1 diff -ur vsftpd-3.0.3.orig/Changelog vsftpd-3.0.3/Changelog
2 --- vsftpd-3.0.3.orig/Changelog 2015-07-23 08:01:55.000000000 +0200
3 +++ vsftpd-3.0.3/Changelog 2019-01-30 17:56:49.864000000 +0100
5 - Pull in a couple of minor tidyup patches from Openwall.
6 - Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also
7 respect ordering with respect config files, e.g.
8 -vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO
9 +vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -olocal_enable=NO
10 Inspiration from Solar / Openwall.
12 - Revert listen to be "NO" by default and also set max_per_ip / max_clients
13 diff -ur vsftpd-3.0.3.orig/defs.h vsftpd-3.0.3/defs.h
14 --- vsftpd-3.0.3.orig/defs.h 2015-07-21 01:03:17.000000000 +0200
15 +++ vsftpd-3.0.3/defs.h 2019-01-30 17:56:04.488000000 +0100
20 -#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
21 +#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
23 #define VSFTP_COMMAND_FD 0
25 diff -ur vsftpd-3.0.3.orig/EXAMPLE/INTERNET_SITE_NOINETD/README vsftpd-3.0.3/EXAMPLE/INTERNET_SITE_NOINETD/README
26 --- vsftpd-3.0.3.orig/EXAMPLE/INTERNET_SITE_NOINETD/README 2008-02-02 02:30:40.000000000 +0100
27 +++ vsftpd-3.0.3/EXAMPLE/INTERNET_SITE_NOINETD/README 2019-01-30 17:56:53.536000000 +0100
30 To use this example config:
32 -1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
33 +1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
35 2) Start up vsftpd, e.g.
38 listen_address=192.168.1.2
40 And launch vsftpd with a specific config file like this:
41 -vsftpd /etc/vsftpd.conf.site1 &
42 +vsftpd /etc/vsftpd/vsftpd.conf.site1 &
44 diff -ur vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_HOSTS/README vsftpd-3.0.3/EXAMPLE/VIRTUAL_HOSTS/README
45 --- vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_HOSTS/README 2008-02-02 02:30:40.000000000 +0100
46 +++ vsftpd-3.0.3/EXAMPLE/VIRTUAL_HOSTS/README 2019-01-30 17:57:22.394000000 +0100
49 This launches this FTP site with a different vsftpd configuration file.
51 -cp /etc/vsftpd.conf /etc/vsftpd_site2.conf
52 +cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/site2.conf
55 ftp_username=ftp_site2
56 diff -ur vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_USERS_2/README vsftpd-3.0.3/EXAMPLE/VIRTUAL_USERS_2/README
57 --- vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_USERS_2/README 2008-02-02 02:30:40.000000000 +0100
58 +++ vsftpd-3.0.3/EXAMPLE/VIRTUAL_USERS_2/README 2019-01-30 17:57:02.448000000 +0100
60 Step 1) Activate per-user configurability.
62 To activate this powerful vsftpd feature, add the following to
64 +/etc/vsftpd/vsftpd.conf:
65 user_config_dir=/etc/vsftpd_user_conf
67 And, create this directory:
69 Check it out - login as tom and now "ls" will return a directory listing!
70 Log in as fred and it won't.
71 NOTE - restart vsftpd to pick up the config setting changes to
72 -/etc/vsftpd.conf. (Advanced users can send SIGHUP to the vsftpd listener
73 +/etc/vsftpd/vsftpd.conf. (Advanced users can send SIGHUP to the vsftpd listener
77 diff -ur vsftpd-3.0.3.orig/FAQ vsftpd-3.0.3/FAQ
78 --- vsftpd-3.0.3.orig/FAQ 2011-12-17 20:34:54.000000000 +0100
79 +++ vsftpd-3.0.3/FAQ 2019-01-30 17:56:34.417000000 +0100
81 Q) Help! Local users cannot log in.
82 A) There are various possible problems.
83 A1) By default, vsftpd disables any logins other than anonymous logins. Put
84 -local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
85 +local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
86 A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
87 find out whether this has happened or not). If vsftpd links with PAM, then
88 you will need to have a PAM file installed for the vsftpd service. There is
90 A4) If you are not using PAM, then vsftpd will do its own check for a valid
91 user shell in /etc/shells. You may need to disable this if you use an invalid
92 shell to disable logins other than FTP logins. Put check_shell=NO in your
94 +/etc/vsftpd/vsftpd.conf.
96 Q) Help! Uploads or other write commands give me "500 Unknown command.".
97 A) By default, write commands, including uploads and new directories, are
98 disabled. This is a security measure. To enable writes, put write_enable=YES
99 -in your /etc/vsftpd.conf.
100 +in your /etc/vsftpd/vsftpd.conf.
102 Q) Help! What are the security implications referred to in the
103 "chroot_local_user" option?
105 mode. Use "listen_address=x.x.x.x" to set the virtual IP.
107 Q) Help! Does vsftpd support virtual users?
108 -A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
109 +A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
110 has the effect of mapping every non-anonymous successful login to the local
111 username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
112 module to provide authentication against an external (i.e. non-/etc/passwd)
115 A) Install the libcap-devel. This certainly affects Fedora.
117 -Q) Help! I've put settings in /etc/vsftpd.conf, but they are not taking
118 +Q) Help! I've put settings in /etc/vsftpd/vsftpd.conf, but they are not taking
120 A) This is affecting some RedHat users - some RedHat versions put the config
121 file in /etc/vsftpd/vsftpd.conf.
122 diff -ur vsftpd-3.0.3.orig/README.ssl vsftpd-3.0.3/README.ssl
123 --- vsftpd-3.0.3.orig/README.ssl 2008-02-02 02:30:40.000000000 +0100
124 +++ vsftpd-3.0.3/README.ssl 2019-01-30 18:32:18.827000000 +0100
126 "#undef VSF_BUILD_SSL" to "#define VSF_BUILD_SSL".
127 - "ssl_enable=YES" in your vsftpd.conf.
128 - A SSL certificate. By default, an RSA certificate is looked for at the
129 -location /usr/share/ssl/certs/vsftpd.pem. To get an RSA certificate, either
130 +location /etc/vsftpd/vsftpd.pem. To get an RSA certificate, either
131 buy one from a certificate authority, or you can create your own self-signed
132 certificate. If you have OpenSSL installed, you may find a "Makefile" in
133 your shared certificates directory, e.g. /usr/share/ssl/certs. In that case,
134 diff -ur vsftpd-3.0.3.orig/tunables.c vsftpd-3.0.3/tunables.c
135 --- vsftpd-3.0.3.orig/tunables.c 2015-07-23 06:13:07.000000000 +0200
136 +++ vsftpd-3.0.3/tunables.c 2019-01-30 18:29:26.569000000 +0100
137 @@ -262,11 +262,11 @@
138 install_str_setting(".message", &tunable_message_file);
139 install_str_setting("nobody", &tunable_nopriv_user);
140 install_str_setting(0, &tunable_ftpd_banner);
141 - install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
142 - install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
143 + install_str_setting("/etc/vsftpd/vsftpd.banned_emails", &tunable_banned_email_file);
144 + install_str_setting("/etc/vsftpd/vsftpd.chroot_list", &tunable_chroot_list_file);
145 install_str_setting("ftp", &tunable_pam_service_name);
146 install_str_setting("ftp", &tunable_guest_username);
147 - install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
148 + install_str_setting("/etc/vsftpd/vsftpd.user_list", &tunable_userlist_file);
149 install_str_setting(0, &tunable_anon_root);
150 install_str_setting(0, &tunable_local_root);
151 install_str_setting(0, &tunable_banner_file);
153 install_str_setting(0, &tunable_hide_file);
154 install_str_setting(0, &tunable_deny_file);
155 install_str_setting(0, &tunable_user_sub_token);
156 - install_str_setting("/etc/vsftpd.email_passwords",
157 + install_str_setting("/etc/vsftpd/vsftpd.email_passwords",
158 &tunable_email_password_file);
159 - install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
160 + install_str_setting("/etc/vsftpd/vsftpd.pem",
161 &tunable_rsa_cert_file);
162 install_str_setting(0, &tunable_dsa_cert_file);
163 install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
164 diff -ur vsftpd-3.0.3.orig/vsftpd.8 vsftpd-3.0.3/vsftpd.8
165 --- vsftpd-3.0.3.orig/vsftpd.8 2009-07-17 22:56:23.000000000 +0200
166 +++ vsftpd-3.0.3/vsftpd.8 2019-01-30 17:56:25.649000000 +0100
168 recommended. It is activated by setting
171 -.Pa /etc/vsftpd.conf .
172 +.Pa /etc/vsftpd/vsftpd.conf .
173 Direct execution of the
175 binary will then launch the FTP service ready for immediate client connections.
177 as a config file that will be loaded. Note that config files are loaded in the
178 strict order that they are encountered on the command line.
179 If no config files are specified, the default configuration file of
180 -.Pa /etc/vsftpd.conf
181 +.Pa /etc/vsftpd/vsftpd.conf
182 will be loaded, after all other command line options are processed.
184 Supported options are:
189 -vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah
190 +vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah
192 That example overrides vsftpd's built-in default for the "listen" option to be
193 -NO, but then loads /etc/vsftpd.conf which may override that setting. Finally,
194 +NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting. Finally,
195 the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd
196 setting and any identical setting that was in the config file.
198 -.Pa /etc/vsftpd.conf
199 +.Pa /etc/vsftpd/vsftpd.conf
203 diff -ur vsftpd-3.0.3.orig/vsftpd.conf vsftpd-3.0.3/vsftpd.conf
204 --- vsftpd-3.0.3.orig/vsftpd.conf 2011-12-17 19:24:40.000000000 +0100
205 +++ vsftpd-3.0.3/vsftpd.conf 2019-01-30 18:30:05.393000000 +0100
207 -# Example config file /etc/vsftpd.conf
208 +# Example config file /etc/vsftpd/vsftpd.conf
210 # The default compiled in settings are fairly paranoid. This sample file
211 # loosens things up a bit, to make the ftp daemon more usable.
213 # useful for combatting certain DoS attacks.
214 #deny_email_enable=YES
216 -#banned_email_file=/etc/vsftpd.banned_emails
217 +#banned_email_file=/etc/vsftpd/vsftpd.banned_emails
219 # You may specify an explicit list of local users to chroot() to their home
220 # directory. If chroot_local_user is YES, then this list becomes a list of
222 #chroot_local_user=YES
223 #chroot_list_enable=YES
225 -#chroot_list_file=/etc/vsftpd.chroot_list
226 +#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
228 # You may activate the "-R" option to the builtin ls. This is disabled by
229 # default to avoid remote users being able to cause excessive I/O on large
230 diff -ur vsftpd-3.0.3.orig/vsftpd.conf.5 vsftpd-3.0.3/vsftpd.conf.5
231 --- vsftpd-3.0.3.orig/vsftpd.conf.5 2009-10-19 04:46:30.000000000 +0200
232 +++ vsftpd-3.0.3/vsftpd.conf.5 2019-01-30 18:32:09.195000000 +0100
235 vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
236 default, vsftpd looks for this file at the location
237 -.BR /etc/vsftpd.conf .
238 +.BR /etc/vsftpd/vsftpd.conf .
239 However, you may override this by specifying a command line argument to
240 vsftpd. The command line argument is the pathname of the configuration file
241 for vsftpd. This behaviour is useful because you may wish to use an advanced
243 different if chroot_local_user is set to YES. In this case, the list becomes
244 a list of users which are NOT to be placed in a chroot() jail.
245 By default, the file containing this list is
246 -/etc/vsftpd.chroot_list, but you may override this with the
247 +/etc/vsftpd/vsftpd.chroot_list, but you may override this with the
253 If activated, you may provide a list of anonymous password e-mail responses
254 which cause login to be denied. By default, the file containing this list is
255 -/etc/vsftpd.banned_emails, but you may override this with the
256 +/etc/vsftpd/vsftpd.banned_emails, but you may override this with the
257 .BR banned_email_file
261 file specified by the
262 .BR email_password_file
263 setting. The file format is one password per line, no extra whitespace. The
264 -default filename is /etc/vsftpd.email_passwords.
265 +default filename is /etc/vsftpd/vsftpd.email_passwords.
270 .BR deny_email_enable
273 -Default: /etc/vsftpd.banned_emails
274 +Default: /etc/vsftpd/vsftpd.banned_emails
277 This option is the name of a file containing text to display when someone
279 is enabled, then the list file becomes a list of users to NOT place in a
282 -Default: /etc/vsftpd.chroot_list
283 +Default: /etc/vsftpd/vsftpd.chroot_list
286 This options specifies a comma separated list of allowed FTP commands (post
288 .BR secure_email_list_enable
291 -Default: /etc/vsftpd.email_passwords
292 +Default: /etc/vsftpd/vsftpd.email_passwords
295 This is the name of the user we use for handling anonymous FTP. The home
297 This option specifies the location of the RSA certificate to use for SSL
298 encrypted connections.
300 -Default: /usr/share/ssl/certs/vsftpd.pem
301 +Default: /etc/vsftpd/vsftpd.pem
303 .B rsa_private_key_file
304 This option specifies the location of the RSA private key to use for SSL
305 @@ -1026,7 +1026,7 @@
309 -Default: /etc/vsftpd.user_list
310 +Default: /etc/vsftpd/vsftpd.user_list
313 This option is the name of the file to which we write the vsftpd style