Configuration vsftpd

Discussion in 'General Server' started by laurentv, Aug 22, 2013.

  1. laurentv

    laurentv New Member

    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3
    Here is my configuration file / etc / vsftpd / vsftpd.conf
    Code:
    anonymous_enable = NO
    local_enable = YES
    local_umask = 022
    dirmessage_enable = YES
    xferlog_enable = YES
    connect_from_port_20 = YES
    xferlog_file = / var / log / vsftpd.log
    xferlog_std_format = YES
    listen = YES
    chown_username = apache
    pam_service_name = vsftpd
    userlist_enable = YES
    tcp_wrappers = YES
    ftpd_banner = Welcome to FTP
    guest_enable = YES
    guest_username = ftp
    chown_upload_mode = 0775
    anon_world_readable_only = NO
    anon_umask = 022
    anon_mkdir_write_enable = YES
    anon_other_write_enable = YES
    anon_upload_enable = YES
    download_enable = YES
    write_enable = YES
    
    I want to know if it is correct.
    One user connects to the server
    Everything works, I just want a confirmation.
    thank you

    Last edited: Aug 22, 2013
  2. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    It looks ok at a quick look. Is FTP your only option? You might want to think about SFTP chroot of some kind. It would be more secure for file transfers.
    Rob and DevynCJohnson like this.
  3. laurentv

    laurentv New Member

    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3
    Yes you are right,
    what do you think of the following parameters:

    Code:
    # SSL 
    ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=NO
    force_local_logins_ssl=NO
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    rsa_cert_file=/etc/vsftpd/vsftpd.pem
    
    
  4. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    Actually you are confusing two things. What you have a configuration for here is FTPS (FTP over SSL). SFTP (SSHs built in file transfer tool) is a different animal and is built into ssh.

    This is more along the lines of what I was referring to for SFTP:

    https://library.linode.com/security/sftp-jails
  5. laurentv

    laurentv New Member

    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3
    I tested SFTP but users are not chroot
    they have access to /
  6. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    Read the article that I posted it shows how to do it. If you need something with more details I can find something that will work.
  7. laurentv

    laurentv New Member

    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3

Share This Page