[Howto] vsftpd unter debian4.0 (berkleydb pam auth / light-weight virtualhost solution)

Backup, Restore und Transfer von Daten
Posts: 42
Joined: 2007-01-21 15:07

[Howto] vsftpd unter debian4.0 (berkleydb pam auth / light-weight virtualhost solution)

Post by guwapo »

An sich ne schnelle Geschichte. Auch hier fehlen meinerseits (noch) genauere Erklärungen. Docs sind aber verlinkt und können 100%ig nachvollzogen werden

Die Linuxprofis unter euch werden sicherlich die "Umstellung" von Sarge -> Etch problemlos gemeistert haben, aber für einen Anfänger vielleicht interessant.
ProFTPD -> http://www.rootforum.org/forum/viewtopic.php?t=44394 (mittlerweile denk ich meinerseits "solved")
Pure-FTPD -> gefiel mir vieeeel besser als ProFTPD von der Einfachheit her. Aber es gibt leider einige Probleme (http://www.rootforum.org/forum/viewtopi ... 315#285315)

vsftpd ist ziehmlich klein, einfach zu handhaben.

- umask config direktive hinzugefügt: die Einstellung dürfte nun mehr "common sense" sein ;)
- ftpd_banner config direktive hinzugefügt: wichtiger Sicherheitsaspekt -> "security by obscurity" (siehe: http://www.rootforum.org/forum/viewtopic.php?t=42663)

Code: Select all

                 H O W T O     F T P     W I T H     D E B I A N  4 . 0


                         FTP SERVER (VSFTPD) WITH VIRTUAL USERS                          

disclaimer:           I am not responsible for any damage at all! Please always do first
                      a local installation before adapting it on a production server. This
                      Howto is meant to be for a REAL light-weight solution without any 
                      losses in security. Therefor there is now *sneaky* web
                      administration nor are user data stored via mysql (=heavy-weight!)

system:               debian etch (4.0)
                      [test hw: AMD Athlon 1GHz, 512MB RAM, 4GB HDD]

info:                 # => shell command
                      : => active (uncommented) config line (use accordingly)
                      ; => inactive (commented) config line

changelines:          -

license:              (by-nc-sa): guwapo AT thedoghouse DOT bz

last update (@#):     11.05.2007 0.2 - added umask, ftpd_banner (security issue)


- http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/
- http://alien2thisworld.net/sitePages/tutorials/vsftpd_virtual_users_setup.html
- http://brundlelab.wordpress.com/2007/03/21/vsftd-and-virtual-users/
- ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/EXAMPLE/VIRTUAL_USERS/README
- http://vsftpd.beasts.org/vsftpd_conf.html

1) Install vsftpd + utils (needed for backend)
# apt-get install vsftpd db4.4-util

2) Create virtual-user backend
# mkdir /etc/vsftpd && cd /etc/vsftpd && nano /etc/vsftpd/logins

alternately type in username and password per line:


# cd /etc/vsftpd && db4.4_load -T -t hash -f logins /etc/vsftpd_login.db && chmod 600 /etc/vsftpd_login.db
# nano /etc/pam.d/vsftpd

(delete/comment everything)

: auth required pam_userdb.so db=/etc/vsftpd_login
: account required pam_userdb.so db=/etc/vsftpd_login

3) Create virtual enviroment
# mkdir /var/www/virtual
# mkdir /var/www/virtual/{USER}

do not forget to chown, or virtual-users will not be able to upload anything
# chown -R ftp:nogroup /var/www/virtual

4) Edit vsftpd.conf
# nano /etc/vsftpd.conf

(please check the docs / manual for each directive!)

: listen=YES
: anonymous_enable=NO
: local_enable=YES
: virtual_use_local_privs=YES
: write_enable=YES
: connect_from_port_20=YES
: secure_chroot_dir=/var/run/vsftpd
: pam_service_name=vsftpd
: guest_enable=YES
: user_sub_token=$USER
: local_root=/var/www/virtual/$USER
: chroot_local_user=YES
: hide_ids=YES
: local_umask=022
: ftpd_banner=I am a l33t ftp server!

(always add some random ftpd_banner. In case there is security hole, kiddies
won't find your server when searching for this specific version of ftpd)

5) Restart & Check (error logs)
# /etc/init.d/vsftpd restart


This was easy huh? Vsftpd is really a nice ftpd with a very small memory foot-print. The
configuration is easy (= not much to do wrong ;) ) and the virtual-user backend is easy to
manage! I just had to many problemes with pure-ftpd:
I think a better alternative would be proftpd, but the configuration is a little more
complicated, so I would only use it with the mysql-backend feature (which works perfect!).
But that would not be any more lightweight, e.g. if you have a small server where you only
need a ftpd ;)