diff -ur vsftpd-3.0.3.orig/Changelog vsftpd-3.0.3/Changelog --- vsftpd-3.0.3.orig/Changelog 2015-07-23 08:01:55.000000000 +0200 +++ vsftpd-3.0.3/Changelog 2019-01-30 17:56:49.864000000 +0100 @@ -1159,7 +1159,7 @@ - Pull in a couple of minor tidyup patches from Openwall. - Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also respect ordering with respect config files, e.g. -vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO +vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -olocal_enable=NO Inspiration from Solar / Openwall. (vsftpd-2.2.0pre2) - Revert listen to be "NO" by default and also set max_per_ip / max_clients diff -ur vsftpd-3.0.3.orig/defs.h vsftpd-3.0.3/defs.h --- vsftpd-3.0.3.orig/defs.h 2015-07-21 01:03:17.000000000 +0200 +++ vsftpd-3.0.3/defs.h 2019-01-30 17:56:04.488000000 +0100 @@ -1,7 +1,7 @@ #ifndef VSF_DEFS_H #define VSF_DEFS_H -#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf" +#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" #define VSFTP_COMMAND_FD 0 diff -ur vsftpd-3.0.3.orig/EXAMPLE/INTERNET_SITE_NOINETD/README vsftpd-3.0.3/EXAMPLE/INTERNET_SITE_NOINETD/README --- vsftpd-3.0.3.orig/EXAMPLE/INTERNET_SITE_NOINETD/README 2008-02-02 02:30:40.000000000 +0100 +++ vsftpd-3.0.3/EXAMPLE/INTERNET_SITE_NOINETD/README 2019-01-30 17:56:53.536000000 +0100 @@ -17,7 +17,7 @@ To use this example config: -1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf. +1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf. 2) Start up vsftpd, e.g. vsftpd & @@ -51,5 +51,5 @@ listen_address=192.168.1.2 And launch vsftpd with a specific config file like this: -vsftpd /etc/vsftpd.conf.site1 & +vsftpd /etc/vsftpd/vsftpd.conf.site1 & diff -ur vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_HOSTS/README vsftpd-3.0.3/EXAMPLE/VIRTUAL_HOSTS/README --- vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_HOSTS/README 2008-02-02 02:30:40.000000000 +0100 +++ vsftpd-3.0.3/EXAMPLE/VIRTUAL_HOSTS/README 2019-01-30 17:57:22.394000000 +0100 @@ -43,7 +43,7 @@ This launches this FTP site with a different vsftpd configuration file. -cp /etc/vsftpd.conf /etc/vsftpd_site2.conf +cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/site2.conf Add two lines: ftp_username=ftp_site2 diff -ur vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_USERS_2/README vsftpd-3.0.3/EXAMPLE/VIRTUAL_USERS_2/README --- vsftpd-3.0.3.orig/EXAMPLE/VIRTUAL_USERS_2/README 2008-02-02 02:30:40.000000000 +0100 +++ vsftpd-3.0.3/EXAMPLE/VIRTUAL_USERS_2/README 2019-01-30 17:57:02.448000000 +0100 @@ -15,7 +15,7 @@ Step 1) Activate per-user configurability. To activate this powerful vsftpd feature, add the following to -/etc/vsftpd.conf: +/etc/vsftpd/vsftpd.conf: user_config_dir=/etc/vsftpd_user_conf And, create this directory: @@ -39,7 +39,7 @@ Check it out - login as tom and now "ls" will return a directory listing! Log in as fred and it won't. NOTE - restart vsftpd to pick up the config setting changes to -/etc/vsftpd.conf. (Advanced users can send SIGHUP to the vsftpd listener +/etc/vsftpd/vsftpd.conf. (Advanced users can send SIGHUP to the vsftpd listener process). diff -ur vsftpd-3.0.3.orig/FAQ vsftpd-3.0.3/FAQ --- vsftpd-3.0.3.orig/FAQ 2011-12-17 20:34:54.000000000 +0100 +++ vsftpd-3.0.3/FAQ 2019-01-30 17:56:34.417000000 +0100 @@ -35,7 +35,7 @@ Q) Help! Local users cannot log in. A) There are various possible problems. A1) By default, vsftpd disables any logins other than anonymous logins. Put -local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. +local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in. A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is @@ -47,12 +47,12 @@ A4) If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your -/etc/vsftpd.conf. +/etc/vsftpd/vsftpd.conf. Q) Help! Uploads or other write commands give me "500 Unknown command.". A) By default, write commands, including uploads and new directories, are disabled. This is a security measure. To enable writes, put write_enable=YES -in your /etc/vsftpd.conf. +in your /etc/vsftpd/vsftpd.conf. Q) Help! What are the security implications referred to in the "chroot_local_user" option? @@ -88,7 +88,7 @@ mode. Use "listen_address=x.x.x.x" to set the virtual IP. Q) Help! Does vsftpd support virtual users? -A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This +A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This has the effect of mapping every non-anonymous successful login to the local username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb module to provide authentication against an external (i.e. non-/etc/passwd) @@ -154,7 +154,7 @@ users a lot. A) Install the libcap-devel. This certainly affects Fedora. -Q) Help! I've put settings in /etc/vsftpd.conf, but they are not taking +Q) Help! I've put settings in /etc/vsftpd/vsftpd.conf, but they are not taking effect! A) This is affecting some RedHat users - some RedHat versions put the config file in /etc/vsftpd/vsftpd.conf. diff -ur vsftpd-3.0.3.orig/README.ssl vsftpd-3.0.3/README.ssl --- vsftpd-3.0.3.orig/README.ssl 2008-02-02 02:30:40.000000000 +0100 +++ vsftpd-3.0.3/README.ssl 2019-01-30 18:32:18.827000000 +0100 @@ -27,7 +27,7 @@ "#undef VSF_BUILD_SSL" to "#define VSF_BUILD_SSL". - "ssl_enable=YES" in your vsftpd.conf. - A SSL certificate. By default, an RSA certificate is looked for at the -location /usr/share/ssl/certs/vsftpd.pem. To get an RSA certificate, either +location /etc/vsftpd/vsftpd.pem. To get an RSA certificate, either buy one from a certificate authority, or you can create your own self-signed certificate. If you have OpenSSL installed, you may find a "Makefile" in your shared certificates directory, e.g. /usr/share/ssl/certs. In that case, diff -ur vsftpd-3.0.3.orig/tunables.c vsftpd-3.0.3/tunables.c --- vsftpd-3.0.3.orig/tunables.c 2015-07-23 06:13:07.000000000 +0200 +++ vsftpd-3.0.3/tunables.c 2019-01-30 18:29:26.569000000 +0100 @@ -262,11 +262,11 @@ install_str_setting(".message", &tunable_message_file); install_str_setting("nobody", &tunable_nopriv_user); install_str_setting(0, &tunable_ftpd_banner); - install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); - install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); + install_str_setting("/etc/vsftpd/vsftpd.banned_emails", &tunable_banned_email_file); + install_str_setting("/etc/vsftpd/vsftpd.chroot_list", &tunable_chroot_list_file); install_str_setting("ftp", &tunable_pam_service_name); install_str_setting("ftp", &tunable_guest_username); - install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); + install_str_setting("/etc/vsftpd/vsftpd.user_list", &tunable_userlist_file); install_str_setting(0, &tunable_anon_root); install_str_setting(0, &tunable_local_root); install_str_setting(0, &tunable_banner_file); @@ -279,9 +279,9 @@ install_str_setting(0, &tunable_hide_file); install_str_setting(0, &tunable_deny_file); install_str_setting(0, &tunable_user_sub_token); - install_str_setting("/etc/vsftpd.email_passwords", + install_str_setting("/etc/vsftpd/vsftpd.email_passwords", &tunable_email_password_file); - install_str_setting("/usr/share/ssl/certs/vsftpd.pem", + install_str_setting("/etc/vsftpd/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers); diff -ur vsftpd-3.0.3.orig/vsftpd.8 vsftpd-3.0.3/vsftpd.8 --- vsftpd-3.0.3.orig/vsftpd.8 2009-07-17 22:56:23.000000000 +0200 +++ vsftpd-3.0.3/vsftpd.8 2019-01-30 17:56:25.649000000 +0100 @@ -21,7 +21,7 @@ recommended. It is activated by setting .Pa listen=YES in -.Pa /etc/vsftpd.conf . +.Pa /etc/vsftpd/vsftpd.conf . Direct execution of the .Nm vsftpd binary will then launch the FTP service ready for immediate client connections. @@ -33,7 +33,7 @@ as a config file that will be loaded. Note that config files are loaded in the strict order that they are encountered on the command line. If no config files are specified, the default configuration file of -.Pa /etc/vsftpd.conf +.Pa /etc/vsftpd/vsftpd.conf will be loaded, after all other command line options are processed. .Pp Supported options are: @@ -47,14 +47,14 @@ config files. .El .Sh EXAMPLES -vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah +vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah .Pp That example overrides vsftpd's built-in default for the "listen" option to be -NO, but then loads /etc/vsftpd.conf which may override that setting. Finally, +NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting. Finally, the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd setting and any identical setting that was in the config file. .Sh FILES -.Pa /etc/vsftpd.conf +.Pa /etc/vsftpd/vsftpd.conf .Sh SEE ALSO .Xr vsftpd.conf 5 .end diff -ur vsftpd-3.0.3.orig/vsftpd.conf vsftpd-3.0.3/vsftpd.conf --- vsftpd-3.0.3.orig/vsftpd.conf 2011-12-17 19:24:40.000000000 +0100 +++ vsftpd-3.0.3/vsftpd.conf 2019-01-30 18:30:05.393000000 +0100 @@ -1,4 +1,4 @@ -# Example config file /etc/vsftpd.conf +# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. @@ -87,7 +87,7 @@ # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) -#banned_email_file=/etc/vsftpd.banned_emails +#banned_email_file=/etc/vsftpd/vsftpd.banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of @@ -98,7 +98,7 @@ #chroot_local_user=YES #chroot_list_enable=YES # (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list +#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large diff -ur vsftpd-3.0.3.orig/vsftpd.conf.5 vsftpd-3.0.3/vsftpd.conf.5 --- vsftpd-3.0.3.orig/vsftpd.conf.5 2009-10-19 04:46:30.000000000 +0200 +++ vsftpd-3.0.3/vsftpd.conf.5 2019-01-30 18:32:09.195000000 +0100 @@ -4,7 +4,7 @@ .SH DESCRIPTION vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for this file at the location -.BR /etc/vsftpd.conf . +.BR /etc/vsftpd/vsftpd.conf . However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced @@ -138,7 +138,7 @@ different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is -/etc/vsftpd.chroot_list, but you may override this with the +/etc/vsftpd/vsftpd.chroot_list, but you may override this with the .BR chroot_list_file setting. @@ -177,7 +177,7 @@ .B deny_email_enable If activated, you may provide a list of anonymous password e-mail responses which cause login to be denied. By default, the file containing this list is -/etc/vsftpd.banned_emails, but you may override this with the +/etc/vsftpd/vsftpd.banned_emails, but you may override this with the .BR banned_email_file setting. @@ -433,7 +433,7 @@ file specified by the .BR email_password_file setting. The file format is one password per line, no extra whitespace. The -default filename is /etc/vsftpd.email_passwords. +default filename is /etc/vsftpd/vsftpd.email_passwords. Default: NO .TP @@ -764,7 +764,7 @@ .BR deny_email_enable is enabled. -Default: /etc/vsftpd.banned_emails +Default: /etc/vsftpd/vsftpd.banned_emails .TP .B banner_file This option is the name of a file containing text to display when someone @@ -803,7 +803,7 @@ is enabled, then the list file becomes a list of users to NOT place in a chroot() jail. -Default: /etc/vsftpd.chroot_list +Default: /etc/vsftpd/vsftpd.chroot_list .TP .B cmds_allowed This options specifies a comma separated list of allowed FTP commands (post @@ -864,7 +864,7 @@ .BR secure_email_list_enable setting. -Default: /etc/vsftpd.email_passwords +Default: /etc/vsftpd/vsftpd.email_passwords .TP .B ftp_username This is the name of the user we use for handling anonymous FTP. The home @@ -955,7 +955,7 @@ This option specifies the location of the RSA certificate to use for SSL encrypted connections. -Default: /usr/share/ssl/certs/vsftpd.pem +Default: /etc/vsftpd/vsftpd.pem .TP .B rsa_private_key_file This option specifies the location of the RSA private key to use for SSL @@ -1026,7 +1026,7 @@ .BR userlist_enable option is active. -Default: /etc/vsftpd.user_list +Default: /etc/vsftpd/vsftpd.user_list .TP .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style