1 diff -up vsftpd-2.2.0/defs.h.configuration vsftpd-2.2.0/defs.h
2 --- vsftpd-2.2.0/defs.h.configuration 2009-01-07 21:22:22.000000000 +0100
3 +++ vsftpd-2.2.0/defs.h 2009-08-04 07:37:01.000000000 +0200
8 -#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
9 +#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
11 #define VSFTP_COMMAND_FD 0
13 diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README
14 --- vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration 2008-02-02 02:30:40.000000000 +0100
15 +++ vsftpd-2.2.0/EXAMPLE/INTERNET_SITE_NOINETD/README 2009-08-04 07:37:01.000000000 +0200
16 @@ -17,7 +17,7 @@ even per-connect-IP configurability.
18 To use this example config:
20 -1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
21 +1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
23 2) Start up vsftpd, e.g.
25 @@ -51,5 +51,5 @@ in the vsftpd.conf:
26 listen_address=192.168.1.2
28 And launch vsftpd with a specific config file like this:
29 -vsftpd /etc/vsftpd.conf.site1 &
30 +vsftpd /etc/vsftpd/vsftpd.conf.site1 &
32 diff -up vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README
33 --- vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README.configuration 2008-02-02 02:30:40.000000000 +0100
34 +++ vsftpd-2.2.0/EXAMPLE/INTERNET_SITE/README 2009-08-04 07:37:01.000000000 +0200
35 @@ -41,13 +41,13 @@ no_access = 192.168.1.3
36 As an example of how to ban certain sites from connecting, 192.168.1.3 will
39 -banner_fail = /etc/vsftpd.busy_banner
40 +banner_fail = /etc/vsftpd/busy_banner
42 This is the file to display to users if the connection is refused for whatever
43 reason (too many users, IP banned).
45 Example of how to populate it:
46 -echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
47 +echo "421 Server busy, please try later." > /etc/vsftpd/busy_banner
49 log_on_success += PID HOST DURATION
50 log_on_failure += HOST
51 @@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration
53 An example file is supplied. Install it like this:
56 +cp vsftpd.conf /etc/vsftpd
58 Let's example the contents of the file:
60 diff -up vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README
61 --- vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README.configuration 2008-02-02 02:30:40.000000000 +0100
62 +++ vsftpd-2.2.0/EXAMPLE/PER_IP_CONFIG/README 2009-08-04 07:37:01.000000000 +0200
63 @@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc
65 Let's have a look at the example:
67 -vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
68 +vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
69 vsftpd: 192.168.1.4: DENY
72 If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
73 -config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
74 +config file /etc/vsftpd/tcp_wrap.conf to the session! These settings are
75 applied ON TOP of the default vsftpd.conf.
76 This is obviously very powerful. You might use this to apply different
77 access restrictions for some IPs (e.g. the ability to upload).
78 diff -up vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README
79 --- vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README.configuration 2008-02-02 02:30:40.000000000 +0100
80 +++ vsftpd-2.2.0/EXAMPLE/VIRTUAL_USERS/README 2009-08-04 07:37:01.000000000 +0200
81 @@ -15,7 +15,7 @@ See example file "logins.txt" - this spe
82 "fred" with password "bar".
83 Whilst logged in as root, create the actual database file like this:
85 -db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
86 +db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
87 (Requires the Berkeley db program installed).
88 NOTE: Many systems have multiple versions of "db" installed, so you may
89 need to use e.g. db3_load for correct operation. This is known to affect
90 @@ -23,10 +23,10 @@ some Debian systems. The core issue is t
91 database to be a specific db version (often db3, whereas db4 may be installed
94 -This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
95 +This will create /etc/vsftpd/login.db. Obviously, you may want to make sure
96 the permissions are restricted:
98 -chmod 600 /etc/vsftpd_login.db
99 +chmod 600 /etc/vsftpd/login.db
101 For more information on maintaing your login database, look around for
102 documentation on "Berkeley DB", e.g.
103 @@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses you
105 See the example file vsftpd.pam. It contains two lines:
107 -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
108 -account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
109 +auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
110 +account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
112 This tells PAM to authenticate users using our new database. Copy this PAM
113 file to the PAM directory - typically /etc/pam.d/
114 @@ -108,9 +108,9 @@ pasv_max_port=30999
115 These put a port range on passive FTP incoming requests - very useful if
116 you are configuring a firewall.
118 -Copy the example vsftpd.conf file to /etc:
119 +Copy the example vsftpd.conf file to /etc/vsftpd:
121 -cp vsftpd.conf /etc/
122 +cp vsftpd.conf /etc/vsftpd/
125 Step 5) Start up vsftpd.
126 diff -up vsftpd-2.2.0/FAQ.configuration vsftpd-2.2.0/FAQ
127 --- vsftpd-2.2.0/FAQ.configuration 2009-02-18 23:33:04.000000000 +0100
128 +++ vsftpd-2.2.0/FAQ 2009-08-04 07:37:01.000000000 +0200
129 @@ -34,7 +34,7 @@ needs this user to run bits of itself wi
130 Q) Help! Local users cannot log in.
131 A) There are various possible problems.
132 A1) By default, vsftpd disables any logins other than anonymous logins. Put
133 -local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
134 +local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
135 A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
136 find out whether this has happened or not). If vsftpd links with PAM, then
137 you will need to have a PAM file installed for the vsftpd service. There is
138 @@ -46,12 +46,12 @@ system have a "shadow.h" file in the inc
139 A4) If you are not using PAM, then vsftpd will do its own check for a valid
140 user shell in /etc/shells. You may need to disable this if you use an invalid
141 shell to disable logins other than FTP logins. Put check_shell=NO in your
143 +/etc/vsftpd/vsftpd.conf.
145 Q) Help! Uploads or other write commands give me "500 Unknown command.".
146 A) By default, write commands, including uploads and new directories, are
147 disabled. This is a security measure. To enable writes, put write_enable=YES
148 -in your /etc/vsftpd.conf.
149 +in your /etc/vsftpd/vsftpd.conf.
151 Q) Help! What are the security implications referred to in the
152 "chroot_local_user" option?
153 @@ -87,7 +87,7 @@ A2) Alternatively, run as many copies as
154 mode. Use "listen_address=x.x.x.x" to set the virtual IP.
156 Q) Help! Does vsftpd support virtual users?
157 -A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
158 +A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
159 has the effect of mapping every non-anonymous successful login to the local
160 username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
161 module to provide authentication against an external (i.e. non-/etc/passwd)
162 diff -up vsftpd-2.2.0/INSTALL.configuration vsftpd-2.2.0/INSTALL
163 --- vsftpd-2.2.0/INSTALL.configuration 2008-02-02 02:30:39.000000000 +0100
164 +++ vsftpd-2.2.0/INSTALL 2009-08-04 07:37:01.000000000 +0200
165 @@ -56,14 +56,14 @@ cp vsftpd.8 /usr/local/man/man8
167 "make install" doesn't copy the sample config file. It is recommended you
170 +cp vsftpd.conf /etc/vsftpd
172 Step 4) Smoke test (without an inetd).
174 vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will
175 typically get more control running vsftpd from an inetd. But first we will run
176 it without, so we can check things are going well so far.
177 -Edit /etc/vsftpd.conf, and add this line at the bottom:
178 +Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom:
182 @@ -135,11 +135,11 @@ cp RedHat/vsftpd.pam /etc/pam.d/ftp
183 Step 7) Customize your configuration
185 As well as the above three pre-requisites, you are recommended to install a
186 -config file. The default location for the config file is /etc/vsftpd.conf.
187 +config file. The default location for the config file is /etc/vsftpd/vsftpd.conf.
188 There is a sample vsftpd.conf in the distribution tarball. You probably want
189 -to copy that to /etc/vsftpd.conf as a basis for modification, i.e.:
190 +to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.:
193 +cp vsftpd.conf /etc/vsftpd
195 The default configuration allows neither local user logins nor anonymous
196 uploads. You may wish to change these defaults.
197 diff -up vsftpd-2.2.0/README.configuration vsftpd-2.2.0/README
198 --- vsftpd-2.2.0/README.configuration 2009-07-07 22:23:22.000000000 +0200
199 +++ vsftpd-2.2.0/README 2009-08-04 07:37:01.000000000 +0200
200 @@ -37,3 +37,8 @@ All configuration options are documented
201 Various example configurations are discussed in the EXAMPLE directory.
202 Frequently asked questions are tackled in the FAQ file.
206 +The location of configuration files was changed to /etc/vsftpd/. If you want
207 +to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use
208 +/etc/vsfptd/vsftpd_conf_migrate.sh
209 diff -up vsftpd-2.2.0/tunables.c.configuration vsftpd-2.2.0/tunables.c
210 --- vsftpd-2.2.0/tunables.c.configuration 2009-07-15 22:08:27.000000000 +0200
211 +++ vsftpd-2.2.0/tunables.c 2009-08-04 07:37:01.000000000 +0200
212 @@ -186,7 +186,7 @@ tunables_load_defaults()
213 tunable_listen_ipv6 = 0;
214 tunable_dual_log_enable = 0;
215 tunable_syslog_enable = 0;
216 - tunable_background = 0;
217 + tunable_background = 1;
218 tunable_virtual_use_local_privs = 0;
219 tunable_session_support = 0;
220 tunable_download_enable = 1;
221 @@ -254,11 +254,11 @@ tunables_load_defaults()
222 install_str_setting(".message", &tunable_message_file);
223 install_str_setting("nobody", &tunable_nopriv_user);
224 install_str_setting(0, &tunable_ftpd_banner);
225 - install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
226 - install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
227 + install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file);
228 + install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file);
229 install_str_setting("ftp", &tunable_pam_service_name);
230 install_str_setting("ftp", &tunable_guest_username);
231 - install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
232 + install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file);
233 install_str_setting(0, &tunable_anon_root);
234 install_str_setting(0, &tunable_local_root);
235 install_str_setting(0, &tunable_banner_file);
236 @@ -271,7 +271,7 @@ tunables_load_defaults()
237 install_str_setting(0, &tunable_hide_file);
238 install_str_setting(0, &tunable_deny_file);
239 install_str_setting(0, &tunable_user_sub_token);
240 - install_str_setting("/etc/vsftpd.email_passwords",
241 + install_str_setting("/etc/vsftpd/email_passwords",
242 &tunable_email_password_file);
243 install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
244 &tunable_rsa_cert_file);
245 diff -up vsftpd-2.2.0/vsftpd.8.configuration vsftpd-2.2.0/vsftpd.8
246 --- vsftpd-2.2.0/vsftpd.8.configuration 2009-07-17 22:56:23.000000000 +0200
247 +++ vsftpd-2.2.0/vsftpd.8 2009-08-04 07:40:27.000000000 +0200
248 @@ -21,7 +21,7 @@ itself will listen on the network. This
249 recommended. It is activated by setting
252 -.Pa /etc/vsftpd.conf .
253 +.Pa /etc/vsftpd/vsftpd.conf .
254 Direct execution of the
256 binary will then launch the FTP service ready for immediate client connections.
257 @@ -33,7 +33,7 @@ as root. Any command line option not sta
258 as a config file that will be loaded. Note that config files are loaded in the
259 strict order that they are encountered on the command line.
260 If no config files are specified, the default configuration file of
261 -.Pa /etc/vsftpd.conf
262 +.Pa /etc/vsftpd/vsftpd.conf
263 will be loaded, after all other command line options are processed.
265 Supported options are:
266 @@ -47,14 +47,14 @@ their appearance on the command line, in
270 -vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah
271 +vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah
273 That example overrides vsftpd's built-in default for the "listen" option to be
274 -NO, but then loads /etc/vsftpd.conf which may override that setting. Finally,
275 +NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting. Finally,
276 the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd
277 setting and any identical setting that was in the config file.
279 -.Pa /etc/vsftpd.conf
280 +.Pa /etc/vsftpd/vsftpd.conf
284 diff -up vsftpd-2.2.0/vsftpd.conf.5.configuration vsftpd-2.2.0/vsftpd.conf.5
285 --- vsftpd-2.2.0/vsftpd.conf.5.configuration 2009-07-17 22:57:04.000000000 +0200
286 +++ vsftpd-2.2.0/vsftpd.conf.5 2009-08-04 07:37:01.000000000 +0200
287 @@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd
289 vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
290 default, vsftpd looks for this file at the location
291 -.BR /etc/vsftpd.conf .
292 +.BR /etc/vsftpd/vsftpd.conf .
293 However, you may override this by specifying a command line argument to
294 vsftpd. The command line argument is the pathname of the configuration file
295 for vsftpd. This behaviour is useful because you may wish to use an advanced
296 @@ -110,7 +110,7 @@ When enabled, and vsftpd is started in "
297 the listener process. i.e. control will immediately be returned to the shell
298 which launched vsftpd.
304 Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,
305 @@ -138,7 +138,7 @@ chroot() jail in their home directory up
306 different if chroot_local_user is set to YES. In this case, the list becomes
307 a list of users which are NOT to be placed in a chroot() jail.
308 By default, the file containing this list is
309 -/etc/vsftpd.chroot_list, but you may override this with the
310 +/etc/vsftpd/chroot_list, but you may override this with the
314 @@ -177,7 +177,7 @@ Default: NO
316 If activated, you may provide a list of anonymous password e-mail responses
317 which cause login to be denied. By default, the file containing this list is
318 -/etc/vsftpd.banned_emails, but you may override this with the
319 +/etc/vsftpd/banned_emails, but you may override this with the
320 .BR banned_email_file
323 @@ -433,7 +433,7 @@ anonymous logins are prevented unless th
324 file specified by the
325 .BR email_password_file
326 setting. The file format is one password per line, no extra whitespace. The
327 -default filename is /etc/vsftpd.email_passwords.
328 +default filename is /etc/vsftpd/email_passwords.
332 @@ -764,7 +764,7 @@ passwords which are not permitted. This
333 .BR deny_email_enable
336 -Default: /etc/vsftpd.banned_emails
337 +Default: /etc/vsftpd/banned_emails
340 This option is the name of a file containing text to display when someone
341 @@ -801,7 +801,7 @@ is enabled. If the option
342 is enabled, then the list file becomes a list of users to NOT place in a
345 -Default: /etc/vsftpd.chroot_list
346 +Default: /etvsftpd.confc/vsftpd.chroot_list
349 This options specifies a comma separated list of allowed FTP commands (post
350 @@ -862,7 +862,7 @@ This option can be used to provide an al
351 .BR secure_email_list_enable
354 -Default: /etc/vsftpd.email_passwords
355 +Default: /etc/vsftpd/email_passwords
358 This is the name of the user we use for handling anonymous FTP. The home
359 @@ -985,10 +985,10 @@ the manual page, on a per-user basis. Us
360 with an example. If you set
363 -.BR /etc/vsftpd_user_conf
364 +.BR /etc/vsftpd/user_conf
365 and then log on as the user "chris", then vsftpd will apply the settings in
367 -.BR /etc/vsftpd_user_conf/chris
368 +.BR /etc/vsftpd/user_conf/chris
369 for the duration of the session. The format of this file is as detailed in
370 this manual page! PLEASE NOTE that not all settings are effective on a
371 per-user basis. For example, many settings only prior to the user's session
372 @@ -1024,7 +1024,7 @@ This option is the name of the file load
376 -Default: /etc/vsftpd.user_list
377 +Default: /etc/vsftpd/user_list
380 This option is the name of the file to which we write the vsftpd style
381 diff -up vsftpd-2.2.0/vsftpd.conf.configuration vsftpd-2.2.0/vsftpd.conf
382 --- vsftpd-2.2.0/vsftpd.conf.configuration 2009-06-17 22:05:28.000000000 +0200
383 +++ vsftpd-2.2.0/vsftpd.conf 2009-08-04 07:53:13.000000000 +0200
385 -# Example config file /etc/vsftpd.conf
386 +# Example config file /etc/vsftpd/vsftpd.conf
388 # The default compiled in settings are fairly paranoid. This sample file
389 # loosens things up a bit, to make the ftp daemon more usable.
390 @@ -87,7 +87,7 @@ connect_from_port_20=YES
391 # useful for combatting certain DoS attacks.
392 #deny_email_enable=YES
394 -#banned_email_file=/etc/vsftpd.banned_emails
395 +#banned_email_file=/etc/vsftpd/banned_emails
397 # You may specify an explicit list of local users to chroot() to their home
398 # directory. If chroot_local_user is YES, then this list becomes a list of
399 @@ -95,7 +95,7 @@ connect_from_port_20=YES
400 #chroot_local_user=YES
401 #chroot_list_enable=YES
403 -#chroot_list_file=/etc/vsftpd.chroot_list
404 +#chroot_list_file=/etc/vsftpd/chroot_list
406 # You may activate the "-R" option to the builtin ls. This is disabled by
407 # default to avoid remote users being able to cause excessive I/O on large
408 @@ -112,3 +112,7 @@ listen=YES
409 # sockets, you must run two copies of vsftpd whith two configuration files.
410 # Make sure, that one of the listen options is commented !!
413 +pam_service_name=vsftpd