VSFTPD: a primer

Clint Savage

Fedora Tutorials - http://fedora-tutorials.com

What is VSFTPD?

• VSFTPD - Very Secure FTP Daemon
• Default FTP Server for Fedora/Red Hat
• Not Default FTP Server for Ubuntu (proftpd)
• Provides both anonymous and non-anonymous ftp service
• Designed to be a secure, scalable, stable, fast FTP daemon

FTP Protocol

• Two Modes
• Active
  • Control Connection - TCP port 21
  • Data Connection - TCP port 20
• Passive
  • Control Connection - TCP port 21
  • Data Connection - Ports determined within Control Connection

Installation/Configuration

• Fedora/Red Hat
  • yum install vsftpd
  • Provides /etc/vsftpd/vsftpd.conf
• Ubuntu
  • sudo aptitude install vsftpd
  • Provides /etc/vsftpd.conf

Configuration Files Explained

• vsftpd.conf - main configuration file
man vsftpd.conf for all options and explanations
• Useful Options
  • anonymous_enable=YES|NO - allows/disallows anonymous users
  • anon_upload_enable=YES|NO - Does not work without serious reconfiguration in Ubuntu
  • local_enable=YES|NO - allows/disallows users on the server
  • ftp_username - userid vsftpd will use when validating perms and writing files
  • anon_root=/path/to/anonymous/upload/dir/
    • Fedora/Red Hat - chrooted by default to /var/ftp/
    • Ubuntu - nothing provided by default (/home/ftp/ recommended)
• vsftpd.ftpusers - disallows ftp access to members of list
• /etc/pam.d/vsftpd - controls authentication and authorization

My Configurations

• Fedora/Red Hat vsftpd.conf
• Ubuntu vsftpd.conf