This is the Very Secure FTP Daemon. A newly written server which

strives to be small, fast and secure.  Supposedly tested by Redhat
recently with their 7.2 release to be excellent.  The author has
benchmarks comparing it to wu-ftpd in the docs.  Its amazing how
everybody beats up on wu-ftpd these days :)

This ebuild takes advantage of /etc/xinetd.d.  In there you will
find a configuration sample for vsftpd.  Its disabled by default.
Basically, all you need to do to use this package is turn on the
server in the /etc/xinetd.d/vsftpd file, and tune the
/etc/vsftpd/vsftpd.conf to your tastes.  Although you'll first
have to either create that file or move one into place from the
sample you'll find there.  ~Woodchip

7 files changed, 342 insertions, 0 deletions

diff --git a/net-ftp/vsftpd/files/digest-vsftpd-1.0.1 b/net-ftp/vsftpd/files/digest-vsftpd-1.0.1
new file mode 100644
index 000000000000..e2bc9c08cef3
--- /dev/null
+++ b/net-ftp/vsftpd/files/digest-vsftpd-1.0.1
@@ -0,0 +1 @@
+MD5 a30724a5e56091164f538bbdce10cdf4 vsftpd-1.0.1.tar.gz 94208
diff --git a/net-ftp/vsftpd/files/ftpusers b/net-ftp/vsftpd/files/ftpusers
new file mode 100644
index 000000000000..4a760f54675e
--- /dev/null
+++ b/net-ftp/vsftpd/files/ftpusers
@@ -0,0 +1,36 @@
+# /etc/ftpusers: list of users disallowed FTP access.
+# 
+
+halt
+operator
+root
+shutdown
+sync
+bin
+daemon
+adm
+lp
+mail
+postmaster
+news
+uucp
+man
+games
+at
+cron
+www
+named
+squid
+gdm
+mysql
+postgres
+guest
+nobody
+alias
+qmaild
+qmaill
+qmailp
+qmailq
+qmailr
+qmails
+postfix
diff --git a/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff b/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff
new file mode 100644
index 000000000000..fa2e3c56ef9f
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff
@@ -0,0 +1,144 @@
+diff -ur vsftpd-1.0.1.orig/defs.h vsftpd-1.0.1/defs.h
+--- vsftpd-1.0.1.orig/defs.h	Sat Aug  4 18:53:32 2001
++++ vsftpd-1.0.1/defs.h	Tue Nov 20 22:56:43 2001
+@@ -1,7 +1,7 @@
+ #ifndef VSF_DEFS_H
+ #define VSF_DEFS_H
+ 
+-#define VSFTP_DEFAULT_CONFIG    "/etc/vsftpd.conf"
++#define VSFTP_DEFAULT_CONFIG    "/etc/vsftpd/vsftpd.conf"
+ 
+ #define VSFTP_COMMAND_FD        0
+ 
+diff -ur vsftpd-1.0.1.orig/tunables.c vsftpd-1.0.1/tunables.c
+--- vsftpd-1.0.1.orig/tunables.c	Wed Nov  7 20:24:53 2001
++++ vsftpd-1.0.1/tunables.c	Tue Nov 20 22:57:11 2001
+@@ -50,19 +50,19 @@
+ unsigned int tunable_anon_max_rate = 0;
+ unsigned int tunable_local_max_rate = 0;
+ 
+-const char* tunable_secure_chroot_dir = "/usr/share/empty";
++const char* tunable_secure_chroot_dir = "/usr/share/vsftpd/empty";
+ const char* tunable_ftp_username = "ftp";
+ const char* tunable_chown_username = "root";
+-const char* tunable_xferlog_file = "/var/log/vsftpd.log";
++const char* tunable_xferlog_file = "/var/log/vsftpd/vsftpd.log";
+ const char* tunable_message_file = ".message";
+ /* XXX -> "secure"? */
+ const char* tunable_nopriv_user = "nobody";
+ const char* tunable_ftpd_banner = 0;
+-const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails";
+-const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list";
+-const char* tunable_pam_service_name = "ftp";
++const char* tunable_banned_email_file = "/etc/vsftpd/vsftpd.banned_emails";
++const char* tunable_chroot_list_file = "/etc/vsftpd/vsftpd.chroot_list";
++const char* tunable_pam_service_name = "vsftpd";
+ const char* tunable_guest_username = "ftp";
+-const char* tunable_userlist_file = "/etc/vsftpd.user_list";
++const char* tunable_userlist_file = "/etc/vsftpd/vsftpd.user_list";
+ const char* tunable_anon_root = 0;
+ const char* tunable_local_root = 0;
+ 
+diff -ur vsftpd-1.0.1.orig/vsftpd.8 vsftpd-1.0.1/vsftpd.8
+--- vsftpd-1.0.1.orig/vsftpd.8	Sun Mar 11 20:14:07 2001
++++ vsftpd-1.0.1/vsftpd.8	Tue Nov 20 22:56:43 2001
+@@ -20,7 +20,7 @@
+ An optional
+ .Op configuration file
+ may be given on the command line.  The default configuration file is
+-.Pa /etc/vsftpd.conf .
++.Pa /etc/vsftpd/vsftpd.conf .
+ .Sh SEE ALSO
+ .Xr vsftpd.conf 5
+ 
+diff -ur vsftpd-1.0.1.orig/vsftpd.conf.5 vsftpd-1.0.1/vsftpd.conf.5
+--- vsftpd-1.0.1.orig/vsftpd.conf.5	Wed Nov  7 20:30:21 2001
++++ vsftpd-1.0.1/vsftpd.conf.5	Tue Nov 20 22:58:09 2001
+@@ -4,7 +4,7 @@
+ .SH DESCRIPTION
+ vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
+ default, vsftpd looks for this file at the location
+-.BR /etc/vsftpd.conf .
++.BR /etc/vsftpd/vsftpd.conf .
+ However, you may override this by specifying a command line argument to
+ vsftpd. The command line argument is the pathname of the configuration file
+ for vsftpd. This behaviour is useful because you may wish to use an advanced
+@@ -109,7 +109,7 @@
+ different if chroot_local_user is set to YES. In this case, the list becomes
+ a list of users which are NOT to be placed in a chroot() jail.
+ By default, the file containing this list is
+-/etc/vsftpd.chroot_list, but you may override this with the
++/etc/vsftpd/vsftpd.chroot_list, but you may override this with the
+ .BR chroot_list_file
+ setting.
+ 
+@@ -135,7 +135,7 @@
+ .B deny_email_enable
+ If activated, you may provide a list of anonymous password e-mail responses
+ which cause login to be denied. By default, the file containing this list is
+-/etc/vsftpd.banned_emails, but you may override this with the
++/etc/vsftpd/vsftpd.banned_emails, but you may override this with the
+ .BR banned_email_file
+ setting.
+ 
+@@ -249,7 +249,7 @@
+ .TP
+ .B xferlog_enable
+ If enabled, a log file will be maintained detailling uploads and downloads.
+-By default, this file will be placed at /var/log/vsftpd.log, but this location
++By default, this file will be placed at /var/log/vsftpd/vsftpd.log, but this location
+ may be overridden using the configuration setting
+ .BR xferlog_file .
+ 
+@@ -355,7 +355,7 @@
+ .BR deny_email_enable
+ is enabled.
+ 
+-Default: /etc/vsftpd.banned_emails
++Default: /etc/vsftpd/vsftpd.banned_emails
+ .TP
+ .B chown_username
+ This is the name of the user who is given ownership of anonymously uploaded
+@@ -374,7 +374,7 @@
+ .BR chroot_local_user
+ is disabled.
+ 
+-Default: /etc/vsftpd.chroot_list
++Default: /etc/vsftpd/vsftpd.chroot_list
+ .TP
+ .B guest_username
+ See the boolean setting
+@@ -422,21 +422,21 @@
+ .B pam_service_name
+ This string is the name of the PAM service vsftpd will use.
+ 
+-Default: ftp
++Default: vsftpd
+ .TP
+ .B secure_chroot_dir
+ This option should be the name of a directory which is empty. Also, the
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+ 
+-Default: /usr/share/empty
++Default: /usr/share/vsftpd/empty
+ .TP
+ .B userlist_file
+ This option is the name of the file loaded when the
+ .BR userlist_enable
+ option is active.
+ 
+-Default: /etc/vsftpd.user_list
++Default: /etc/vsftpd/vsftpd.user_list
+ .TP
+ .B xferlog_file
+ This option is the name of the file to which we write the transfer log. The
+@@ -444,7 +444,7 @@
+ .BR xferlog_enable
+ is set.
+ 
+-Default: /var/log/vsftpd.log
++Default: /var/log/vsftpd/vsftpd.log
+ 
+ .SH AUTHOR
+ chris@scary.beasts.org
diff --git a/net-ftp/vsftpd/files/vsftpd.conf b/net-ftp/vsftpd/files/vsftpd.conf
new file mode 100644
index 000000000000..f7334e984824
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.conf
@@ -0,0 +1,100 @@
+#
+# Example vsftpd config file
+#
+# See man 5 vsftpd.conf for more information.
+#
+
+# Allow anonymous FTP?
+anonymous_enable=YES
+
+# Uncomment this to allow local users to log in.
+#local_enable=YES
+
+# Uncomment this to enable any form of FTP write command.
+#write_enable=YES
+
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#local_umask=022
+
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+
+# You may override where the log file goes if you like. The default is shown
+# below.
+xferlog_file=/var/log/vsftpd/vsftpd.log
+
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+nopriv_user=nobody
+
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd/vsftpd.banned_emails
+
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
+
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
diff --git a/net-ftp/vsftpd/files/vsftpd.pam b/net-ftp/vsftpd/files/vsftpd.pam
new file mode 100644
index 000000000000..ba1a4023ab4f
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     required  /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth     required  /lib/security/pam_pwdb.so shadow nullok
+auth     required  /lib/security/pam_shells.so
+account  required  /lib/security/pam_pwdb.so
+session  required  /lib/security/pam_pwdb.so
diff --git a/net-ftp/vsftpd/files/vsftpd.xinetd b/net-ftp/vsftpd/files/vsftpd.xinetd
new file mode 100644
index 000000000000..d77213fa5ca3
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.xinetd
@@ -0,0 +1,15 @@
+# default: off
+# description: Vsftpd is an FTP server, designed to be secure.
+
+service ftp
+{
+	socket_type     = stream
+	wait            = no
+	user            = root
+	server          = /usr/sbin/vsftpd
+	server_args     = /etc/vsftpd/vsftpd.conf
+	log_on_success  += DURATION USERID
+	log_on_failure  += USERID
+	nice            = 10
+	disable         = yes
+}
diff --git a/net-ftp/vsftpd/vsftpd-1.0.1.ebuild b/net-ftp/vsftpd/vsftpd-1.0.1.ebuild
new file mode 100644
index 000000000000..e049d9225197
--- /dev/null
+++ b/net-ftp/vsftpd/vsftpd-1.0.1.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2000 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Author Donny Davies <woodchip@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/vsftpd-1.0.1.ebuild,v 1.1 2001/11/21 05:44:08 woodchip Exp $
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind"
+SRC_URI="ftp://ferret.lmh.ox.ac.uk/pub/linux/${P}.tar.gz"
+
+DEPEND="virtual/glibc >=sys-libs/pam-0.75"
+RDEPEND="${DEPEND} sys-apps/xinetd"
+
+src_unpack() {
+
+	unpack ${A} ; cd ${S}
+	patch -p1 < ${FILESDIR}/${PF}-gentoo.diff || die "bad patchfile"
+}
+
+src_compile() {
+
+	make CFLAGS="${CFLAGS}" || die "compile problem"
+}
+
+src_install () {
+
+	dodir /home/ftp /usr/share/vsftpd/empty /var/log/vsftpd
+	doman vsftpd.conf.5 vsftpd.8
+	dosbin vsftpd
+
+	dodoc AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL KERNEL-2.4.0-WARNING
+	dodoc LICENSE README README.security REWARD SIZE SPEED TODO TUNING
+	docinto security ; dodoc SECURITY/*
+	newdoc ${FILESDIR}/vsftpd.conf vsftpd.conf.sample
+	newdoc vsftpd.conf vsftpd.conf.dist.sample
+
+	insinto /etc ; doins ${FILESDIR}/ftpusers
+	insinto /etc/vsftpd ; newins ${FILESDIR}/vsftpd.conf vsftpd.conf.sample
+	insinto /etc/xinetd.d ; newins ${FILESDIR}/vsftpd.xinetd vsftpd
+	insinto /etc/pam.d ; newins ${FILESDIR}/vsftpd.pam vsftpd
+}