switch from xinetd to systemd [release 3.0.2-3mamba;Sun Sep 29 2013]

README.md

@@ -1,2 +1,6 @@
 # vsftpd
 
+vsftpd is short for "Very Secure FTP Daemon".
+vsftpd is very fast and supports a very high number of concurrent connections.
+This package installs the FTP-daemon with a default configuration allowing non-anonymous chroot-logins.
+

vsftpd-2.0.5-builddefs_h.patch

@@ -0,0 +1,14 @@
+--- vsftpd-2.0.5/builddefs.h	2006-07-02 23:53:47.000000000 +0200
++++ vsftpd-2.0.5-fix/builddefs.h	2006-07-05 12:02:09.000000000 +0200
+@@ -1,9 +1,9 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+ 
+-#undef VSF_BUILD_TCPWRAPPERS
++#define VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+-#undef VSF_BUILD_SSL
++#define VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
+ 

vsftpd-2.0.5-disable_by_default.patch

@@ -0,0 +1,10 @@
+--- vsftpd-2.0.5/xinetd.d/vsftpd	2001-10-11 21:40:17.000000000 +0200
++++ vsftpd-2.0.5-fix/xinetd.d/vsftpd	2006-07-05 12:04:51.000000000 +0200
+@@ -13,6 +13,6 @@
+ #       log_on_success          += DURATION USERID
+ #       log_on_failure          += USERID
+         nice                    = 10
+-        disable                 = no
++        disable                 = yes
+ }
+ 

vsftpd-2.0.5-vsftpd_path.patch

@@ -0,0 +1,11 @@
+--- vsftpd-2.0.5/xinetd.d/vsftpd	2006-07-05 12:08:01.000000000 +0200
++++ vsftpd-2.0.5-fix/xinetd.d/vsftpd	2006-07-05 12:06:48.000000000 +0200
+@@ -8,7 +8,7 @@
+         socket_type             = stream
+         wait                    = no
+         user                    = root
+-        server                  = /usr/local/sbin/vsftpd
++        server                  = /usr/sbin/vsftpd
+ #       server_args             =
+ #       log_on_success          += DURATION USERID
+ #       log_on_failure          += USERID

vsftpd-2.2.0-paths.patch

@@ -0,0 +1,64 @@
+diff -Nru vsftpd-2.2.0.orig/tunables.c vsftpd-2.2.0/tunables.c
+--- vsftpd-2.2.0.orig/tunables.c	2009-07-15 22:08:27.000000000 +0200
++++ vsftpd-2.2.0/tunables.c	2009-10-12 19:56:50.000000000 +0200
+@@ -249,16 +249,16 @@
+   install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+   install_str_setting("root", &tunable_chown_username);
+-  install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
+-  install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file);
++  install_str_setting("/var/log/vsftpd/xferlog", &tunable_xferlog_file);
++  install_str_setting("/var/log/vsftpd/vsftpd.log", &tunable_vsftpd_log_file);
+   install_str_setting(".message", &tunable_message_file);
+   install_str_setting("nobody", &tunable_nopriv_user);
+   install_str_setting(0, &tunable_ftpd_banner);
+-  install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
+-  install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
++  install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file);
++  install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file);
+   install_str_setting("ftp", &tunable_pam_service_name);
+   install_str_setting("ftp", &tunable_guest_username);
+-  install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
++  install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file);
+   install_str_setting(0, &tunable_anon_root);
+   install_str_setting(0, &tunable_local_root);
+   install_str_setting(0, &tunable_banner_file);
+@@ -271,7 +271,7 @@
+   install_str_setting(0, &tunable_hide_file);
+   install_str_setting(0, &tunable_deny_file);
+   install_str_setting(0, &tunable_user_sub_token);
+-  install_str_setting("/etc/vsftpd.email_passwords",
++  install_str_setting("/etc/vsftpd/email_passwords",
+                       &tunable_email_password_file);
+   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
+                       &tunable_rsa_cert_file);
+diff -Nru vsftpd-2.2.0.orig/vsftpd.conf vsftpd-2.2.0/vsftpd.conf
+--- vsftpd-2.2.0.orig/vsftpd.conf	2009-06-17 22:05:28.000000000 +0200
++++ vsftpd-2.2.0/vsftpd.conf	2009-10-12 19:57:54.000000000 +0200
+@@ -48,7 +48,7 @@
+ #
+ # You may override where the log file goes if you like. The default is shown
+ # below.
+-#xferlog_file=/var/log/vsftpd.log
++#xferlog_file=/var/log/vsftpd/vsftpd.log
+ #
+ # If you want, you can have your log file in standard ftpd xferlog format.
+ # Note that the default log file location is /var/log/xferlog in this case.
+@@ -87,7 +87,7 @@
+ # useful for combatting certain DoS attacks.
+ #deny_email_enable=YES
+ # (default follows)
+-#banned_email_file=/etc/vsftpd.banned_emails
++#banned_email_file=/etc/vsftpd/banned_emails
+ #
+ # You may specify an explicit list of local users to chroot() to their home
+ # directory. If chroot_local_user is YES, then this list becomes a list of
+@@ -95,7 +95,7 @@
+ #chroot_local_user=YES
+ #chroot_list_enable=YES
+ # (default follows)
+-#chroot_list_file=/etc/vsftpd.chroot_list
++#chroot_list_file=/etc/vsftpd/chroot_list
+ #
+ # You may activate the "-R" option to the builtin ls. This is disabled by
+ # default to avoid remote users being able to cause excessive I/O on large

vsftpd-ssl.socket

@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=990
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

vsftpd.conf

@@ -0,0 +1,132 @@
+# Example config file /etc/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=YES
+#
+# Uncomment this to allow local users to log in.
+#local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+#write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd/banned-emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd/chroot-list
+#chroot_local_user=YES
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# If enabled, vsftpd will load a list of usernames, from the file-
+# name given by userlist_file.  If a user tries to log in using  a
+# name in this file, they will be denied before they are asked for
+# a password. This may be useful in preventing cleartext passwords
+# being transmitted. See also userlist_deny.
+userlist_enable=YES
+#
+# If enabled, vsftpd will run in standalone mode. This means  that
+# vsftpd  must not be run from an inetd of some kind. Instead, the
+# vsftpd executable is run once directly. vsftpd itself will  then
+# take care of listening for and handling incoming connections.
+listen=NO
+#
+# If  enabled,  and vsftpd was compiled with tcp_wrappers support,
+# incoming connections will be  fed  through  tcp_wrappers  access
+# control. Furthermore, there is a mechanism for per-IP based con-
+# figuration. If tcp_wrappers sets the  VSFTPD_LOAD_CONF  environ-
+# ment  variable,  then  the  vsftpd session will try and load the
+# vsftpd configuration file specified in this variable.
+#tcp_wrappers=YES
+#
+# If enabled, vsftpd will display directory listings with the time
+# in your local time zone. The default  is  to  display  GMT.  The
+# times returned by the MDTM FTP command are also affected by this
+# option.
+use_localtime=YES

vsftpd.ftpusers

@@ -0,0 +1,15 @@
+# Users that are not allowed to login via ftp
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody

vsftpd.init

@@ -0,0 +1,100 @@
+#!/bin/bash
+#
+# vsftpd      This shell script takes care of starting and stopping
+#             standalone vsftpd. Customized to be used with CentOS 5.4
+#             and Monit by creating PID files for each process
+#
+# chkconfig: - 60 50
+# description: Vsftpd is a ftp daemon, which is the program \
+#              that answers incoming ftp service requests.
+# processname: vsftpd
+# config: /etc/vsftpd/vsftpd.conf
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+pidfileFromConf() {
+    echo /var/run/vsftpd/`basename $1 .conf`.pid
+}
+
+pidFromConf() {
+    ps auxf | grep -v grep | grep $1 | awk '{print $2}'
+}
+
+RETVAL=0
+prog="vsftpd"
+
+# Create the vsftpd pid folder if it doesn't exist            
+[ -d /var/run/vsftpd ] || mkdir /var/run/vsftpd
+
+start() {
+        # Start daemons.
+        [ -x /usr/sbin/vsftpd ] || exit 4
+
+        CONFS=`ls /etc/vsftpd/*.conf 2>/dev/null`
+        [ -z "$CONFS" ] && exit 6
+        for i in $CONFS; do
+            site=`basename $i .conf`
+            echo -n $"Starting $prog for $site: "
+            daemon /usr/sbin/vsftpd $i
+            RETVAL=$?
+            [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
+            echo
+
+            echo -n "Creating pidfile for $site: "
+            echo `pidFromConf $i` > `pidfileFromConf $i`
+            [ $? -eq 0 ] && success || failure
+            echo
+        done
+        return $RETVAL
+}
+
+stop() {
+        # Stop daemons.
+        echo -n $"Shutting down $prog: "
+        killproc $prog
+        RETVAL=$?
+        echo
+        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
+
+        echo -n "Deleting pidfiles: "
+        rm -f /var/run/vsftpd/*.pid
+        [ $? -eq 0 ] && success || failure
+        echo
+
+        return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+  start)
+        start
+        ;;
+  stop)
+        stop
+        ;;
+  restart|reload)
+        stop
+        start
+        RETVAL=$?
+        ;;
+  condrestart)
+        if [ -f /var/lock/subsys/$prog ]; then
+            stop
+            start
+            RETVAL=$?
+        fi
+        ;;
+  status)
+        status $prog
+        RETVAL=$?
+        ;;
+  *)
+        echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+        exit 2
+esac
+
+exit $RETVAL

vsftpd.logrotate

@@ -0,0 +1,9 @@
+/var/log/vsftpd/vsftpd.log {
+    # ftpd doesn't handle SIGHUP properly
+    weekly
+    rotate 5
+    copytruncate
+    compress
+    notifempty
+    missingok
+}

vsftpd.pam

@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth       required	pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
+auth       required     pam_env.so
+#auth      requires	pam_shells.so
+auth       sufficient   pam_unix.so likeauth nullok
+#auth       sufficient	pam_ldap.so use_first_pass
+auth       required     pam_deny.so
+account    include      system-auth
+session    include      system-auth

vsftpd.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=vsftpd daemon
+
+[Service]
+ExecStart=/usr/sbin/vsftpd -olisten_ipv6=yes
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

vsftpd.socket

@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=21
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

vsftpd.spec

@@ -0,0 +1,245 @@
+%define nobodygroupid 65013
+%define nobodyuserid  65013
+
+%define ftpgroupid    65014
+%define ftpuserid     65014
+
+Name:          vsftpd
+Version:       3.0.2
+Release:       3mamba
+Summary:       Very Secure File Transfer Protocol Daemon.
+Group:         System/Servers
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           https://security.appspot.com/vsftpd.html
+Source0:       https://security.appspot.com/downloads/vsftpd-%{version}.tar.gz
+Source1:       vsftpd.pam
+Source2:       vsftpd.ftpusers
+Source3:       vsftpd.user_list
+Source4:       vsftpd.logrotate
+Source5:       vsftpd.conf
+Source6:       vsftpd.init
+Source7:       vsftpd.service
+Source8:       vsftpd@.service
+Source9:       vsftpd.socket
+Source10:      vsftpd-ssl.socket
+Patch0:        %{name}-2.2.0-paths.patch
+Patch1:        %{name}-2.0.5-builddefs_h.patch
+Patch2:        %{name}-2.0.5-disable_by_default.patch
+Patch3:        %{name}-2.0.5-vsftpd_path.patch
+License:       GPL
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libcap-devel
+BuildRequires: libopenssl-devel
+BuildRequires: libwrap-devel
+BuildRequires: pam-devel
+## AUTOBUILDREQ-END
+BuildRequires: tcp_wrappers-devel >= 7.6
+Requires:      pam >= 0.77
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+vsftpd is short for "Very Secure FTP Daemon".
+vsftpd is very fast and supports a very high number of concurrent connections.
+This package installs the FTP-daemon with a default configuration allowing non-anonymous chroot-logins.
+
+%prep
+%setup -q
+%patch0 -p1 -b .paths
+%patch1 -p1 -b .builddefs_h
+%patch2 -p1 -b .disable_by_default
+%patch3 -p1 -b .vsftpd_path
+%ifarch x86_64
+sed -i "s|/lib/|/lib64/|g" vsf_findlibs.sh
+%endif
+
+%build
+%make CC=%{_host}-gcc \
+%if "%{_host}" != "%{_build}"
+   LIBS="-lwrap -lnsl -lpam -ldl -lnsl -lresolv -lssl -lcrypt -lcap -lcrypto -lattr"
+%endif
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+install -d %{buildroot}%{_datadir}/empty
+install -d %{buildroot}/var/ftp/pub
+install -d %{buildroot}/var/log/vsftpd
+
+install -d %{buildroot}%{_sysconfdir}/vsftpd
+touch %{buildroot}%{_sysconfdir}/vsftpd/banned-emails
+touch %{buildroot}%{_sysconfdir}/vsftpd/chroot-list
+
+install -D -m 755 vsftpd \
+   %{buildroot}%{_sbindir}/vsftpd
+install -D -m 600 vsftpd.conf \
+   %{buildroot}%{_sysconfdir}/vsftpd.conf
+#install -D -m 644 xinetd.d/vsftpd \
+#   %{buildroot}%{_sysconfdir}/xinetd.d/vsftpd
+
+install -D -m 644 vsftpd.conf.5 \
+   %{buildroot}%{_mandir}/man5/vsftpd.conf.5
+install -D -m 644 vsftpd.8 \
+   %{buildroot}%{_mandir}/man8/vsftpd.8
+
+install -D -m 644 %{S:1} %{buildroot}%{_sysconfdir}/pam.d/ftp
+install -D -m 600 %{S:2} %{buildroot}%{_sysconfdir}/vsftpd/ftpusers
+install -D -m 600 %{S:3} %{buildroot}%{_sysconfdir}/vsftpd/user_list
+install -D -m 644 %{S:4} %{buildroot}%{_sysconfdir}/logrotate.d/vsftpd
+install -D -m 644 %{S:5} %{buildroot}%{_sysconfdir}/vsftpd.conf
+#install -D -m 755 %{S:6} %{buildroot}%{_initrddir}/vsftpd
+install -D -m0644 %{S:7} %{buildroot}/lib/systemd/system/vsftpd.service
+install -D -m0644 %{S:8} %{buildroot}/lib/systemd/system/vsftpd@.service
+install -D -m0644 %{S:9} %{buildroot}/lib/systemd/system/vsftpd.socket
+install -D -m0644 %{S:10} %{buildroot}/lib/systemd/system/vsftpd-ssl.socket
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%pre
+groupadd nobody -g %{nobodygroupid} &>/dev/null
+useradd -c nobody -u %{nobodyuserid} -d /dev/null \
+   -g nobody -s /bin/false nobody &>/dev/null
+groupadd ftp -g %{ftpgroupid} &>/dev/null || true
+useradd -c "Ftp user" -d /var/ftp -u %{ftpuserid} \
+   -g ftp -s /bin/false ftp &>/dev/null
+exit 0
+
+%preun
+if [ $1 -eq 0 ]; then
+# erase
+   userdel ftp &>/dev/null
+fi
+exit 0
+
+%posttrans
+systemctl -q daemon-reload
+exit 0
+
+%files
+%defattr(-, root, root)
+%config(noreplace) %{_sysconfdir}/pam.d/ftp
+%config %{_sysconfdir}/logrotate.d/vsftpd
+%{_sbindir}/vsftpd
+/lib/systemd/system/vsftpd.service
+/lib/systemd/system/vsftpd@.service
+/lib/systemd/system/vsftpd.socket
+/lib/systemd/system/vsftpd-ssl.socket
+%attr(0555,ftp,ftp) %dir /var/ftp
+%attr(2555,ftp,ftp) %dir /var/ftp/pub
+%attr(700,root,root) %dir %{_sysconfdir}/vsftpd
+%attr(600,root,root) %config(noreplace) %{_sysconfdir}/vsftpd/*
+%attr(600,root,root) %config(noreplace) %{_sysconfdir}/vsftpd.conf
+%{_mandir}/*/*
+%{_datadir}/empty
+%dir %attr(600,root,root) /var/log/vsftpd
+
+%changelog
+* Sun Sep 29 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 3.0.2-3mamba
+- switch from xinetd to systemd
+
+* Sun Nov 11 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.0.2-2mamba
+- added initscript for stand-alone execution
+
+* Thu Nov 08 2012 Automatic Build System <autodist@mambasoft.it> 3.0.2-1mamba
+- automatic version update by autodist
+
+* Sun Sep 16 2012 Automatic Build System <autodist@mambasoft.it> 3.0.1-1mamba
+- automatic version update by autodist
+
+* Tue Apr 10 2012 Automatic Build System <autodist@mambasoft.it> 3.0.0-1mamba
+- automatic version update by autodist
+
+* Sun Feb 12 2012 Automatic Build System <autodist@mambasoft.it> 2.3.5-1mamba
+- update to 2.3.5
+
+* Wed Feb 16 2011 Automatic Build System <autodist@mambasoft.it> 2.3.4-1mamba
+- automatic update by autodist
+
+* Fri Aug 20 2010 Automatic Build System <autodist@mambasoft.it> 2.3.2-1mamba
+- automatic update to 2.3.2 by autodist
+
+* Thu Aug 19 2010 Automatic Build System <autodist@mambasoft.it> 2.3.1-1mamba
+- automatic update to 2.3.1 by autodist
+
+* Fri Aug 06 2010 Automatic Build System <autodist@mambasoft.it> 2.3.0-1mamba
+- automatic update to 2.3.0 by autodist
+
+* Wed Nov 18 2009 Automatic Build System <autodist@mambasoft.it> 2.2.2-1mamba
+- automatic update to 2.2.2 by autodist
+
+* Mon Oct 19 2009 Automatic Build System <autodist@mambasoft.it> 2.2.1-1mamba
+- automatic update to 2.2.1 by autodist
+
+* Mon Oct 12 2009 Automatic Build System <autodist@mambasoft.it> 2.2.0-1mamba
+- automatic update to 2.2.0 by autodist
+
+* Tue Jun 02 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.2-2mamba
+- set LISTEN=NO in default configuration to prevent it from working in xinet mode
+
+* Sat May 30 2009 Automatic Build System <autodist@mambasoft.it> 2.1.2-1mamba
+- automatic update to 2.1.2 by autodist
+
+* Fri Feb 20 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.0-1mamba
+- automatic update to 2.1.0 by autodist
+
+* Sat Aug 30 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.7-1mamba
+- update to 2.0.7
+
+* Wed Feb 13 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.6-1mamba
+- update to 2.0.6
+- updated pam file and commented pam_ldap auth line
+
+* Wed Jul 05 2006 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.5-1qilnx
+- update to version 2.0.5 by autospec
+- updated specfile
+
+* Thu Apr 13 2006 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.4-1qilnx
+- update to version 2.0.4 by autospec
+
+* Thu Mar 03 2005 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.2-1qilnx
+- update to version 2.0.2 by autospec
+
+* Wed Dec 01 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-6qilnx
+- enabled use_localtime option by default
+
+* Wed Dec 01 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-5qilnx
+- fix of prevoius fix
+
+* Wed Dec 01 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-4qilnx
+- rename pam service from vsftpd to ftp
+- added some (commented) option in vsftpd.conf
+
+* Mon Nov 08 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-3qilnx
+- rebuild with tcp wrapper and ssl support
+
+* Sun Nov 07 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-2qilnx
+- fixed logrotate script
+
+* Mon Jul 12 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.0.1-1qilnx
+- new version build
+
+* Fri May 28 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 1.2.2-1qilnx
+- new version build
+- modified vsftpd pam file to allow login of users without shell 
+
+* Wed Dec 17 2003 Silvan Calarco <silvan.calarco@mambasoft.it> 1.2.1-1qilnx
+- new version build
+- added user and group ids > 65000
+- fixed logfile configuration and moved to /var/log/vsftpd dir
+
+* Wed Oct 15 2003 Davide Madrisan <davide.madrisan@qilinux.it> 1.2.0-2qilnx
+- xinetd.d/vsftpd modified to make the ftp server disabled by default
+- added pam dependences; hardcoded system directories moved to rpm variables
+
+* Wed Sep 03 2003 Silvan Calarco <silvan.calarco@qinet.it> 1.2.0-1qilnx
+- added creation of ftp and nobody user
+- removed paths from pam.d file
+
+* Mon May 26 2003 Silvan Calarco <silvan.calarco@qinet.it> 1.1.3-2qilnx
+- added creation of ftp and nobody user
+- removed paths from pam.d file
+
+* Wed Apr 23 2003 Mirko Cortillaro <mirko.cortillaro@qinet.it> 1.1.3-1qilnx
+- wrote a spec file for vsftpd

vsftpd.user_list

@@ -0,0 +1,20 @@
+# vsftpd userlist
+# If userlist_deny=NO, only allow users in this file
+# If userlist_deny=YES (default), never allow users in this file, and
+# do not even prompt for a password.
+# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
+# for users that are denied.
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody

vsftpd@.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=vsftpd per-connection server
+
+[Service]
+ExecStart=-/usr/sbin/vsftpd
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket