![]() |
(redirected from Unslung.Vsftpd) vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time. The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:
Test it out with your favorite ftp client, and enjoy. Tip: Make sure the file /unslung/rc.xinetd is executable. Using "chmod 755 /unslung/rc.xinetd". Troubleshooting
Solution: In the configuration file verify that you have local_enable=yes and user/pass is correct. If still doesn't work add in check_shell=no
Solution: Upgrade to the newest version of the vsftpd package with ipkg remove vsftpd ; ipkg update ; ipkg install vsftpd
Solution: Upgrade to the newest version of the vsftpd package with ipkg remove vsftpd ; ipkg update ; ipkg install vsftpd
Solution: Inetutils uses its own inetd.conf file stored in /opt/etc but does not import what is already in /etc/inetd.conf upon installation. Insert a line for vsftp there and do kill -HUP <PID of inetd> for inetd to reread the configuration. Note that the format for inetd.conf lines is different from that given here (the program base name must be given as the first argument), so the line should read ftp stream tcp nowait root /opt/sbin/vsftpd vsftpd /opt/etc/vsftpd.conf . Maybe you would like to add telnet while you're at it, since it will no longer start after installing inetutils (add telnet stream tcp nowait root /opt/libexec/telnetd telnetd as a line in /opt/etc/inetd.conf)
Solution: Create (mkdir) /usr/share and /usr/share/empty from a telnet session
Solution: Add the "check_shell=NO" option in your vsftpd conf file (usually (/opt/etc/vsftpd.conf)
Solution: Change the echo line in /unslung/rc.xinetd to: echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
Cause: The sub-directory /root does not exist
Solution 1: Use #mkdir /root to create the sub-directory
Solution 2: Use vi to edit the /opt/passwd file. Change /root to / or an existing directory.
Tip #1 - Enabling User Level AccessTo enable use of user account username/password for FTP, the following worked for me /etc/passwd By default the web gui creates users with no home directory and a null shell. Heres an example of what the gui creates by default:
change this to:
where /share/hdd/data/someuser is the users home directory. If you've updated busybox, the shell should be /opt/bin/sh instead
If you change a user password in the web gui, it will reset the /etc/passwd changes, you'll change to make the changes above again.
If you've updated Busybox If you've updated busybox, the /etc/shells file as described in Unslung.UpgradeBusyBoxUsingIpkg is needed.
Enable chroot jail add the following to /opt/etc/vsftpd.conf
This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work. Tip #2 - Logging(note that this will become the default as of ipk version 2.0.1-5) The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following
Edit /share/hdd/conf/opt/etc/vsftpd.conf, comment out the line
then add the following
Tip #3 - Enabling different user level accessFor example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files. 1. Follow the guidelines in Tip #1 (here above) 2. Add the following line to the /opt/etc/vsftpd.conf file
3. Create the directory /opt/etc/vsftpd_user_conf
4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user
5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user
OR
Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs? Tip #4 - Security - Disable root and adminBy default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following: Create /opt/etc/vsftpd.user_list with
Add these lines to /opt/etc/vsftpd.conf
Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.
view ·
edit ·
print ·
history ·
Last edited by BrianZhou.
Based on work by Phil Endecott, yaasel, rwhitby, Bush, Poutnik, ST, dfgdgaw, PatrickSchneider, dsafsfd, peter blok, pablok, markc, Eric Wu, tman, nsc, DougLourey, RobHam, Frans Meulenbroeks, Arno, bob_tm, C de Bruin, Mathieu, bobtm, RickardDahlstrand, wstewart, jeremyeglen, Spast, Olivier Mungo, wipmac, and scott. Originally by jeremyeglen. Page last modified on October 07, 2008, at 08:50 PM
|