Created
May 20, 2019 16:33
-
-
Save basinilya/56c735e5c6b8d35c1bdeaac6bb0c0770 to your computer and use it in GitHub Desktop.
Run vsftpd as regular user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ./user_conf/dave | |
| local_root=/home/dave/ftp | |
| allow_writeable_chroot=YES |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dave |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This configuration requires running under both fakechroot+fakeroot | |
| # as in two-process mode vsftpd chroots regardless | |
| # this option is broken: it makes vsftpd run in one-process mode and | |
| # that only supports anonymous login, see vsf_one_process_login() | |
| #run_as_launching_user=YES | |
| # regular user can't listen on port 21 | |
| listen_port=2121 | |
| # the package is not installed and we don't have /etc/pam.d/vsftpd | |
| pam_service_name=su | |
| xferlog_enable=YES | |
| log_ftp_protocol=YES | |
| # Even though vsftpd checks password with PAM, it requires a passwordless chuid | |
| # after that and that doesn't work when run as regular user | |
| # You have to use virtual users with guest_username=<listener-user> for local | |
| # users and ftp_username=<listener-user> for anonymous user | |
| # See ./user_conf/* | |
| ftp_username=dave | |
| # This is optional: | |
| #anonymous_enable=YES | |
| # the package is not installed and we don't have /var/ftp | |
| anon_root=/usr/share/empty | |
| # vsftpd requires fakechroot for other purpuse so we enable this too: | |
| chroot_local_user=YES | |
| # maybe enable per-user | |
| #allow_writeable_chroot=YES | |
| # we need local users | |
| local_enable=YES | |
| # we need write | |
| write_enable=YES | |
| # defaults from rpm: | |
| local_umask=022 | |
| dirmessage_enable=YES | |
| listen=NO | |
| listen_ipv6=YES | |
| # only allow explicitly listed users | |
| userlist_deny=NO | |
| userlist_enable=YES | |
| userlist_file=/home/dave/vsftpd/etc/vsftpd/user_list.allow | |
| # per-user configs | |
| user_config_dir=/home/dave/vsftpd/etc/vsftpd/user_conf | |
| # libfakeroot requires a control process | |
| background=NO | |
| vsftpd_log_file=/home/dave/vsftpd/var/log/vsftpd.log | |
| xferlog_file=/home/dave/vsftpd/var/log/xferlog | |
| banned_email_file=/home/dave/vsftpd/etc/vsftpd/banned_emails | |
| chroot_list_file=/home/dave/vsftpd/etc/vsftpd/vsftpd.chroot_list | |
| email_password_file=/home/dave/vsftpd/etc/vsftpd/email_passwords | |
| rsa_cert_file=/home/dave/vsftpd/share/ssl/certs/vsftpd.pem |
Author
Never tried that with Docker. Are fakechroot+fakeroot .so libraries loaded by the vsftpd process? I was extracting those .so files from RPMs to /home/dave/vsftpd/lib/ and had a shell script that set LD_PRELOAD or something like that. Is this even needed with Docker? Can't you run the daemon as root there?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @basinilya ,
I used your template for creating a docker image. But I got a 530 permission denied at login. I created a local user "ftpsecure" which starts the deamon. This user is also user for login (like your dave). Local file permissions are currectly. Do U have any hint for me?
Kind regards