Using "chmod 755 /unslung/rc.xinetd".

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

http://www.forumage.com/?mforum=buyphentermine <a href="http://www.forumage.com/?mforum=buyphentermine">buy phentermine</a> buy phentermine

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

Hello, nice site look this: <a href="http://lokimno.info/free-ringtone-download.html">free ringtone download</a> http://lokimno.info/silent-ringtone.html http://lokimno.info/high-pitched-ringtone.html <a href="http://lokimno.info/free-verizon-ringtones.html">free verizon ringtones</a> <a href="http://lokimno.info/high-pitched-ringtone.html">high pitched ringtone</a>

End ^) See you

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

http://www.bloggen.be/zend/ <a href="http://www.bloggen.be/zend/">replica watches</a> replica watches

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

http://www.bloggen.be/rosarybracelets <a href="http://www.bloggen.be/rosarybracelets">rosary bracelets</a> rosary bracelets

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

http://www.forumage.com/?mforum=salvationbracel <a href="http://www.forumage.com/?mforum=salvationbracel">salvation bracelets</a> salvation bracelets

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd
4. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
#!/bin/sh
# /unslung/rc.xinetd

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

(:tableend:)

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed
2. Restart xinetd with /etc/rc.d/rc.xinetd
3. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

Test it out with your favorite ftp client, and enjoy.

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

Troubleshooting

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

• Problem: vsftpd does not start after installing inetutils

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: Users without access to a shell cannot log in

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

Tip #1 - Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

/etc/passwd

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

If you've updated Busybox

Enable chroot jail

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above)

2. Add the following line to the /opt/etc/vsftpd.conf file

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
user_config_dir=/opt/etc/vsftpd_user_conf 

(:tableend:)

3. Create the directory /opt/etc/vsftpd_user_conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
cp /opt/etc/vsftpd.conf  /opt/etc/vsftpd_user_conf/johndoe

(:tableend:)

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=YES

(:tableend:)

OR

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
write_enable=NO

(:tableend:)

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with (:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

Add these lines to /opt/etc/vsftpd.conf

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

http://www.forumage.com/?mforum=alltelringtones <a href="http://www.forumage.com/?mforum=alltelringtones">alltel ringtones</a> alltel ringtones

1. Assure yourself that you use a linux compatible texteditor otherwise the CR/LFs will be wrong and your ftp-server will not start!!

 Tip: Make sure the file /unslung/rc.xinetd is executable.
 Using "chmod 755 rc.xinetd".

1. Tip: Make sure the file /unslung/rc.xinetd file is executable.
2. Using "chmod 755 rc.xinetd".

• Problem: When I try to login to my ftp server, I get:
  530 Login incorrect

vsftpd is the very secure file transfer protocol daemon. It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

Troubleshooting

• Problem: When I ftp into my slug running vsftpd, I get:
  /opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error:
  /opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

Tip #1 - Enabling User Level Access

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501:::/dev/null (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) someuser:xxxx:2000:501::/share/hdd/data/someuser:/bin/sh (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:) chroot_local_user=YES (:tableend:)

Tip #2 - Logging

(note that this will become the default as of ipk version 2.0.1-5)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /share/hdd/conf/opt/var
mkdir /share/hdd/conf/opt/var/log

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
xferlog_file=/opt/var/log/vsftpd.log 

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
vsftpd_log_file=/opt/var/log/vsftpd.log

(:tableend:)

Tip #3 - Enabling different user level access

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 [=

=] (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
mkdir /opt/etc/vsftpd_user_conf

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 [=

=] (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 [=

=] (:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 [=

=] (:tableend:)

Tip #4 - Security - Disable root and admin

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
admin
root

guest

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
userlist_enable=YES
userlist_file=/opt/etc/vsftpd.user_list

(:tableend:)

(:table border=0 width=100% bgcolor=#eeffee:) (:cell:)

 
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

(:tableend:)

if [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ; then

Before: root:BlqE?/Rhsz9nZ5?:0:0:root:/root:/bin/sh After: root:BlqE?/Rhsz9nZ5?:0:0:root:/:/bin/sh or create a sub-directory for root

1. mkdir /root

• Problem: 500 OOPS: cannot change directory:/root when attempting to Login as root

 
#!/bin/sh
# /unslung/rc.xinetd

if ( [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ) then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf
fi

return 1

1. If you use the default vsftpd.conf make sure that /opt/var/log exists and is writable by vsftpd

Comment: [Arno] This will allow the users to write or not write at all. What if there is a public directory that all users should have readonly access to (from their homedirs), but still be able to read/write in their own homedirs?

   echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf

• Problem: When trying to ftp into the slug, it gives a message 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp""

• Problem: Users without access to a shell cannot log in

 if ( [ ! -f /etc/inetd.conf ] || !(grep vsftpd /etc/inetd.conf -q) ) then
   echo "ftp stream tcp nowait root /opt/sbin/vsftpd" >>/etc/inetd.conf

 if ( [ ! -f /etc/inetd.conf ] || !(grep proftpd /etc/inetd.conf -q) ) then
   echo "ftp stream tcp nowait root /opt/sbin/proftpd" >>/etc/inetd.conf

1. Create (or modify existing) diversion script /unslung/rc.xinetd . Previous suggestions were broken in that multiple lines could be added or other services, like telnetd, become disabled. A good solution (not just for vsftpd, but for all applications needing entries in inetd.conf) seem to be:

table border=0 width=100% bgcolor=#eeffee? cell?

 #!/bin/sh

 if ( !(grep vsftp /etc/inetd.conf -q) ) then
  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf 
 fi

 return 1

tableend?

1. Note: Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed

#!/bin/sh

if ( !(grep vsftp /etc/inetd.conf -q) ) then echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf fi

return 1

• Problem: Using the echo XXXXXX >> /etc/inetd.conf solution in /unslung/rc.xinitd adds multiple lines when Enabling and Disabling telnet.

@@#!/bin/sh

if ( !(grep vsftp /etc/inetd.conf -q) ) then

  echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf 

fi

return 1@@

1. Make sure that the file /unslung/rc.xinetd file ends with the line "return 1" in order for inetd to be started when /etc/rc.d/rc.xinetd is executed

• Problem: After upgrading vsftpd, can't connect and FTP client gives error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

• Problem: After upgrading vsftpd, error message "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/share/empty"

Tip #4 - Security - Disable root and admin

By default vsftp will allow root and admin to login if setup with a home dir in /etc/passwd. To disable root, admin and guest, do the following:

Create /opt/etc/vsftpd.user_list with

Add these lines to /opt/etc/vsftpd.conf

nigga

cp /opt/etc/vsftpd.conf /opt/etc/vsftpd_user_conf/johndoe

Tip #3 - Enabling different user level access

For example, allowing userX to be able to read/write on /share/hdd/data/mp3, while userY can only read the files.

1. Follow the guidelines in Tip #1 (here above) 2. Add the following line to the /opt/etc/vsftpd.conf file

user_config_dir=/opt/etc/vsftpd_user_conf

3. Create the directory /opt/etc/vsftpd_user_conf 4. For each FTP user copy the /opt/etc/vsftpd.conf file to /opt/etc/vsftpd_user_conf directory and name it by the name of the user

cp /opt/etc/vsftpd.conf /opt/etc/vsftpd_user_conf/johndoe

5. Customize the new configuration file (/opt/etc/vsftpd_user_conf/johndoe) for the access you want to grant to that user

write_enable=YES

OR

write_enable=NO

Tip #2 - Logging (note that this will become the default as of ipk version 2.0.1-5)

Below is the vsftpd.conf file distributed with the ipk (2.0.1-5) for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

 vsftpd_log_file=/opt/var/log/vsftpd.log

1. Add a line like echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf to your /unslung/rc.xinetd file (note that this file is not created automatically - you either will have created it previously, or you will need to create it now according to the README distributed with Unslung). That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf

• Problem: vsftpd does not start after installing inetutils

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is in a ramdisk, if you're worried about running out space or want the logs to be persistent across reboots, do the following

Tip #1 - Enabling User Level Access

Tip #2 - Logging

The default settings in vsftpd.conf cause vsftpd to log to /var/log. This is on the flash file system if I'm not mistaken, if your worried about running out space or writing to your flash to many times, do the following

Tips - Enabling User Level Access

/etc/passwd

If you've updated Busybox

Enable chroot jail

This will prevent users from being able to access other users directories and the rest of the file system. Without it, users have access to /. I haven't fully tested this security option on the nslu2 but it seems to work.

Tips

Enabling User Level Access

To enable use of user account username/password for FTP, the following worked for me

Troubleshooting

• Problem: When I ftp into my slug running vsftpd, I get

/opt/bin/vsftpd: 1: Syntax error: "(" unexpected

• Problem: vsftpd gives the error

/opt/sbin/vsftpd: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory

1. Add a line like echo "ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf to your /unslung/rc.xinetd file (note that this file is not created automatically - you either will have created it previously, or you will need to create it now). That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf

1. Add a line like echo "ftp stream tcp nowait root /opt/bin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf to your /unslung/rc.xinetd file (note that this file is not created automatically - you either will have created it previously, or you will need to create it now). That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf

1. Add a line like echo "ftp stream tcp nowait root /opt/bin/vsftpd /opt/etc/vsftpd.conf" >>/etc/inetd.conf to your /unslung/rc.xinetd file. That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf

1. Add a line like echo \"ftp stream tcp nowait root /opt/bin/vsftpd /opt/etc/vsftpd.conf\" >>/etc/inetd.conf to your /unslung/rc.xinetd file. That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf

vsftpd is the very secure file transfer protocol daemon (http://vsftpd.beasts.org/). It's the ftp server of choice for kernel.org, gnu.org, RedHat, Debian, FreeBSD, OpenBSD and a cast of thousands. It runs quite well on the slug utilizing little memory and processor time.

The postinst file distributed with the ipk should take care of a couple of details, but in case it doesn't, here's what vsftpd needs to be fully enabled:

1. Create the empty jail directory as root with mkdir -p /usr/share/empty
2. Ensure vsftpd.conf is in /opt/etc (the default vsftpd.conf is below)
3. Add a line like echo \"ftp stream tcp nowait root /opt/sbin/vsftpd /opt/etc/vsftpd.conf\" >>/etc/inetd.conf to your /unslung/rc.xinetd file. That will cause /unslung/rc.xinetd to add the line to /etc/inetd.conf
4. Restart xinetd with /etc/rc.d/rc.xinetd

Test it out with your favorite ftp client, and enjoy.

Below is the vsftpd.conf file distributed with the ipk for NSLU2. The conf file is well commented and should be placed in /opt/etc/vsftpd.conf. By default, write access is enabled for local users (i.e. users with a username/password), but there is no anonymous access. Recursive directory listings default to on.

 # Example config file /opt/etc/vsftpd.conf
 #
 # The default compiled in settings are fairly paranoid. This sample file
 # loosens things up a bit, to make the ftp daemon more usable.
 # Please see vsftpd.conf.5 for all compiled in defaults.
 #
 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
 # capabilities.
 #
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=NO
 #
 # Uncomment this to allow local users to log in.
 local_enable=YES
 #
 # Uncomment this to enable any form of FTP write command.
 write_enable=YES
 #
 # Default umask for local users is 077. You may wish to change this to 022,
 # if your users expect that (022 is used by most other ftpd's)
 local_umask=022
 #
 # Uncomment this to allow the anonymous FTP user to upload files. This only
 # has an effect if the above global write enable is activated. Also, you will
 # obviously need to create a directory writable by the FTP user.
 #anon_upload_enable=YES
 #
 # Uncomment this if you want the anonymous FTP user to be able to create
 # new directories.
 #anon_mkdir_write_enable=YES
 #
 # Activate directory messages - messages given to remote users when they
 # go into a certain directory.
 dirmessage_enable=YES
 #
 # Activate logging of uploads/downloads.
 xferlog_enable=YES
 #
 # Make sure PORT transfer connections originate from port 20 (ftp-data).
 connect_from_port_20=YES
 #
 # If you want, you can arrange for uploaded anonymous files to be owned by
 # a different user. Note! Using "root" for uploaded files is not
 # recommended!
 #chown_uploads=YES
 #chown_username=whoever
 #
 # You may override where the log file goes if you like. The default is shown
 # below.
 xferlog_file=/opt/var/log/vsftpd.log
 #
 # If you want, you can have your log file in standard ftpd xferlog format
 #xferlog_std_format=YES
 #
 # You may change the default value for timing out an idle session.
 #idle_session_timeout=600
 #
 # You may change the default value for timing out a data connection.
 #data_connection_timeout=120
 #
 # It is recommended that you define on your system a unique user which the
 # ftp server can use as a totally isolated and unprivileged user.
 #nopriv_user=ftpsecure
 #
 # Enable this and the server will recognise asynchronous ABOR requests. Not
 # recommended for security (the code is non-trivial). Not enabling it,
 # however, may confuse older FTP clients.
 #async_abor_enable=YES
 #
 # By default the server will pretend to allow ASCII mode but in fact ignore
 # the request. Turn on the below options to have the server actually do ASCII
 # mangling on files when in ASCII mode.
 # Beware that turning on ascii_download_enable enables malicious remote parties
 # to consume your I/O resources, by issuing the command "SIZE /big/file" in
 # ASCII mode.
 # These ASCII options are split into upload and download because you may wish
 # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
 # without the DoS? risk of SIZE and ASCII downloads. ASCII mangling should be
 # on the client anyway..
 #ascii_upload_enable=YES
 #ascii_download_enable=YES
 #
 # You may fully customise the login banner string:
 ftpd_banner=Welcome to the NSLU2 vsftp daemon.
 #
 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
 # useful for combatting certain DoS? attacks.
 #deny_email_enable=YES
 # (default follows)
 #banned_email_file=/opt/etc/vsftpd.banned_emails
 #
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
 #chroot_list_enable=YES
 # (default follows)
 #chroot_list_file=/opt/etc/vsftpd.chroot_list
 #
 # You may activate the "-R" option to the builtin ls. This is disabled by
 # default to avoid remote users being able to cause excessive I/O on large
 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
 # the presence of the "-R" option, so there is a strong case for enabling it.
 ls_recurse_enable=YES