user
    using the following command:</para>

<screen><userinput>make</userinput></screen>

    <para>Once again, become the <systemitem class="username">root</systemitem>
    user and install <application>vsftpd</application> with the following
    commands:</para>

<screen><userinput>install -v -m 755 vsftpd /usr/sbin/vsftpd &amp;&amp;
install -v -m 644 vsftpd.8 /usr/share/man/man8 &amp;&amp;
install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &amp;&amp;
install -v -m 644 vsftpd.conf /etc</userinput></screen>

  </sect2>

  <sect2 role="commands">
    <title>Command Explanations</title>

    <para><command>install -v -d ...</command>: This creates the
    directory that anonymous users will use (<filename
    class='directory'>/home/ftp</filename>)
    and the directory the daemon will chroot into
    (<filename class='directory'>/var/ftp/empty</filename>).</para>

    <note>
      <para><filename class="directory">/home/ftp</filename> should not be
      owned by the user <systemitem class="username">vsftpd</systemitem>,
      or the user <systemitem class="username">ftp</systemitem>.</para>
    </note>

    <para><command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>:
    Use this prior to <command>make</command> to add support for
    <application>tcpwrappers</application>.</para>

    <para><command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>:
    Use this prior to <command>make</command> to add support for SSL.</para>

    <para><command>install -v -m ...</command>:
    The <filename>Makefile</filename> uses non-standard installation paths.
    These commands install the files in
    <filename class='directory'>/usr</filename> and
    <filename class='directory'>/etc</filename>.</para>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring vsftpd</title>

    <sect3 id="vsftpd-config">
      <title>Config Files</title>

      <para><filename>/etc/vsftpd.conf</filename></para>

      <indexterm zone="vsftpd vsftpd-config">
        <primary sortas="e-etc-vsftpd.conf">/etc/vsftpd.conf</primary>
      </indexterm>

    </sect3>

    <sect3>
      <title>Configuration Information</title>

      <para><application>vsftpd</application> comes with a basic
      anonymous-only configuration file that was copied to
      <filename class='directory'>/etc</filename> above. While still as
      <systemitem class="username">root</systemitem>, this file should be
      modified because it is now recommended to run <command>vsftpd</command>
      in standalone mode as opposed to
      <command>inetd</command>/<command>xinetd</command> mode. Also, you
      should specify the privilege separation user created above. Finally,
      you should specify the <command>chroot</command> directory.
      <command>man vsftpd.conf</command> will give you all the details.</para>

<screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<literal>background=YES
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty</literal>
EOF</userinput></screen>

    </sect3>

    <sect3  id="vsftpd-init">
      <title>Boot Script</title>

      <para>Install the <filename>/etc/rc.d/init.d/vsftpd</filename>
      init script included in the
      <xref linkend="bootscripts"/> package.</para>

<screen role="root"><userinput>make install-vsftpd</userinput></screen>

    </sect3>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Program</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>vsftpd</seg>
        <seg>None</seg>
        <seg>/var/ftp, /var/ftp/empty, /home/ftp</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="vsftpd-prog">
        <term><command>vsftpd</command></term>
        <listitem>
          <para>is the FTP daemon.</para>
          <indexterm zone="vsftpd vsftpd-prog">
            <primary sortas="b-vsftpd">vsftpd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>