diff --git a/README.md b/README.md index f649b12..ee5b765 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,6 @@ # vsftpd +vsftpd is short for "Very Secure FTP Daemon". +vsftpd is very fast and supports a very high number of concurrent connections. +This package installs the FTP-daemon with a default configuration allowing non-anonymous chroot-logins. + diff --git a/vsftpd-2.0.5-builddefs_h.patch b/vsftpd-2.0.5-builddefs_h.patch new file mode 100644 index 0000000..f60791a --- /dev/null +++ b/vsftpd-2.0.5-builddefs_h.patch @@ -0,0 +1,14 @@ +--- vsftpd-2.0.5/builddefs.h 2006-07-02 23:53:47.000000000 +0200 ++++ vsftpd-2.0.5-fix/builddefs.h 2006-07-05 12:02:09.000000000 +0200 +@@ -1,9 +1,9 @@ + #ifndef VSF_BUILDDEFS_H + #define VSF_BUILDDEFS_H + +-#undef VSF_BUILD_TCPWRAPPERS ++#define VSF_BUILD_TCPWRAPPERS + #define VSF_BUILD_PAM +-#undef VSF_BUILD_SSL ++#define VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ + diff --git a/vsftpd-2.0.5-disable_by_default.patch b/vsftpd-2.0.5-disable_by_default.patch new file mode 100644 index 0000000..9075f99 --- /dev/null +++ b/vsftpd-2.0.5-disable_by_default.patch @@ -0,0 +1,10 @@ +--- vsftpd-2.0.5/xinetd.d/vsftpd 2001-10-11 21:40:17.000000000 +0200 ++++ vsftpd-2.0.5-fix/xinetd.d/vsftpd 2006-07-05 12:04:51.000000000 +0200 +@@ -13,6 +13,6 @@ + # log_on_success += DURATION USERID + # log_on_failure += USERID + nice = 10 +- disable = no ++ disable = yes + } + diff --git a/vsftpd-2.0.5-vsftpd_path.patch b/vsftpd-2.0.5-vsftpd_path.patch new file mode 100644 index 0000000..d70e9f0 --- /dev/null +++ b/vsftpd-2.0.5-vsftpd_path.patch @@ -0,0 +1,11 @@ +--- vsftpd-2.0.5/xinetd.d/vsftpd 2006-07-05 12:08:01.000000000 +0200 ++++ vsftpd-2.0.5-fix/xinetd.d/vsftpd 2006-07-05 12:06:48.000000000 +0200 +@@ -8,7 +8,7 @@ + socket_type = stream + wait = no + user = root +- server = /usr/local/sbin/vsftpd ++ server = /usr/sbin/vsftpd + # server_args = + # log_on_success += DURATION USERID + # log_on_failure += USERID diff --git a/vsftpd-2.2.0-paths.patch b/vsftpd-2.2.0-paths.patch new file mode 100644 index 0000000..74bea24 --- /dev/null +++ b/vsftpd-2.2.0-paths.patch @@ -0,0 +1,64 @@ +diff -Nru vsftpd-2.2.0.orig/tunables.c vsftpd-2.2.0/tunables.c +--- vsftpd-2.2.0.orig/tunables.c 2009-07-15 22:08:27.000000000 +0200 ++++ vsftpd-2.2.0/tunables.c 2009-10-12 19:56:50.000000000 +0200 +@@ -249,16 +249,16 @@ + install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); + install_str_setting("root", &tunable_chown_username); +- install_str_setting("/var/log/xferlog", &tunable_xferlog_file); +- install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file); ++ install_str_setting("/var/log/vsftpd/xferlog", &tunable_xferlog_file); ++ install_str_setting("/var/log/vsftpd/vsftpd.log", &tunable_vsftpd_log_file); + install_str_setting(".message", &tunable_message_file); + install_str_setting("nobody", &tunable_nopriv_user); + install_str_setting(0, &tunable_ftpd_banner); +- install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); +- install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); ++ install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file); ++ install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file); + install_str_setting("ftp", &tunable_pam_service_name); + install_str_setting("ftp", &tunable_guest_username); +- install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); ++ install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file); + install_str_setting(0, &tunable_anon_root); + install_str_setting(0, &tunable_local_root); + install_str_setting(0, &tunable_banner_file); +@@ -271,7 +271,7 @@ + install_str_setting(0, &tunable_hide_file); + install_str_setting(0, &tunable_deny_file); + install_str_setting(0, &tunable_user_sub_token); +- install_str_setting("/etc/vsftpd.email_passwords", ++ install_str_setting("/etc/vsftpd/email_passwords", + &tunable_email_password_file); + install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + &tunable_rsa_cert_file); +diff -Nru vsftpd-2.2.0.orig/vsftpd.conf vsftpd-2.2.0/vsftpd.conf +--- vsftpd-2.2.0.orig/vsftpd.conf 2009-06-17 22:05:28.000000000 +0200 ++++ vsftpd-2.2.0/vsftpd.conf 2009-10-12 19:57:54.000000000 +0200 +@@ -48,7 +48,7 @@ + # + # You may override where the log file goes if you like. The default is shown + # below. +-#xferlog_file=/var/log/vsftpd.log ++#xferlog_file=/var/log/vsftpd/vsftpd.log + # + # If you want, you can have your log file in standard ftpd xferlog format. + # Note that the default log file location is /var/log/xferlog in this case. +@@ -87,7 +87,7 @@ + # useful for combatting certain DoS attacks. + #deny_email_enable=YES + # (default follows) +-#banned_email_file=/etc/vsftpd.banned_emails ++#banned_email_file=/etc/vsftpd/banned_emails + # + # You may specify an explicit list of local users to chroot() to their home + # directory. If chroot_local_user is YES, then this list becomes a list of +@@ -95,7 +95,7 @@ + #chroot_local_user=YES + #chroot_list_enable=YES + # (default follows) +-#chroot_list_file=/etc/vsftpd.chroot_list ++#chroot_list_file=/etc/vsftpd/chroot_list + # + # You may activate the "-R" option to the builtin ls. This is disabled by + # default to avoid remote users being able to cause excessive I/O on large diff --git a/vsftpd-ssl.socket b/vsftpd-ssl.socket new file mode 100644 index 0000000..b18b639 --- /dev/null +++ b/vsftpd-ssl.socket @@ -0,0 +1,9 @@ +[Unit] +Conflicts=vsftpd.service + +[Socket] +ListenStream=990 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/vsftpd.conf b/vsftpd.conf new file mode 100644 index 0000000..71258b7 --- /dev/null +++ b/vsftpd.conf @@ -0,0 +1,132 @@ +# Example config file /etc/vsftpd.conf +# +# The default compiled in settings are fairly paranoid. This sample file +# loosens things up a bit, to make the ftp daemon more usable. +# Please see vsftpd.conf.5 for all compiled in defaults. +# +# READ THIS: This example file is NOT an exhaustive list of vsftpd options. +# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# capabilities. +# +# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +anonymous_enable=YES +# +# Uncomment this to allow local users to log in. +#local_enable=YES +# +# Uncomment this to enable any form of FTP write command. +#write_enable=YES +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +#local_umask=022 +# +# Uncomment this to allow the anonymous FTP user to upload files. This only +# has an effect if the above global write enable is activated. Also, you will +# obviously need to create a directory writable by the FTP user. +#anon_upload_enable=YES +# +# Uncomment this if you want the anonymous FTP user to be able to create +# new directories. +#anon_mkdir_write_enable=YES +# +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES +# +# Activate logging of uploads/downloads. +xferlog_enable=YES +# +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES +# +# If you want, you can arrange for uploaded anonymous files to be owned by +# a different user. Note! Using "root" for uploaded files is not +# recommended! +#chown_uploads=YES +#chown_username=whoever +# +# You may override where the log file goes if you like. The default is shown +# below. +#xferlog_file=/var/log/vsftpd/vsftpd.log +# +# If you want, you can have your log file in standard ftpd xferlog format +#xferlog_std_format=YES +# +# You may change the default value for timing out an idle session. +#idle_session_timeout=600 +# +# You may change the default value for timing out a data connection. +#data_connection_timeout=120 +# +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure +# +# Enable this and the server will recognise asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES +# +# By default the server will pretend to allow ASCII mode but in fact ignore +# the request. Turn on the below options to have the server actually do ASCII +# mangling on files when in ASCII mode. +# Beware that turning on ascii_download_enable enables malicious remote parties +# to consume your I/O resources, by issuing the command "SIZE /big/file" in +# ASCII mode. +# These ASCII options are split into upload and download because you may wish +# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), +# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be +# on the client anyway.. +#ascii_upload_enable=YES +#ascii_download_enable=YES +# +# You may fully customise the login banner string: +#ftpd_banner=Welcome to blah FTP service. +# +# You may specify a file of disallowed anonymous e-mail addresses. Apparently +# useful for combatting certain DoS attacks. +#deny_email_enable=YES +# (default follows) +#banned_email_file=/etc/vsftpd/banned-emails +# +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd/chroot-list +#chroot_local_user=YES +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +#ls_recurse_enable=YES +# +# If enabled, vsftpd will load a list of usernames, from the file- +# name given by userlist_file. If a user tries to log in using a +# name in this file, they will be denied before they are asked for +# a password. This may be useful in preventing cleartext passwords +# being transmitted. See also userlist_deny. +userlist_enable=YES +# +# If enabled, vsftpd will run in standalone mode. This means that +# vsftpd must not be run from an inetd of some kind. Instead, the +# vsftpd executable is run once directly. vsftpd itself will then +# take care of listening for and handling incoming connections. +listen=NO +# +# If enabled, and vsftpd was compiled with tcp_wrappers support, +# incoming connections will be fed through tcp_wrappers access +# control. Furthermore, there is a mechanism for per-IP based con- +# figuration. If tcp_wrappers sets the VSFTPD_LOAD_CONF environ- +# ment variable, then the vsftpd session will try and load the +# vsftpd configuration file specified in this variable. +#tcp_wrappers=YES +# +# If enabled, vsftpd will display directory listings with the time +# in your local time zone. The default is to display GMT. The +# times returned by the MDTM FTP command are also affected by this +# option. +use_localtime=YES diff --git a/vsftpd.ftpusers b/vsftpd.ftpusers new file mode 100644 index 0000000..096142f --- /dev/null +++ b/vsftpd.ftpusers @@ -0,0 +1,15 @@ +# Users that are not allowed to login via ftp +root +bin +daemon +adm +lp +sync +shutdown +halt +mail +news +uucp +operator +games +nobody diff --git a/vsftpd.init b/vsftpd.init new file mode 100644 index 0000000..cbb1a39 --- /dev/null +++ b/vsftpd.init @@ -0,0 +1,100 @@ +#!/bin/bash +# +# vsftpd This shell script takes care of starting and stopping +# standalone vsftpd. Customized to be used with CentOS 5.4 +# and Monit by creating PID files for each process +# +# chkconfig: - 60 50 +# description: Vsftpd is a ftp daemon, which is the program \ +# that answers incoming ftp service requests. +# processname: vsftpd +# config: /etc/vsftpd/vsftpd.conf + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +pidfileFromConf() { + echo /var/run/vsftpd/`basename $1 .conf`.pid +} + +pidFromConf() { + ps auxf | grep -v grep | grep $1 | awk '{print $2}' +} + +RETVAL=0 +prog="vsftpd" + +# Create the vsftpd pid folder if it doesn't exist +[ -d /var/run/vsftpd ] || mkdir /var/run/vsftpd + +start() { + # Start daemons. + [ -x /usr/sbin/vsftpd ] || exit 4 + + CONFS=`ls /etc/vsftpd/*.conf 2>/dev/null` + [ -z "$CONFS" ] && exit 6 + for i in $CONFS; do + site=`basename $i .conf` + echo -n $"Starting $prog for $site: " + daemon /usr/sbin/vsftpd $i + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog + echo + + echo -n "Creating pidfile for $site: " + echo `pidFromConf $i` > `pidfileFromConf $i` + [ $? -eq 0 ] && success || failure + echo + done + return $RETVAL +} + +stop() { + # Stop daemons. + echo -n $"Shutting down $prog: " + killproc $prog + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog + + echo -n "Deleting pidfiles: " + rm -f /var/run/vsftpd/*.pid + [ $? -eq 0 ] && success || failure + echo + + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + start + RETVAL=$? + ;; + condrestart) + if [ -f /var/lock/subsys/$prog ]; then + stop + start + RETVAL=$? + fi + ;; + status) + status $prog + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart|condrestart|status}" + exit 2 +esac + +exit $RETVAL diff --git a/vsftpd.logrotate b/vsftpd.logrotate new file mode 100644 index 0000000..73f9f37 --- /dev/null +++ b/vsftpd.logrotate @@ -0,0 +1,9 @@ +/var/log/vsftpd/vsftpd.log { + # ftpd doesn't handle SIGHUP properly + weekly + rotate 5 + copytruncate + compress + notifempty + missingok +} diff --git a/vsftpd.pam b/vsftpd.pam new file mode 100644 index 0000000..e6026e8 --- /dev/null +++ b/vsftpd.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed +auth required pam_env.so +#auth requires pam_shells.so +auth sufficient pam_unix.so likeauth nullok +#auth sufficient pam_ldap.so use_first_pass +auth required pam_deny.so +account include system-auth +session include system-auth diff --git a/vsftpd.service b/vsftpd.service new file mode 100644 index 0000000..d4f7251 --- /dev/null +++ b/vsftpd.service @@ -0,0 +1,10 @@ +[Unit] +Description=vsftpd daemon + +[Service] +ExecStart=/usr/sbin/vsftpd -olisten_ipv6=yes +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/vsftpd.socket b/vsftpd.socket new file mode 100644 index 0000000..cdc0d33 --- /dev/null +++ b/vsftpd.socket @@ -0,0 +1,9 @@ +[Unit] +Conflicts=vsftpd.service + +[Socket] +ListenStream=21 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/vsftpd.spec b/vsftpd.spec new file mode 100644 index 0000000..3e781b3 --- /dev/null +++ b/vsftpd.spec @@ -0,0 +1,245 @@ +%define nobodygroupid 65013 +%define nobodyuserid 65013 + +%define ftpgroupid 65014 +%define ftpuserid 65014 + +Name: vsftpd +Version: 3.0.2 +Release: 3mamba +Summary: Very Secure File Transfer Protocol Daemon. +Group: System/Servers +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: https://security.appspot.com/vsftpd.html +Source0: https://security.appspot.com/downloads/vsftpd-%{version}.tar.gz +Source1: vsftpd.pam +Source2: vsftpd.ftpusers +Source3: vsftpd.user_list +Source4: vsftpd.logrotate +Source5: vsftpd.conf +Source6: vsftpd.init +Source7: vsftpd.service +Source8: vsftpd@.service +Source9: vsftpd.socket +Source10: vsftpd-ssl.socket +Patch0: %{name}-2.2.0-paths.patch +Patch1: %{name}-2.0.5-builddefs_h.patch +Patch2: %{name}-2.0.5-disable_by_default.patch +Patch3: %{name}-2.0.5-vsftpd_path.patch +License: GPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libcap-devel +BuildRequires: libopenssl-devel +BuildRequires: libwrap-devel +BuildRequires: pam-devel +## AUTOBUILDREQ-END +BuildRequires: tcp_wrappers-devel >= 7.6 +Requires: pam >= 0.77 +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +vsftpd is short for "Very Secure FTP Daemon". +vsftpd is very fast and supports a very high number of concurrent connections. +This package installs the FTP-daemon with a default configuration allowing non-anonymous chroot-logins. + +%prep +%setup -q +%patch0 -p1 -b .paths +%patch1 -p1 -b .builddefs_h +%patch2 -p1 -b .disable_by_default +%patch3 -p1 -b .vsftpd_path +%ifarch x86_64 +sed -i "s|/lib/|/lib64/|g" vsf_findlibs.sh +%endif + +%build +%make CC=%{_host}-gcc \ +%if "%{_host}" != "%{_build}" + LIBS="-lwrap -lnsl -lpam -ldl -lnsl -lresolv -lssl -lcrypt -lcap -lcrypto -lattr" +%endif + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +install -d %{buildroot}%{_datadir}/empty +install -d %{buildroot}/var/ftp/pub +install -d %{buildroot}/var/log/vsftpd + +install -d %{buildroot}%{_sysconfdir}/vsftpd +touch %{buildroot}%{_sysconfdir}/vsftpd/banned-emails +touch %{buildroot}%{_sysconfdir}/vsftpd/chroot-list + +install -D -m 755 vsftpd \ + %{buildroot}%{_sbindir}/vsftpd +install -D -m 600 vsftpd.conf \ + %{buildroot}%{_sysconfdir}/vsftpd.conf +#install -D -m 644 xinetd.d/vsftpd \ +# %{buildroot}%{_sysconfdir}/xinetd.d/vsftpd + +install -D -m 644 vsftpd.conf.5 \ + %{buildroot}%{_mandir}/man5/vsftpd.conf.5 +install -D -m 644 vsftpd.8 \ + %{buildroot}%{_mandir}/man8/vsftpd.8 + +install -D -m 644 %{S:1} %{buildroot}%{_sysconfdir}/pam.d/ftp +install -D -m 600 %{S:2} %{buildroot}%{_sysconfdir}/vsftpd/ftpusers +install -D -m 600 %{S:3} %{buildroot}%{_sysconfdir}/vsftpd/user_list +install -D -m 644 %{S:4} %{buildroot}%{_sysconfdir}/logrotate.d/vsftpd +install -D -m 644 %{S:5} %{buildroot}%{_sysconfdir}/vsftpd.conf +#install -D -m 755 %{S:6} %{buildroot}%{_initrddir}/vsftpd +install -D -m0644 %{S:7} %{buildroot}/lib/systemd/system/vsftpd.service +install -D -m0644 %{S:8} %{buildroot}/lib/systemd/system/vsftpd@.service +install -D -m0644 %{S:9} %{buildroot}/lib/systemd/system/vsftpd.socket +install -D -m0644 %{S:10} %{buildroot}/lib/systemd/system/vsftpd-ssl.socket + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%pre +groupadd nobody -g %{nobodygroupid} &>/dev/null +useradd -c nobody -u %{nobodyuserid} -d /dev/null \ + -g nobody -s /bin/false nobody &>/dev/null +groupadd ftp -g %{ftpgroupid} &>/dev/null || true +useradd -c "Ftp user" -d /var/ftp -u %{ftpuserid} \ + -g ftp -s /bin/false ftp &>/dev/null +exit 0 + +%preun +if [ $1 -eq 0 ]; then +# erase + userdel ftp &>/dev/null +fi +exit 0 + +%posttrans +systemctl -q daemon-reload +exit 0 + +%files +%defattr(-, root, root) +%config(noreplace) %{_sysconfdir}/pam.d/ftp +%config %{_sysconfdir}/logrotate.d/vsftpd +%{_sbindir}/vsftpd +/lib/systemd/system/vsftpd.service +/lib/systemd/system/vsftpd@.service +/lib/systemd/system/vsftpd.socket +/lib/systemd/system/vsftpd-ssl.socket +%attr(0555,ftp,ftp) %dir /var/ftp +%attr(2555,ftp,ftp) %dir /var/ftp/pub +%attr(700,root,root) %dir %{_sysconfdir}/vsftpd +%attr(600,root,root) %config(noreplace) %{_sysconfdir}/vsftpd/* +%attr(600,root,root) %config(noreplace) %{_sysconfdir}/vsftpd.conf +%{_mandir}/*/* +%{_datadir}/empty +%dir %attr(600,root,root) /var/log/vsftpd + +%changelog +* Sun Sep 29 2013 Silvan Calarco 3.0.2-3mamba +- switch from xinetd to systemd + +* Sun Nov 11 2012 Silvan Calarco 3.0.2-2mamba +- added initscript for stand-alone execution + +* Thu Nov 08 2012 Automatic Build System 3.0.2-1mamba +- automatic version update by autodist + +* Sun Sep 16 2012 Automatic Build System 3.0.1-1mamba +- automatic version update by autodist + +* Tue Apr 10 2012 Automatic Build System 3.0.0-1mamba +- automatic version update by autodist + +* Sun Feb 12 2012 Automatic Build System 2.3.5-1mamba +- update to 2.3.5 + +* Wed Feb 16 2011 Automatic Build System 2.3.4-1mamba +- automatic update by autodist + +* Fri Aug 20 2010 Automatic Build System 2.3.2-1mamba +- automatic update to 2.3.2 by autodist + +* Thu Aug 19 2010 Automatic Build System 2.3.1-1mamba +- automatic update to 2.3.1 by autodist + +* Fri Aug 06 2010 Automatic Build System 2.3.0-1mamba +- automatic update to 2.3.0 by autodist + +* Wed Nov 18 2009 Automatic Build System 2.2.2-1mamba +- automatic update to 2.2.2 by autodist + +* Mon Oct 19 2009 Automatic Build System 2.2.1-1mamba +- automatic update to 2.2.1 by autodist + +* Mon Oct 12 2009 Automatic Build System 2.2.0-1mamba +- automatic update to 2.2.0 by autodist + +* Tue Jun 02 2009 Silvan Calarco 2.1.2-2mamba +- set LISTEN=NO in default configuration to prevent it from working in xinet mode + +* Sat May 30 2009 Automatic Build System 2.1.2-1mamba +- automatic update to 2.1.2 by autodist + +* Fri Feb 20 2009 Silvan Calarco 2.1.0-1mamba +- automatic update to 2.1.0 by autodist + +* Sat Aug 30 2008 Silvan Calarco 2.0.7-1mamba +- update to 2.0.7 + +* Wed Feb 13 2008 Silvan Calarco 2.0.6-1mamba +- update to 2.0.6 +- updated pam file and commented pam_ldap auth line + +* Wed Jul 05 2006 Davide Madrisan 2.0.5-1qilnx +- update to version 2.0.5 by autospec +- updated specfile + +* Thu Apr 13 2006 Davide Madrisan 2.0.4-1qilnx +- update to version 2.0.4 by autospec + +* Thu Mar 03 2005 Silvan Calarco 2.0.2-1qilnx +- update to version 2.0.2 by autospec + +* Wed Dec 01 2004 Silvan Calarco 2.0.1-6qilnx +- enabled use_localtime option by default + +* Wed Dec 01 2004 Silvan Calarco 2.0.1-5qilnx +- fix of prevoius fix + +* Wed Dec 01 2004 Silvan Calarco 2.0.1-4qilnx +- rename pam service from vsftpd to ftp +- added some (commented) option in vsftpd.conf + +* Mon Nov 08 2004 Silvan Calarco 2.0.1-3qilnx +- rebuild with tcp wrapper and ssl support + +* Sun Nov 07 2004 Silvan Calarco 2.0.1-2qilnx +- fixed logrotate script + +* Mon Jul 12 2004 Silvan Calarco 2.0.1-1qilnx +- new version build + +* Fri May 28 2004 Silvan Calarco 1.2.2-1qilnx +- new version build +- modified vsftpd pam file to allow login of users without shell + +* Wed Dec 17 2003 Silvan Calarco 1.2.1-1qilnx +- new version build +- added user and group ids > 65000 +- fixed logfile configuration and moved to /var/log/vsftpd dir + +* Wed Oct 15 2003 Davide Madrisan 1.2.0-2qilnx +- xinetd.d/vsftpd modified to make the ftp server disabled by default +- added pam dependences; hardcoded system directories moved to rpm variables + +* Wed Sep 03 2003 Silvan Calarco 1.2.0-1qilnx +- added creation of ftp and nobody user +- removed paths from pam.d file + +* Mon May 26 2003 Silvan Calarco 1.1.3-2qilnx +- added creation of ftp and nobody user +- removed paths from pam.d file + +* Wed Apr 23 2003 Mirko Cortillaro 1.1.3-1qilnx +- wrote a spec file for vsftpd diff --git a/vsftpd.user_list b/vsftpd.user_list new file mode 100644 index 0000000..d283e3d --- /dev/null +++ b/vsftpd.user_list @@ -0,0 +1,20 @@ +# vsftpd userlist +# If userlist_deny=NO, only allow users in this file +# If userlist_deny=YES (default), never allow users in this file, and +# do not even prompt for a password. +# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers +# for users that are denied. +root +bin +daemon +adm +lp +sync +shutdown +halt +mail +news +uucp +operator +games +nobody diff --git a/vsftpd@.service b/vsftpd@.service new file mode 100644 index 0000000..3f19c84 --- /dev/null +++ b/vsftpd@.service @@ -0,0 +1,7 @@ +[Unit] +Description=vsftpd per-connection server + +[Service] +ExecStart=-/usr/sbin/vsftpd +ExecReload=/bin/kill -HUP $MAINPID +StandardInput=socket