Page 3 of 13 FirstFirst 12345 ... LastLast
Results 21 to 30 of 130

Thread: Howto: Easy FTP with vsftpd

  1. #21
    Join Date
    Nov 2005
    Location
    Republic of Texas, USA
    Beans
    129
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Question Re: Howto: Easy FTP with vsftpd

    Thank you for the tutorial. I was wanting to know if you could help further with my setup. I am trying to setup a corporate ftp for project collaboration and this server will not use anonymous logins. I have followed your tutorial and I chose the option to chroot all users and setup virtual users.

    This is what I was considering:

    ProjectFolder1 - download only folder for multiple client group access
    ProjectFolder2 - download only folder for multiple client group access
    ClientFolder1 - upload/down folder for specific client
    ClientFolder2 - upload/down folder for specific client
    Uploads - an uploads only folder for any authorized users

    I would like to create 2 system users to administer this box. I would like to know how to give users Admin1 and Admin2 upload/download and add/delete file access to all of these folders?
    Also Is there a way to restrict the uploads folder to uploading only without viewing the contents of the folder?

    Thanks,
    Tim
    Last edited by blx_286; February 24th, 2008 at 02:54 AM.

  2. #22
    Join Date
    Oct 2007
    Beans
    9

    Re: Howto: Easy FTP with vsftpd

    Hello, I have followed this tutorial and managed to get vsftpd up and running using FTP over explicit TLS/SSL, however, the third party connecting to it have demanded we use implicit! I cannot find any howtos on the Internet. Could someone please advise? Thank you

  3. #23
    Join Date
    Nov 2005
    Location
    Portugal
    Beans
    636
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Howto: Easy FTP with vsftpd

    Hi jdawson,

    did you try

    Code:
    listen_port=990
    in your vsftpd.conf? (I can't test it at the moment)

  4. #24
    Join Date
    Apr 2008
    Beans
    1

    Angry Re: Howto: Easy FTP with vsftpd

    I am fairly new to Linux, though I am computer savvy and technically inclined. I have a lot of experience working with Windows, and have set up many other FTP servers.

    Having said that, spending 16-20 hours working to set up "the best" ftp server available for this system is getting ridiculous. To answer the first question, yes I've restarted the service.

    I primarily use web browsers to access ftp sites, but I've also installed Filezilla.

    For starters, with the initial setup it is my understanding that an anon user can connect to the site to download files only. I have included a file in the directory /home/ftp, but I cannot see it when I access the site via a web browser (FF, IE6, IE7).

    Do a little digging, I get told I need to share that folder. So I share it... no success.

    Then I decide it doesn't matter what an anon user can see because I need to secure this site. So I tailor the config file appropriately:
    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone? vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=YES
    ssl_sslv3=YES
    # Filezilla uses port 21 if you don't set any port
    # in Servertype "FTPES - FTP over explicit TLS/SSL"
    # Port 990 is the default used for FTPS protocol.
    # Uncomment it if you want/have to use port 990.
    listen_port=990
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=yoda
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome to the AKA FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories. See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    chroot_list_enable=NO
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default. These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty. Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    # This option specifies the location of the RSA key to use for SSL
    # encrypted connections.
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    So I'm at the point now where Filezilla is trying to connect. I have everything set up in there right, server type is ftps, UN/PW etc. The error I'm seeing here is it says the connection is established, initializing TLS, and then it tells me it cannot connect. In the web browser I get the authorization screen to enter a UN/PW combo but it does not recognize ANY users I have on the system.

    I'm starting to get the overwhelming feeling the issue is with either the TLS/SSL or it's with the users. It's unfortunate there isn't a simple interface to add and remove users, and designate their home folders. I've added the users to the system, I've shared their /home/(user) folder, I've configured the file (to the best of my ability and knowledge) to allow these users to connect, and yet they cannot.

    Any help is appreciated! All I want is an FTP server which I can log into, download and upload files. As a forewarning, in order to help me you cannot just say "create xxxxxx.xxx and then add a user to it" I really need the HOW. A step by step, this is how you configure your server, this is what you type into Terminal, to allow this user to connect from a web browser, without any of the overhead technical jargon.

    THANK YOU!

  5. #25
    Join Date
    May 2008
    Beans
    1

    Re: Howto: Easy FTP with vsftpd

    Hi epimeteo,
    To start off, thank you for such a great and well written how-to.
    I have followed every step of it and have implemented it as per the how-to, so that I could run a ftp server with vsftpd, ssl and virtual users (also with local users).

    I have succeeded to a extent that vsftpd+ssl+localuser work, but with ssl enabled, the virtual users are unable to login . If I disable SSL, the same virtual users are able to login in with the password . I really have no clue as to why this is happening. The only clue I got from the logs that pam_unix is unable process the username. Here is the error

    ========= /var/log/auth.log ====================================
    May 1 21:46:09 sshd[22941]: Invalid user foobar from 192.168.2.1
    May 1 21:46:09 sshd[22941]: Failed none for invalid user foobar from 192.168.2.1 port 1261 ssh2
    May 1 21:46:15 i-softwareproducts sshd[22941]: (pam_unix) check pass; user unknown
    May 1 21:46:15 i-softwareproducts sshd[22941]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost
    ================================================== =================

    Here is a more info on my install and config:
    OS: Ubuntu 7.04
    vsftpd: version 2.0.5
    installed openssl, ssl-cert and db3-utils

    /etc/vsftpd.conf
    ================
    listen=YES
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    dirmessage_enable=YES
    xferlog_enable=YES
    #connect_from_port_20=YES
    xferlog_file=/var/log/vsftpd.log
    xferlog_std_format=YES
    idle_session_timeout=600
    data_connection_timeout=120
    chroot_local_user=YES
    ls_recurse_enable=YES
    secure_chroot_dir=/var/run/vsftpd
    pam_service_name=ftp
    ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=YES
    ssl_sslv3=YES
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    force_dot_files=YES
    hide_ids=YES
    guest_enable=YES
    guest_username=virtual
    user_config_dir=/etc/vsftpd/vusers

    /etc/pam.d/ftp
    ==============
    uth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
    account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

    /etc/vsftpd/vusers/foobar
    =========================
    rite_enable=YES
    anon_mkdir_write_enable=YES
    anon_other_write_enable=YES
    anon_upload_enable=YES
    local_root=/home/ftpusers
    chroot_local_user=YES
    dirlist_enable=YES
    download_enable=YES
    guest_username=virtual


    Please help me resolve this.

    Thank You

  6. #26
    Join Date
    Jun 2006
    Beans
    103

    Re: Howto: Easy FTP with vsftpd

    I am in the exact same spot with respect to getting FileZilla to work, that it is it won't with SSL enabled. GoFTP (another client) will work if I use explicit SSL, if I try and use implicit SSL (regardless of which port the vsftpd server listens to) it will not connect. I think FileZilla is expecting implicit to work, frankly so was I. After a few hours of searching I'm thinking that it is not a problem with misconfiguration it is simply that vsftpd doesn't support implicit SSL.

    I hope that I'm wrong here and someone can tell me what directives need to be turned on for this to happen.

  7. #27
    Join Date
    Jun 2006
    Beans
    41

    Re: Howto: Easy FTP with vsftpd

    how to compile http://workaround.org/articles/ispmail-etch/ together and VSFTPd!!!
    How to do this:
    virtual_users must have access to they folders in virtual_domains>
    for excample:
    user1
    user2
    user3
    ....

    domain1
    domain2
    domain3
    ....

    ftp://user1.domain1.com
    ftp://user1.domain2.com
    ftp://user2.domain3.com
    .....

    Like this is this possible? if Yes plz help me how ?

  8. #28
    Join Date
    Sep 2007
    Beans
    108
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: Howto: Easy FTP with vsftpd

    I want only /media/disk-1/FTP to be available over FTP.
    I used
    Code:
    sudo useradd -d /media/disk-1/FTP ftpuser
    but after logging in with ftpuser, again many more folders are shown(from / )

    Any help is appreciated.

  9. #29
    Join Date
    Sep 2007
    Beans
    24
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Howto: Easy FTP with vsftpd

    Hello, First of all the tutorial is great..It helped me a lot

    But i have a problem.When i go to download files from another computer i get this error:
    Code:
    Could not read from transfer socket: ENOBUFS - Out of memory
    I have free ram so i do not think that is a ram problem..
    $free -m
    total used free shared buffers cached
    Mem: 503 380 123 0 2 74
    -/+ buffers/cache: 303 200
    Swap: 321 78 243
    Last edited by DeaDWiZ; August 30th, 2008 at 04:26 PM.

  10. #30
    Join Date
    Aug 2008
    Beans
    5

    Question Re: Howto: Easy FTP with vsftpd

    I've tried to set up vsftpd with a single virtual user, called transfer. It's working almost perfectly: user can upload files, delete files, create directories, delete directories, BUT it can't download files, or chmod. Funny, uhh? one would expect problems to happen the other way around Although if I chmod the file as a root to have 666 privileges (instead of 600, which is default) than user can download.

    I also checked that the file owner is ftp and group is ftp, and the daemon is listening as root, and opens 2 new threads for ftp connection as ftp user.

    So... below are my config files, can you tell me what could be the problem?

    /etc/vsftpd.conf
    Code:
    listen=YES
    anonymous_enable=YES
    local_enable=YES
    write_enable=YES
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    nopriv_user=ftp
    secure_chroot_dir=/var/run/vsftpd
    pam_service_name=ftp
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    force_dot_files=YES
    guest_enable=YES
    guest_username=ftp
    /etc/vsftpd/vusers/transfer
    Code:
    write_enable=YES
    anon_mkdir_write_enable=YES
    anon_other_write_enable=YES
    anon_upload_enable=YES
    local_root=/var/www/ftp.transfer
    chroot_local_user=YES
    dirlist_enable=YES
    download_enable=YES
    /etc/pam.d/ftp
    Code:
    auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
    account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
    also
    Code:
    $ls -ld /var/www/ftp.transfer
    drwxrwxrwx 3 ftp ftp 4096 Sep 16 16:54 /var/www/ftp.transfer
    FTP error when downloading is:
    550 Failed to open file

    distro is Hardy, and so I had to instal version 4.2 instead of libdb3-util.. but I doubt that this could be the problem!
    Last edited by devill; September 16th, 2008 at 06:13 PM.

Page 3 of 13 FirstFirst 12345 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •