Beyond Linux® From Scratch - Version 2012-01-16

Chapter 19. Major Servers

vsftpd-2.3.4

Introduction to vsftpd

The vsftpd package contains a very secure and very small FTP daemon. This is useful for serving files over a network.

This package is known to build and work properly using an LFS-7.0 platform.

Package Information

vsftpd Dependencies

Optional

Linux-PAM-1.1.5, OpenSSL-1.0.0e, TCP Wrappers-7.6, and libcap2-2.22

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/vsftpd

Installation of vsftpd

For security reasons, running vsftpd as an unprivileged user and group is encouraged. Also, a user should be created to map anonymous users. As the root user, create the needed directories, users, and groups with the following commands: 

install -v -d -m 0755 /var/ftp/empty &&
install -v -d -m 0755 /home/ftp      &&
groupadd -g 47 vsftpd                &&
groupadd -g 45 ftp                   &&
useradd -c "vsftpd User"  -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &&
useradd -c anonymous_user -d /home/ftp -g ftp    -s /bin/false -u 45 ftp

If you did not install the optional libcap2 package, run the following to avoid a build error: 

sed -i -e 's|#define VSF_SYSDEP_HAVE_LIBCAP|//&|' sysdeputil.c

Build vsftpd as an unprivileged user using the following command: 

make

This package does not come with a test suite.

Once again, become the root user and install vsftpd with the following commands: 

install -v -m 755 vsftpd        /usr/sbin/vsftpd    &&
install -v -m 644 vsftpd.8      /usr/share/man/man8 &&
install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &&
install -v -m 644 vsftpd.conf   /etc

Command Explanations

install -v -d ...: This creates the directory that anonymous users will use (/home/ftp) and the directory the daemon will chroot into (/var/ftp/empty).

[Note]

Note

/home/ftp should not be owned by the user vsftpd, or the user ftp.

echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: Use this prior to make to add support for tcpwrappers.

echo "#define VSF_BUILD_SSL" >>builddefs.h: Use this prior to make to add support for SSL.

install -v -m ...: The Makefile uses non-standard installation paths. These commands install the files in /usr and /etc.

Configuring vsftpd

Config Files

/etc/vsftpd.conf

Configuration Information

vsftpd comes with a basic anonymous-only configuration file that was copied to /etc above. While still as root, this file should be modified because it is now recommended to run vsftpd in standalone mode as opposed to inetd/xinetd mode. Also, you should specify the privilege separation user created above. Finally, you should specify the chroot directory. man vsftpd.conf will give you all the details. 

cat >> /etc/vsftpd.conf << "EOF"
background=YES
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty
EOF

Boot Script

Install the /etc/rc.d/init.d/vsftpd init script included in the blfs-bootscripts-20111226 package. 

make install-vsftpd

Contents

Installed Program: vsftpd
Installed Libraries: None
Installed Directories: /var/ftp, /var/ftp/empty, /home/ftp

Short Descriptions

vsftpd

is the FTP daemon.

Last updated on 2011-11-15 19:27:44 +0000