aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/vsftpd/files
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-daemons/vsftpd/files')
-rw-r--r--[-rwxr-xr-x]meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf43
-rw-r--r--meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers15
-rw-r--r--meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list20
3 files changed, 72 insertions, 6 deletions
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
index 08f91e048d..bb1929480d 100755..100644
--- a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
@@ -12,17 +12,17 @@
listen=YES
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=YES
+anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
-#local_enable=YES
+local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
-#local_umask=022
+local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
@@ -54,7 +54,7 @@ connect_from_port_20=YES
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
-#xferlog_std_format=YES
+xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
@@ -64,7 +64,7 @@ connect_from_port_20=YES
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
+#nopriv_user=ftp
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
@@ -105,4 +105,35 @@ connect_from_port_20=YES
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
-
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option is examined if userlist_enable is activated. If you set this
+# setting to NO, then users will be denied login unless they are explicitly
+# listed in the file specified by userlist_file. When login is denied, the
+# denial is issued before the user is asked for a password.
+userlist_deny=YES
+#
+# If enabled, vsftpd will load a list of usernames, from the filename given by
+# userlist_file. If a user tries to log in using a name in this file, they
+# will be denied before they are asked for a password. This may be useful in
+# preventing cleartext passwords being transmitted. See also userlist_deny.
+userlist_enable=YES
+#
+# If enabled, vsftpd will display directory listings with the time in your
+# local time zone. The default is to display GMT. The times returned by the
+# MDTM FTP command are also affected by this option.
+use_localtime=YES
+#
+# If set to YES, local users will be (by default) placed in a chroot() jail in
+# their home directory after login. Warning: This option has security
+# implications, especially if the users have upload permission, or shell access.
+# Only enable if you know what you are doing. Note that these security implications
+# are not vsftpd specific. They apply to all FTP daemons which offer to put
+# local users in chroot() jails.
+chroot_local_user=YES
+#
+allow_writeable_chroot=YES
+#
+tcp_wrappers=YES
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers
new file mode 100644
index 0000000000..096142f5df
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers
@@ -0,0 +1,15 @@
+# Users that are not allowed to login via ftp
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list
new file mode 100644
index 0000000000..d283e3d260
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list
@@ -0,0 +1,20 @@
+# vsftpd userlist
+# If userlist_deny=NO, only allow users in this file
+# If userlist_deny=YES (default), never allow users in this file, and
+# do not even prompt for a password.
+# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
+# for users that are denied.
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-26 11:08:14 +0000