EXAMPLE/VIRTUAL_USERS/vsftpd.pam | 6 +++-- dummyinc/security/pam_userpass.h | 7 +++++ ftpcmdio.h | 4 ++- logging.c | 4 +-- port/porting_junk.h | 13 ++++++++++ seccompsandbox.c | 44 ++++++++++++++++++++++++++++++++ str.c | 12 +++------ sysdeputil.c | 33 +++++++++++++++++------- sysstr.c | 9 ++----- sysutil.c | 15 +++++------ sysutil.h | 3 ++- tunables.c | 28 ++++++++++---------- twoprocess.c | 2 +- utility.h | 10 +++++--- vsf_findlibs.sh | 3 +++ vsftpd.8 | 1 + vsftpd.conf | 55 ++++++++++++++++++++++++++++++++-------- vsftpd.conf.5 | 36 +++++++++++++------------- 18 files changed, 197 insertions(+), 88 deletions(-) diff --git a/EXAMPLE/VIRTUAL_USERS/vsftpd.pam b/EXAMPLE/VIRTUAL_USERS/vsftpd.pam index 5f6864a..98fdbc5 100644 --- a/EXAMPLE/VIRTUAL_USERS/vsftpd.pam +++ b/EXAMPLE/VIRTUAL_USERS/vsftpd.pam @@ -1,2 +1,4 @@ -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login -account required /lib/security/pam_userdb.so db=/etc/vsftpd_login +#%PAM-1.0 +auth required pam_userpass.so +auth required pam_userdb.so db=/etc/vsftpd_login use_first_pass +account required pam_userdb.so db=/etc/vsftpd_login diff --git a/dummyinc/security/pam_userpass.h b/dummyinc/security/pam_userpass.h new file mode 100644 index 0000000..4eb2fbb --- /dev/null +++ b/dummyinc/security/pam_userpass.h @@ -0,0 +1,7 @@ +#ifndef VSF_DUMMYINC_PAM_USERPASS_H +#define VSF_DUMMYINC_PAM_USERPASS_H + +#undef VSF_SYSDEP_HAVE_PAM_USERPASS + +#endif /* VSF_DUMMYINC_PAM_USERPASS_H */ + diff --git a/ftpcmdio.h b/ftpcmdio.h index 0f011ae..87e5a94 100644 --- a/ftpcmdio.h +++ b/ftpcmdio.h @@ -1,6 +1,8 @@ #ifndef VSF_FTPCMDIO_H #define VSF_FTPCMDIO_H +#include "port/porting_junk.h" + struct mystr; struct vsf_session; @@ -51,7 +53,7 @@ void vsf_cmdio_write_raw(struct vsf_session* p_sess, const char* p_text); * write is _guaranteed_ to not block (ditching output if neccessary). */ void vsf_cmdio_write_exit(struct vsf_session* p_sess, int status, - const char* p_text, int exit_val); + const char* p_text, int exit_val) VSF_NORETURN; /* vsf_cmdio_write_str() * PURPOSE diff --git a/logging.c b/logging.c index ad531d6..d999262 100644 --- a/logging.c +++ b/logging.c @@ -48,7 +48,7 @@ vsf_log_init(struct vsf_session* p_sess) } if (vsf_sysutil_retval_is_error(retval)) { - die2("failed to open xferlog log file:", tunable_xferlog_file); + die("failed to open xferlog log file"); } p_sess->xferlog_fd = retval; } @@ -64,7 +64,7 @@ vsf_log_init(struct vsf_session* p_sess) } if (vsf_sysutil_retval_is_error(retval)) { - die2("failed to open vsftpd log file:", tunable_vsftpd_log_file); + die("failed to open vsftpd log file"); } p_sess->vsftpd_log_fd = retval; } diff --git a/port/porting_junk.h b/port/porting_junk.h index eeb6ee3..4dde416 100644 --- a/port/porting_junk.h +++ b/port/porting_junk.h @@ -26,5 +26,18 @@ */ #include "cmsg_extras.h" +#if defined(__GNUC__) && defined(__GNUC_MINOR__) +# define VSF_GNUC_PREREQ(maj, min) \ + (((__GNUC__ << 16) + __GNUC_MINOR__) >= (((maj) << 16) + (min))) +#else +# define VSF_GNUC_PREREQ(maj, min) 0 +#endif + +#if VSF_GNUC_PREREQ(2,5) +# define VSF_NORETURN __attribute__((noreturn)) +#else +# define VSF_NORETURN +#endif + #endif /* VSF_PORTINGJUNK_H */ diff --git a/seccompsandbox.c b/seccompsandbox.c index 2c350a9..c5c02f9 100644 --- a/seccompsandbox.c +++ b/seccompsandbox.c @@ -12,6 +12,10 @@ #if defined(__linux__) && defined(__x86_64__) +#ifndef _GNU_SOURCE + #define _GNU_SOURCE 1 +#endif + #include "session.h" #include "sysutil.h" #include "tunables.h" @@ -46,6 +50,12 @@ #define __NR_openat 257 #endif +#ifdef O_LARGEFILE + #if O_LARGEFILE == 0 + #undef O_LARGEFILE + #endif +#endif + #ifndef O_LARGEFILE #define O_LARGEFILE 00100000 #endif @@ -267,6 +277,9 @@ seccomp_sandbox_setup_data_connections() 3, IPPROTO_TCP); allow_nr(__NR_bind); allow_nr(__NR_select); +#ifdef __NR_pselect6 + allow_nr(__NR_pselect6); +#endif if (tunable_port_enable) { allow_nr(__NR_connect); @@ -294,6 +307,11 @@ seccomp_sandbox_setup_base() allow_nr_2_arg_match(__NR_mmap, 3, PROT_READ|PROT_WRITE, 4, MAP_PRIVATE|MAP_ANON); +#ifdef __NR_mmap2 + allow_nr_2_arg_match(__NR_mmap2, + 3, PROT_READ|PROT_WRITE, + 4, MAP_PRIVATE|MAP_ANON); +#endif allow_nr_1_arg_mask(__NR_mprotect, 3, PROT_READ); allow_nr(__NR_munmap); allow_nr(__NR_brk); @@ -301,7 +319,15 @@ seccomp_sandbox_setup_base() reject_nr(__NR_mremap, ENOSYS); /* Misc simple low-risk calls. */ +#ifdef __NR_gettimeofday allow_nr(__NR_gettimeofday); /* Used by logging. */ +#endif +#ifdef __NR_clock_gettime + allow_nr(__NR_clock_gettime); /* Used by logging. */ +#endif +#ifdef __NR_clock_gettime64 + allow_nr(__NR_clock_gettime64); /* Used by logging. */ +#endif allow_nr(__NR_rt_sigreturn); /* Used to handle SIGPIPE. */ allow_nr(__NR_restart_syscall); allow_nr(__NR_close); @@ -330,7 +356,15 @@ seccomp_sandbox_setup_prelogin(const struct vsf_session* p_sess) allow_nr_1_arg_match(__NR_recvfrom, 4, MSG_PEEK); /* Misc simple low-risk calls */ +#ifdef __NR_nanosleep allow_nr(__NR_nanosleep); /* Used for bandwidth / login throttling. */ +#endif +#ifdef __NR_clock_nanosleep + allow_nr(__NR_clock_nanosleep); /* Used for bandwidth / login throttling. */ +#endif +#ifdef __NR_clock_nanosleep_time64 + allow_nr(__NR_clock_nanosleep_time64); /* Used for bandwidth / login throttling. */ +#endif allow_nr(__NR_getpid); /* Used by logging. */ allow_nr(__NR_shutdown); /* Used for QUIT or a timeout. */ allow_nr_1_arg_match(__NR_fcntl, 2, F_GETFL); @@ -409,6 +443,10 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) allow_nr(__NR_getcwd); allow_nr(__NR_chdir); allow_nr(__NR_getdents); +#ifdef __NR_getdents64 + allow_nr(__NR_getdents64); +#endif + allow_nr(__NR_sysinfo); /* Used by qsort. */ /* Misc */ allow_nr(__NR_umask); @@ -416,6 +454,9 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) if (tunable_use_sendfile) { allow_nr(__NR_sendfile); +#ifdef __NR_sendfile64 + allow_nr(__NR_sendfile64); +#endif } if (tunable_idle_session_timeout > 0 || tunable_data_connection_timeout > 0 || @@ -462,6 +503,9 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) { reject_nr(__NR_socket, EACCES); allow_nr_2_arg_match(__NR_mmap, 3, PROT_READ, 4, MAP_SHARED); +#ifdef __NR_mmap2 + allow_nr_2_arg_match(__NR_mmap2, 3, PROT_READ, 4, MAP_SHARED); +#endif } if (tunable_write_enable) diff --git a/str.c b/str.c index 6596204..bb8114d 100644 --- a/str.c +++ b/str.c @@ -458,9 +458,7 @@ str_locate_chars(const struct mystr* p_str, const char* p_chars) struct str_locate_result retval; unsigned int num_chars = vsf_sysutil_strlen(p_chars); unsigned int i = 0; - retval.found = 0; - retval.char_found = 0; - retval.index = 0; + vsf_sysutil_memclr(&retval, sizeof(retval)); for (; i < p_str->len; ++i) { unsigned int j = 0; @@ -485,9 +483,7 @@ str_locate_text(const struct mystr* p_str, const char* p_text) struct str_locate_result retval; unsigned int i; unsigned int text_len = vsf_sysutil_strlen(p_text); - retval.found = 0; - retval.char_found = 0; - retval.index = 0; + vsf_sysutil_memclr(&retval, sizeof(retval)); if (text_len == 0 || text_len > p_str->len) { /* Not found */ @@ -512,9 +508,7 @@ str_locate_text_reverse(const struct mystr* p_str, const char* p_text) struct str_locate_result retval; unsigned int i; unsigned int text_len = vsf_sysutil_strlen(p_text); - retval.found = 0; - retval.char_found = 0; - retval.index = 0; + vsf_sysutil_memclr(&retval, sizeof(retval)); if (text_len == 0 || text_len > p_str->len) { return retval; diff --git a/sysdeputil.c b/sysdeputil.c index 06f01f4..bba4929 100644 --- a/sysdeputil.c +++ b/sysdeputil.c @@ -7,6 +7,12 @@ * Highly system dependent utilities - e.g. authentication, capabilities. */ +#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) + #define _FILE_OFFSET_BITS 64 + #define _LARGEFILE_SOURCE 1 + #define _LARGEFILE64_SOURCE 1 +#endif + #include "sysdeputil.h" #include "str.h" #include "sysutil.h" @@ -16,15 +22,6 @@ #include "tunables.h" #include "builddefs.h" -/* For Linux, this adds nothing :-) */ -#include "port/porting_junk.h" - -#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) - #define _FILE_OFFSET_BITS 64 - #define _LARGEFILE_SOURCE 1 - #define _LARGEFILE64_SOURCE 1 -#endif - /* For INT_MAX */ #include @@ -54,6 +51,7 @@ #undef VSF_SYSDEP_HAVE_LINUX_CLONE #ifdef VSF_BUILD_PAM #define VSF_SYSDEP_HAVE_PAM + #define VSF_SYSDEP_HAVE_PAM_USERPASS #endif #define VSF_SYSDEP_HAVE_SHADOW #define VSF_SYSDEP_HAVE_USERSHELL @@ -167,6 +165,7 @@ /* PAM support - we include our own dummy version if the system lacks this */ #include +#include /* No PAM? Try getspnam() with a getpwnam() fallback */ #ifndef VSF_SYSDEP_HAVE_PAM @@ -312,9 +311,13 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, typedef lo_const void* pam_item_t; static pam_handle_t* s_pamh; +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS static struct mystr s_pword_str; static int pam_conv_func(int nmsg, const struct pam_message** p_msg, struct pam_response** p_reply, void* p_addata); +#else +static pam_userpass_t userpass; +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ static void vsf_auth_shutdown(void); int @@ -327,14 +330,24 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, const char* pam_user_name = 0; struct pam_conv the_conv = { +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS &pam_conv_func, 0 +#else + pam_userpass_conv, + &userpass +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ }; if (s_pamh != 0) { bug("vsf_sysdep_check_auth"); } +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS str_copy(&s_pword_str, p_pass_str); +#else + userpass.user = str_getbuf(p_user_str); + userpass.pass = str_getbuf(p_pass_str); +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ if (tunable_pam_service_name) { retval = pam_start(tunable_pam_service_name, @@ -444,6 +457,7 @@ vsf_auth_shutdown(void) vsf_remove_uwtmp(); } +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS static int pam_conv_func(int nmsg, const struct pam_message** p_msg, struct pam_response** p_reply, void* p_addata) @@ -479,6 +493,7 @@ pam_conv_func(int nmsg, const struct pam_message** p_msg, *p_reply = p_resps; return PAM_SUCCESS; } +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ #endif /* VSF_SYSDEP_HAVE_PAM */ diff --git a/sysstr.c b/sysstr.c index d86cdf1..b764684 100644 --- a/sysstr.c +++ b/sysstr.c @@ -74,19 +74,14 @@ str_chdir(const struct mystr* p_str) int str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) { - enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; switch (mode) { case kVSFSysStrOpenReadOnly: - open_mode = kVSFSysUtilOpenReadOnly; - break; - case kVSFSysStrOpenUnknown: - /* Fall through */ + return vsf_sysutil_open_file(str_getbuf(p_str), kVSFSysUtilOpenReadOnly); default: bug("unknown mode value in str_open"); - break; + return -1; } - return vsf_sysutil_open_file(str_getbuf(p_str), open_mode); } int diff --git a/sysutil.c b/sysutil.c index 5cdb6ef..4924730 100644 --- a/sysutil.c +++ b/sysutil.c @@ -10,21 +10,18 @@ * dependencies on libc or syscalls. */ -#define PRIVATE_HANDS_OFF_syscall_retval syscall_retval -#define PRIVATE_HANDS_OFF_exit_status exit_status -#include "sysutil.h" -#include "utility.h" -#include "tunables.h" -#include "sysdeputil.h" - /* Activate 64-bit file support on Linux/32bit plus others */ #define _FILE_OFFSET_BITS 64 #define _LARGEFILE_SOURCE 1 #define _LARGEFILE64_SOURCE 1 #define _LARGE_FILES 1 -/* For Linux, this adds nothing :-) */ -#include "port/porting_junk.h" +#define PRIVATE_HANDS_OFF_syscall_retval syscall_retval +#define PRIVATE_HANDS_OFF_exit_status exit_status +#include "sysutil.h" +#include "utility.h" +#include "tunables.h" +#include "sysdeputil.h" #include #include diff --git a/sysutil.h b/sysutil.h index c34778c..6b64963 100644 --- a/sysutil.h +++ b/sysutil.h @@ -6,6 +6,7 @@ #ifndef VSF_FILESIZE_H #include "filesize.h" #endif +#include "port/porting_junk.h" /* Return value queries */ int vsf_sysutil_retval_is_error(int retval); @@ -168,7 +169,7 @@ unsigned int vsf_sysutil_getpid(void); void vsf_sysutil_post_fork(void); int vsf_sysutil_fork(void); int vsf_sysutil_fork_failok(void); -void vsf_sysutil_exit(int exit_code); +void vsf_sysutil_exit(int exit_code) VSF_NORETURN; struct vsf_sysutil_wait_retval { int PRIVATE_HANDS_OFF_syscall_retval; diff --git a/tunables.c b/tunables.c index 284a10d..1eb76e6 100644 --- a/tunables.c +++ b/tunables.c @@ -179,8 +179,8 @@ tunables_load_defaults() tunable_userlist_deny = 1; tunable_use_localtime = 0; tunable_check_shell = 1; - tunable_hide_ids = 0; - tunable_listen = 1; + tunable_hide_ids = 1; + tunable_listen = 0; tunable_port_promiscuous = 0; tunable_passwd_chroot_enable = 0; tunable_no_anon_password = 0; @@ -237,8 +237,8 @@ tunables_load_defaults() tunable_idle_session_timeout = 300; tunable_data_connection_timeout = 300; /* IPPORT_USERRESERVED + 1 */ - tunable_pasv_min_port = 5001; - tunable_pasv_max_port = 0; + tunable_pasv_min_port = 49152; + tunable_pasv_max_port = 65535; tunable_anon_max_rate = 0; tunable_local_max_rate = 0; /* IPPORT_FTP */ @@ -254,19 +254,19 @@ tunables_load_defaults() /* -rw------- */ tunable_chown_upload_mode = 0600; - install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); - install_str_setting("ftp", &tunable_ftp_username); + install_str_setting("/var/empty", &tunable_secure_chroot_dir); + install_str_setting("vsftpd", &tunable_ftp_username); install_str_setting("root", &tunable_chown_username); install_str_setting("/var/log/xferlog", &tunable_xferlog_file); install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file); install_str_setting(".message", &tunable_message_file); - install_str_setting("nobody", &tunable_nopriv_user); + install_str_setting("novsftpd", &tunable_nopriv_user); install_str_setting(0, &tunable_ftpd_banner); - install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); - install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); - install_str_setting("ftp", &tunable_pam_service_name); - install_str_setting("ftp", &tunable_guest_username); - install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); + install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file); + install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file); + install_str_setting("vsftpd", &tunable_pam_service_name); + install_str_setting("vsftpd", &tunable_guest_username); + install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file); install_str_setting(0, &tunable_anon_root); install_str_setting(0, &tunable_local_root); install_str_setting(0, &tunable_banner_file); @@ -279,9 +279,9 @@ tunables_load_defaults() install_str_setting(0, &tunable_hide_file); install_str_setting(0, &tunable_deny_file); install_str_setting(0, &tunable_user_sub_token); - install_str_setting("/etc/vsftpd.email_passwords", + install_str_setting("/etc/vsftpd/email_passwords", &tunable_email_password_file); - install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + install_str_setting("/var/lib/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); diff --git a/twoprocess.c b/twoprocess.c index 33d84dc..35b674f 100644 --- a/twoprocess.c +++ b/twoprocess.c @@ -43,7 +43,7 @@ static void calculate_chdir_dir(int anon, struct mystr* p_userdir_str, const struct mystr* p_user_str, const struct mystr* p_orig_user_str); -static void +static void VSF_NORETURN handle_sigchld(void* duff) { diff --git a/utility.h b/utility.h index aae3052..e5677fa 100644 --- a/utility.h +++ b/utility.h @@ -1,6 +1,8 @@ #ifndef VSF_UTILITY_H #define VSF_UTILITY_H +#include "port/porting_junk.h" + struct mystr; /* die() @@ -10,7 +12,7 @@ struct mystr; * PARAMETERS * p_text - text string describing why the process is exiting */ -void die(const char* p_text); +void die(const char* p_text) VSF_NORETURN; /* die2() * PURPOSE @@ -20,7 +22,7 @@ void die(const char* p_text); * p_text1 - text string describing why the process is exiting * p_text2 - text to safely concatenate to p_text1 */ -void die2(const char* p_text1, const char* p_text2); +void die2(const char* p_text1, const char* p_text2) VSF_NORETURN; /* bug() * PURPOSE @@ -29,7 +31,7 @@ void die2(const char* p_text1, const char* p_text2); * PARAMETERS * p_text - text string describing what bug trap has triggered * */ -void bug(const char* p_text); +void bug(const char* p_text) VSF_NORETURN; /* vsf_exit() * PURPOSE @@ -38,7 +40,7 @@ void bug(const char* p_text); * PARAMETERS * p_text - text string describing why the process is exiting */ -void vsf_exit(const char* p_text); +void vsf_exit(const char* p_text) VSF_NORETURN; #endif diff --git a/vsf_findlibs.sh b/vsf_findlibs.sh index f5d485d..272288c 100755 --- a/vsf_findlibs.sh +++ b/vsf_findlibs.sh @@ -21,6 +21,9 @@ if find_func pam_start sysdeputil.o; then locate_library /usr/lib/libpam.sl && echo "-lpam"; # AIX ends shared libraries with .a locate_library /usr/lib/libpam.a && echo "-lpam"; + if find_func pam_userpass_conv sysdeputil.o; then + locate_library /usr/lib/libpam_userpass.so && echo "-lpam_userpass"; + fi else locate_library /lib/libcrypt.so && echo "-lcrypt"; locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; diff --git a/vsftpd.8 b/vsftpd.8 index 6640b57..4445396 100644 --- a/vsftpd.8 +++ b/vsftpd.8 @@ -1,6 +1,7 @@ .\" Copyright (c) 2001 Daniel Jacobowitz .Dd March 8, 2001 .Dt VSFTPD 8 +.Os "ALT Linux" .Sh NAME .Nm vsftpd .Nd Very Secure FTP Daemon diff --git a/vsftpd.conf b/vsftpd.conf index cc1c607..b95c58a 100644 --- a/vsftpd.conf +++ b/vsftpd.conf @@ -1,14 +1,21 @@ -# Example config file /etc/vsftpd.conf +# The configuration file for vsftpd. # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. -# Please see vsftpd.conf.5 for all compiled in defaults. +# Please see vsftpd.conf(5) for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. -# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# Please read the vsftpd.conf(5) manual page to get a full idea of vsftpd's # capabilities. # +# Uncomment this to disallow the PORT method of obtaining a data connection. +#port_enable=NO +# +# Uncomment this to disallow the PASV method of obtaining a data connection. +#pasv_enable=NO +# # Allow anonymous FTP? (Beware - allowed by default if you comment this out). +# You might want to install anonftp to provide /var/ftp and ftpadmin group. anonymous_enable=YES # # Uncomment this to allow local users to log in. @@ -21,6 +28,16 @@ anonymous_enable=YES # if your users expect that (022 is used by most other ftpd's) #local_umask=022 # +# The minimum port to allocate for PASV style data connections. +# Can be used to specify a narrow port range to assist firewalling. +# The default is shown below. +#pasv_min_port=49152 +# +# The maximum port to allocate for PASV style data connections. +# Can be used to specify a narrow port range to assist firewalling. +# The default is shown below. +#pasv_max_port=65535 +# # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. @@ -62,7 +79,7 @@ connect_from_port_20=YES # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. -#nopriv_user=ftpsecure +#nopriv_user=novsftpd # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, @@ -87,18 +104,24 @@ connect_from_port_20=YES # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) -#banned_email_file=/etc/vsftpd.banned_emails +#banned_email_file=/etc/vsftpd/banned_emails +# +# If enabled, local users will be (by default) placed in a chroot() jail +# in their home directory after login. +# Warning: this option has non-trivial security implications, especially +# if the users also have shell access or write access. +# Only enable if you know what you are doing (and you probably don't). +#chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). -# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that -# the user does not have write access to the top level directory within the -# chroot) -#chroot_local_user=YES +# Warning: these features have non-trivial security implications, especially +# if the users also have shell access or write access. +# Only enable if you know what you are doing (and you probably don't). #chroot_list_enable=YES # (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list +#chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large @@ -106,10 +129,20 @@ connect_from_port_20=YES # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # +# If enabled, all user and group information in directory listings will be +# displayed as "ftp". +# The default is to hide user and group information. +#hide_ids=YES +# +# If enabled, vsftpd will display directory listings with the time in your +# local time zone. The default is to display GMT. The times returned by the +# MDTM FTP command are also affected by this option. +#use_localtime=YES +# # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. -listen=YES +#listen=YES # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 index fcc6022..daf0a1e 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -138,7 +138,7 @@ chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is -/etc/vsftpd.chroot_list, but you may override this with the +/etc/vsftpd/chroot_list, but you may override this with the .BR chroot_list_file setting. @@ -177,7 +177,7 @@ Default: NO .B deny_email_enable If activated, you may provide a list of anonymous password e-mail responses which cause login to be denied. By default, the file containing this list is -/etc/vsftpd.banned_emails, but you may override this with the +/etc/vsftpd/banned_emails, but you may override this with the .BR banned_email_file setting. @@ -262,7 +262,7 @@ Default: NO If enabled, all user and group information in directory listings will be displayed as "ftp". -Default: NO +Default: YES .TP .B implicit_ssl If enabled, an SSL handshake is the first thing expect on all connections @@ -433,7 +433,7 @@ anonymous logins are prevented unless the password provided is listed in the file specified by the .BR email_password_file setting. The file format is one password per line, no extra whitespace. The -default filename is /etc/vsftpd.email_passwords. +default filename is /etc/vsftpd/email_passwords. Default: NO .TP @@ -734,13 +734,13 @@ Default: 0 (unlimited) The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. -Default: 0 (use any port) +Default: 65535 .TP .B pasv_min_port The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. -Default: 0 (use any port) +Default: 49152 .TP .B trans_chunk_size You probably don't want to change this, but try setting it to something like @@ -764,7 +764,7 @@ passwords which are not permitted. This file is consulted if the option .BR deny_email_enable is enabled. -Default: /etc/vsftpd.banned_emails +Default: /etc/vsftpd/banned_emails .TP .B banner_file This option is the name of a file containing text to display when someone @@ -803,7 +803,7 @@ is enabled. If the option is enabled, then the list file becomes a list of users to NOT place in a chroot() jail. -Default: /etc/vsftpd.chroot_list +Default: /etc/vsftpd/chroot_list .TP .B cmds_allowed This options specifies a comma separated list of allowed FTP commands (post @@ -864,13 +864,13 @@ This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable setting. -Default: /etc/vsftpd.email_passwords +Default: /etc/vsftpd/email_passwords .TP .B ftp_username This is the name of the user we use for handling anonymous FTP. The home directory of this user is the root of the anonymous FTP area. -Default: ftp +Default: vsftpd .TP .B ftpd_banner This string option allows you to override the greeting banner displayed @@ -884,7 +884,7 @@ See the boolean setting for a description of what constitutes a guest login. This setting is the real username which guest users are mapped to. -Default: ftp +Default: vsftpd .TP .B hide_file This option can be used to set a pattern for filenames (and directory names @@ -935,12 +935,12 @@ totally unprivileged. Note that this should be a dedicated user, rather than nobody. The user nobody tends to be used for rather a lot of important things on most machines. -Default: nobody +Default: novsftpd .TP .B pam_service_name This string is the name of the PAM service vsftpd will use. -Default: ftp +Default: vsftpd .TP .B pasv_address Use this option to override the IP address that vsftpd will advertise in @@ -955,7 +955,7 @@ Default: (none - the address is taken from the incoming connected socket) This option specifies the location of the RSA certificate to use for SSL encrypted connections. -Default: /usr/share/ssl/certs/vsftpd.pem +Default: /var/lib/ssl/certs/vsftpd.pem .TP .B rsa_private_key_file This option specifies the location of the RSA private key to use for SSL @@ -969,7 +969,7 @@ This option should be the name of a directory which is empty. Also, the directory should not be writable by the ftp user. This directory is used as a secure chroot() jail at times vsftpd does not require filesystem access. -Default: /usr/share/empty +Default: /var/empty .TP .B ssl_ciphers This option can be used to select which SSL ciphers vsftpd will allow for @@ -987,10 +987,10 @@ the manual page, on a per-user basis. Usage is simple, and is best illustrated with an example. If you set .BR user_config_dir to be -.BR /etc/vsftpd_user_conf +.BR /etc/vsftpd/user_conf and then log on as the user "chris", then vsftpd will apply the settings in the file -.BR /etc/vsftpd_user_conf/chris +.BR /etc/vsftpd/user_conf/chris for the duration of the session. The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis. For example, many settings only prior to the user's session @@ -1026,7 +1026,7 @@ This option is the name of the file loaded when the .BR userlist_enable option is active. -Default: /etc/vsftpd.user_list +Default: /etc/vsftpd/user_list .TP .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style