diff options
Diffstat (limited to 'meta-networking/recipes-daemons/vsftpd/files')
-rw-r--r--[-rwxr-xr-x] | meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf | 43 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers | 15 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list | 20 |
3 files changed, 72 insertions, 6 deletions
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf index 08f91e048d..bb1929480d 100755..100644 --- a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf @@ -12,17 +12,17 @@ listen=YES # Allow anonymous FTP? (Beware - allowed by default if you comment this out). -anonymous_enable=YES +anonymous_enable=NO # # Uncomment this to allow local users to log in. -#local_enable=YES +local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) -#local_umask=022 +local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will @@ -54,7 +54,7 @@ connect_from_port_20=YES #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format -#xferlog_std_format=YES +xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 @@ -64,7 +64,7 @@ connect_from_port_20=YES # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. -#nopriv_user=ftpsecure +#nopriv_user=ftp # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, @@ -105,4 +105,35 @@ connect_from_port_20=YES # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES - +# +# This string is the name of the PAM service vsftpd will use. +pam_service_name=vsftpd +# +# This option is examined if userlist_enable is activated. If you set this +# setting to NO, then users will be denied login unless they are explicitly +# listed in the file specified by userlist_file. When login is denied, the +# denial is issued before the user is asked for a password. +userlist_deny=YES +# +# If enabled, vsftpd will load a list of usernames, from the filename given by +# userlist_file. If a user tries to log in using a name in this file, they +# will be denied before they are asked for a password. This may be useful in +# preventing cleartext passwords being transmitted. See also userlist_deny. +userlist_enable=YES +# +# If enabled, vsftpd will display directory listings with the time in your +# local time zone. The default is to display GMT. The times returned by the +# MDTM FTP command are also affected by this option. +use_localtime=YES +# +# If set to YES, local users will be (by default) placed in a chroot() jail in +# their home directory after login. Warning: This option has security +# implications, especially if the users have upload permission, or shell access. +# Only enable if you know what you are doing. Note that these security implications +# are not vsftpd specific. They apply to all FTP daemons which offer to put +# local users in chroot() jails. +chroot_local_user=YES +# +allow_writeable_chroot=YES +# +tcp_wrappers=YES diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers new file mode 100644 index 0000000000..096142f5df --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers @@ -0,0 +1,15 @@ +# Users that are not allowed to login via ftp +root +bin +daemon +adm +lp +sync +shutdown +halt +mail +news +uucp +operator +games +nobody diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list new file mode 100644 index 0000000000..d283e3d260 --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list @@ -0,0 +1,20 @@ +# vsftpd userlist +# If userlist_deny=NO, only allow users in this file +# If userlist_deny=YES (default), never allow users in this file, and +# do not even prompt for a password. +# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers +# for users that are denied. +root +bin +daemon +adm +lp +sync +shutdown +halt +mail +news +uucp +operator +games +nobody |