Blaze wrote: ↑27 Jul 2019, 20:18
no. Only at one PC (as server).
Another machines - as clients. For connetion to FTP server you can use gFTP client for example.
Okay, since ftp should be able to handle both uploads and downloads, it should be possible to upload stuff from any of the PCs, and also possible to download stuff to any, right?
Blaze wrote: ↑27 Jul 2019, 20:18
Rava, I have done all settings in
vsftpd-3.0.3-x86_64-5.xzm
but you are need to set these parameters
Code: Select all
# Enable passive mode for vsftpd server
# Specify port range for passive mode
pasv_enable=Yes
pasv_max_port=<max>
pasv_min_port=<min>
# Set to YES if you want to use the host name (as opposed to the IP address) in the pasv_address option
pasv_addr_resolve=NO
pasv_address=<your ip>
I presume these should be set in /etc/vsftpd.conf ?
And since I run my systems without any save container (I prefer manual savings to $PORTDIR/rootcopy ) I presume I need to copy /etc/vsftpd.conf to $PORTDIR/rootcopy/etc also
prior reboot.
And also the changes done by the other commands, like what useradd and passwd did.
Or, as added security, create a new local version of the vsftpd module including these changes, with the changed
/home/ftp folder and also including changed
/etc/shadow /etc/passwd /etc/vsftpd.conf /etc/vsftpd.allow_list and /etc/rc.d/rc.local .
Am I missing crucial files or folders here?
You put Russian comments into /etc/vsftpd.conf of the
vsftpd-3.0.3-x86_64-5.xzm module.
I downloaded the original vsftpd-3.0.3-x86_64-5.txz to get the man pages and looked up the info.
The translation to these:
Code: Select all
# Эта опция имеет эффект только для не-PAM сборок vsftpd.
# Если выключена, то vsftpd не будет проверять оболочку локального пользователя в /etc/she
lls
check_shell=NO
# Директива, разрешающая список пользователей которым нужно открыть доступ к FTP, и путь до этого списка соответственно.
userlist_enable=YES
userlist_file=/etc/vsftpd.allow_list
# Директива, запрещающая список пользователей, которым закрыт доступ к FTP,
# в нашем случае запрещен вход всех пользователей кроме тех что указаны в /etc/vsftpd.allow_list
userlist_deny=NO
should be these (as taken from /usr/man/man5/vsftpd.conf.5 ):
Code: Select all
# Note! This option only has an effect for non-PAM builds of vsftpd.
# If disabled, vsftpd will not check /etc/shells for a valid user shell
# for local logins. Default: YES
check_shell=NO
# If enabled, vsftpd will load a list of usernames, from the filename
# given by userlist_file. If a user tries to log in using a name in
# this file, they will be denied before they are asked for a pass‐
# word. This may be useful in preventing cleartext passwords being
# transmitted. See also userlist_deny. Default: NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allow_list
# This option is examined if userlist_enable is activated. If you set
# this setting to NO, then users will be denied login unless they are
# explicitly listed in the file specified by userlist_file. When lo‐
# gin is denied, the denial is issued before the user is asked for a
# password. Default: YES
userlist_deny=NO
Can you provide a translation to these two Russian lines:
Code: Select all
#«запирать» локальных пользователей в домашнем каталоге
chroot_local_user=YES
# разрешаем использовать домашние каталоги с правом на запись
allow_writeable_chroot=YES
I did not find any allow_writeable_chroot in all of /man/man5/vsftpd.conf.5 of the original txz!
When starting gftp it gives these warnings:
Code: Select all
$ gftp
gFTP Warning: Skipping line 248 in config file: entropy_source
gFTP Warning: Skipping line 251 in config file: entropy_len
gFTP Warning: Skipping line 254 in config file: verify_ssl_peer
is any of that vital?
Not having ssl is probably a bad idea, and usually entropy here is used for more security.