Configuration vsftpd

[laurentv]

Here is my configuration file / etc / vsftpd / vsftpd.conf

anonymous_enable = NO
local_enable = YES
local_umask = 022
dirmessage_enable = YES
xferlog_enable = YES
connect_from_port_20 = YES
xferlog_file = / var / log / vsftpd.log
xferlog_std_format = YES
listen = YES
chown_username = apache
pam_service_name = vsftpd
userlist_enable = YES
tcp_wrappers = YES
ftpd_banner = Welcome to FTP
guest_enable = YES
guest_username = ftp
chown_upload_mode = 0775
anon_world_readable_only = NO
anon_umask = 022
anon_mkdir_write_enable = YES
anon_other_write_enable = YES
anon_upload_enable = YES
download_enable = YES
write_enable = YES

I want to know if it is correct.
One user connects to the server
Everything works, I just want a confirmation.
thank you

 

[grim76]

It looks ok at a quick look. Is FTP your only option? You might want to think about SFTP chroot of some kind. It would be more secure for file transfers.

 

[laurentv]

Yes you are right,
what do you think of the following parameters:

# SSL 
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

 

[grim76]

Actually you are confusing two things. What you have a configuration for here is FTPS (FTP over SSL). SFTP (SSHs built in file transfer tool) is a different animal and is built into ssh.

This is more along the lines of what I was referring to for SFTP:

https://library.linode.com/security/sftp-jails

 

[laurentv]

I tested SFTP but users are not chroot
they have access to /

 

[grim76]

Read the article that I posted it shows how to do it. If you need something with more details I can find something that will work.

 

[laurentv]

thanks