Vsftpd Musterkonfigurationen

Linupedia.org linupediadb https://linupedia.org/opensuse/Hauptseite MediaWiki 1.31.0 first-letter Medium Spezial Diskussion Benutzer Benutzer Diskussion Linupedia.org Linupedia.org Diskussion Datei Datei Diskussion MediaWiki MediaWiki Diskussion Vorlage Vorlage Diskussion Hilfe Hilfe Diskussion Kategorie Kategorie Diskussion Vsftpd Musterkonfigurationen 0 1468 30437 30436 2013-11-28T20:55:45Z TomcatMJ 12 Code-Boxenoptik etwas optimiert wikitext text/x-wiki == '''Musterkonfigurationen für den VerySecureFileTransferProtocolDaemon ([[vsftpd]])''' == === Simpler vsftpd Standaloneserverbetrieb === Die folgende Konfiguration ermöglicht den standlone Betrieb des vsftpd mit sowohl anonymen FTP-Zugang als auch chroot-Zugang für dem System bekannte User ohne SSL mit Passive-Mode Unterstützung(Erklärungen zu den einzelnen Optionen siehe unter [[Vsftpd]]: /etc/vsftpd.conf : {| style"border:0; width:100%;" valign=top | |- | style="align:left" valign=top| <code> # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # If you do not change anything here you will have a minimum setup for an # anonymus FTP server. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # General Settings # # Uncomment this to enable any form of FTP write command. # write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. # dirmessage_enable=YES # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. # #nopriv_user=ftpsecure # # You may fully customise the login banner string: # #ftpd_banner="Welcome to FOOBAR FTP service." # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. # #ls_recurse_enable=YES # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. # #deny_email_enable=YES # # (default follows) # #banned_email_file=/etc/vsftpd.banned_emails # # If enabled, all user and group information in # directory listings will be displayed as "ftp". # #hide_ids=YES # Local FTP user Settings # # Uncomment this to allow local users to log in. # #local_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) # #local_umask=022 # # Uncomment to put local users in a chroot() jail in their home directory # after login. # chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # #chroot_list_enable=YES # # (default follows) # #chroot_list_file=/etc/vsftpd.chroot_list # # The maximum data transfer rate permitted, in bytes per second, for # local authenticated users. The default is 0 (unlimited). # #local_max_rate=7200 # Anonymus FTP user Settings # # Allow anonymous FTP? # anonymous_enable=YES # # Anonymous users will only be allowed to download files which are # world readable. # anon_world_readable_only=YES # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # anon_upload_enable=YES # # Default umask for anonymus users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) # anon_umask=022 # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. # anon_mkdir_write_enable=YES # # Uncomment this to enable anonymus FTP users to perform other write operations # like deletion and renaming. # anon_other_write_enable=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! # #chown_uploads=YES #chown_username=whoever # # The maximum data transfer rate permitted, in bytes per second, for anonymous # authenticated users. The default is 0 (unlimited). # #anon_max_rate=7200 # Log Settings # # Log to the syslog daemon instead of using an logfile. # syslog_enable=YES # # Uncomment this to log all FTP requests and responses. # log_ftp_protocol=YES # # Activate logging of uploads/downloads. # xferlog_enable=YES # # You may override where the log file goes if you like. The default is shown # below. # vsftpd_log_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note: This disables the normal logging unless you enable dual_log_enable below. # #xferlog_std_format=YES # # You may override where the log file goes if you like. The default is shown # below. # xferlog_file=/var/log/xferlog # # Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log. # dual_log_enable=YES # # Uncomment this to enable session status information in the system process listing. # #setproctitle_enable=YES # Transfer Settings # # Make sure PORT transfer connections originate from port 20 (ftp-data). # connect_from_port_20=YES # # You may change the default value for timing out an idle session. # #idle_session_timeout=600 # # You may change the default value for timing out a data connection. # #data_connection_timeout=120 # # Enable this and the hronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. # #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that turning on ascii_download_enable enables malicious remote parties # to consume your I/O resources, by issuing the command "SIZE /big/file" in # ASCII mode. # These ASCII options are split into upload and download because you may wish # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be # on the client anyway.. # #ascii_upload_enable=YES #ascii_download_enable=YES # # Set to NO if you want to disallow the PASV method of obtaining a data # connection. # #pasv_enable=NO # PAM setting. Do NOT change this unless you know what you do! # pam_service_name=vsftpd # Set listen=YES if you want vsftpd to run standalone # listen=YES # Set to ssl_enable=YES if you want to enable SSL ssl_enable=NO </code> |- |} /etc/pam.d/vsftpd : {| style"border:0; width:100%;" valign=top | |- | style="align:left" valign=top| <code> #%PAM-1.0 # Uncomment this to achieve what used to be ftpd -A. # auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed # Uncomment the following line for anonymous ftp. #auth sufficient pam_ftp.so auth required pam_unix2.so auth required pam_shells.so account required pam_unix2.so password required pam_unix2.so session required pam_unix2.so </code> |- |} === Simpler vsftpd Listenserverbetrieb === In der obigen Konfiguration muss nur eine Option in der /etc/vsftpd.conf geändert werden damit sie als erster Schritt für den Listenserverbetrieb übernommen werden kann. Aus der Option <code> listen=YES </code> macht man <code> listen=NO </code> und aktiviert durch Änderung von <code> disable=yes </code> auf <code> disable=no </code> in der Datei /etc/xinet.d/vsftpd die Zuständigkeit des xinetd für den Start des vsftpd auf Anfrage von außen. Hier nochmal die komplette Datei /etc/xinet.d/vsftpd : {| style"border:0; width:100%;" valign=top | |- | style="align:left" valign=top| <code> # default: off # description: # The vsftpd FTP server serves FTP connections. It uses # normal, unencrypted usernames and passwords for authentication. # vsftpd is designed to be secure. # # NOTE: This file contains the configuration for xinetd to start vsftpd. # the configuration file for vsftp itself is in /etc/vsftpd.conf service ftp { # server_args = # log_on_success += DURATION USERID # log_on_failure += USERID # nice = 10 disable = no socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/vsftpd } </code> |- |} Vorteil der Listenserver Variante: Kein permanent laufender vsftpd im Hintergrund der Speicher und geringfügig Prformance kostet. Nachteil: Pro Anfrage wird jeweils ein kompletter(!) vsftpd gestartet, was bei vielen Clientrequests verschiedener Clients zu sowohl hoher RAM-AUslastung als auch CPU-Auslastung führen kann bis hin zur kompletten Rechnerauslastung(!). ''--[[Benutzer:TomcatMJ|TomcatMJ]]'' ------- [[Vsftpd|Zurück zu vsftpd]]<br/> [[File-Server|zurück zur File-Server Übersicht]]<br/> [[FTP|zurück zur FTP Übersicht]] <br/> [[Musterkonfigurationen|Zurück zur Musterkonfigurationsübersicht]]<br/> [[Kategorie:File Server]] [[Kategorie:FTP]] [[Kategorie:Musterkonfigurationen]] o8r5sz611wp39olun5cf848pkuvxhdz