Package: vsftpd / 3.0.2-17+deb8u1

0002-config.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
Author: Daniel Jacobowitz <dan@debian.org>
Description: Set default configuration.

diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
--- vsftpd.orig/tunables.c
+++ vsftpd/tunables.c
@@ -246,7 +246,7 @@ tunables_load_defaults()
   /* -rw------- */
   tunable_chown_upload_mode = 0600;
 
-  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
   install_str_setting("ftp", &tunable_ftp_username);
   install_str_setting("root", &tunable_chown_username);
   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
@@ -256,7 +256,7 @@ tunables_load_defaults()
   install_str_setting(0, &tunable_ftpd_banner);
   install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
   install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
-  install_str_setting("ftp", &tunable_pam_service_name);
+  install_str_setting("vsftpd", &tunable_pam_service_name);
   install_str_setting("ftp", &tunable_guest_username);
   install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
   install_str_setting(0, &tunable_anon_root);
diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
--- vsftpd.orig/vsftpd.conf
+++ vsftpd/vsftpd.conf
@@ -8,6 +8,17 @@
 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
 # capabilities.
 #
+#
+# Run standalone?  vsftpd can run either from an inetd or as a standalone
+# daemon started from an initscript.
+listen=YES
+#
+# Run standalone with IPv6?
+# Like the listen parameter, except vsftpd will listen on an IPv6 socket
+# instead of an IPv4 one. This parameter and the listen parameter are mutually
+# exclusive.
+#listen_ipv6=YES
+#
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=YES
 #
@@ -34,6 +45,12 @@ anonymous_enable=YES
 # go into a certain directory.
 dirmessage_enable=YES
 #
+# If enabled, vsftpd will display directory listings with the time
+# in  your  local  time  zone.  The default is to display GMT. The
+# times returned by the MDTM FTP command are also affected by this
+# option.
+use_localtime=YES
+#
 # Activate logging of uploads/downloads.
 xferlog_enable=YES
 #
@@ -89,6 +106,11 @@ connect_from_port_20=YES
 # (default follows)
 #banned_email_file=/etc/vsftpd.banned_emails
 #
+# You may restrict local users to their home directories.  See the FAQ for
+# the possible risks in this before using chroot_local_user or
+# chroot_list_enable below.
+#chroot_local_user=YES
+#
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
@@ -103,12 +125,20 @@ connect_from_port_20=YES
 # the presence of the "-R" option, so there is a strong case for enabling it.
 #ls_recurse_enable=YES
 #
-# When "listen" directive is enabled, vsftpd runs in standalone mode and
-# listens on IPv4 sockets. This directive cannot be used in conjunction
-# with the listen_ipv6 directive.
-listen=YES
+# Customization
 #
-# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
-# sockets, you must run two copies of vsftpd with two configuration files.
-# Make sure, that one of the listen options is commented !!
-#listen_ipv6=YES
+# Some of vsftpd's settings don't fit the filesystem layout by
+# default.
+#
+# This option should be the name of a directory which is empty.  Also, the
+# directory should not be writable by the ftp user. This directory is used
+# as a secure chroot() jail at times vsftpd does not require filesystem
+# access.
+secure_chroot_dir=/var/run/vsftpd/empty
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+rsa_cert_file=/etc/ssl/private/vsftpd.pem
diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
--- vsftpd.orig/vsftpd.conf.5
+++ vsftpd/vsftpd.conf.5
@@ -940,7 +940,7 @@ Default: nobody
 .B pam_service_name
 This string is the name of the PAM service vsftpd will use.
 
-Default: ftp
+Default: vsftpd
 .TP
 .B pasv_address
 Use this option to override the IP address that vsftpd will advertise in
@@ -969,7 +969,7 @@ This option should be the name of a dire
 directory should not be writable by the ftp user. This directory is used
 as a secure chroot() jail at times vsftpd does not require filesystem access.
 
-Default: /usr/share/empty
+Default: /var/run/vsftpd/empty
 .TP
 .B ssl_ciphers
 This option can be used to select which SSL ciphers vsftpd will allow for