Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net-ftp/vsftpd/files/digest-vsftpd-1.0.11
-rw-r--r--net-ftp/vsftpd/files/ftpusers36
-rw-r--r--net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff144
-rw-r--r--net-ftp/vsftpd/files/vsftpd.conf100
-rw-r--r--net-ftp/vsftpd/files/vsftpd.pam6
-rw-r--r--net-ftp/vsftpd/files/vsftpd.xinetd15
-rw-r--r--net-ftp/vsftpd/vsftpd-1.0.1.ebuild40
7 files changed, 342 insertions, 0 deletions
diff --git a/net-ftp/vsftpd/files/digest-vsftpd-1.0.1 b/net-ftp/vsftpd/files/digest-vsftpd-1.0.1
new file mode 100644
index 000000000000..e2bc9c08cef3
--- /dev/null
+++ b/net-ftp/vsftpd/files/digest-vsftpd-1.0.1
@@ -0,0 +1 @@
+MD5 a30724a5e56091164f538bbdce10cdf4 vsftpd-1.0.1.tar.gz 94208
diff --git a/net-ftp/vsftpd/files/ftpusers b/net-ftp/vsftpd/files/ftpusers
new file mode 100644
index 000000000000..4a760f54675e
--- /dev/null
+++ b/net-ftp/vsftpd/files/ftpusers
@@ -0,0 +1,36 @@
+# /etc/ftpusers: list of users disallowed FTP access.
+#
+
+halt
+operator
+root
+shutdown
+sync
+bin
+daemon
+adm
+lp
+mail
+postmaster
+news
+uucp
+man
+games
+at
+cron
+www
+named
+squid
+gdm
+mysql
+postgres
+guest
+nobody
+alias
+qmaild
+qmaill
+qmailp
+qmailq
+qmailr
+qmails
+postfix
diff --git a/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff b/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff
new file mode 100644
index 000000000000..fa2e3c56ef9f
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd-1.0.1-gentoo.diff
@@ -0,0 +1,144 @@
+diff -ur vsftpd-1.0.1.orig/defs.h vsftpd-1.0.1/defs.h
+--- vsftpd-1.0.1.orig/defs.h Sat Aug 4 18:53:32 2001
++++ vsftpd-1.0.1/defs.h Tue Nov 20 22:56:43 2001
+@@ -1,7 +1,7 @@
+ #ifndef VSF_DEFS_H
+ #define VSF_DEFS_H
+
+-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
++#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
+
+ #define VSFTP_COMMAND_FD 0
+
+diff -ur vsftpd-1.0.1.orig/tunables.c vsftpd-1.0.1/tunables.c
+--- vsftpd-1.0.1.orig/tunables.c Wed Nov 7 20:24:53 2001
++++ vsftpd-1.0.1/tunables.c Tue Nov 20 22:57:11 2001
+@@ -50,19 +50,19 @@
+ unsigned int tunable_anon_max_rate = 0;
+ unsigned int tunable_local_max_rate = 0;
+
+-const char* tunable_secure_chroot_dir = "/usr/share/empty";
++const char* tunable_secure_chroot_dir = "/usr/share/vsftpd/empty";
+ const char* tunable_ftp_username = "ftp";
+ const char* tunable_chown_username = "root";
+-const char* tunable_xferlog_file = "/var/log/vsftpd.log";
++const char* tunable_xferlog_file = "/var/log/vsftpd/vsftpd.log";
+ const char* tunable_message_file = ".message";
+ /* XXX -> "secure"? */
+ const char* tunable_nopriv_user = "nobody";
+ const char* tunable_ftpd_banner = 0;
+-const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails";
+-const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list";
+-const char* tunable_pam_service_name = "ftp";
++const char* tunable_banned_email_file = "/etc/vsftpd/vsftpd.banned_emails";
++const char* tunable_chroot_list_file = "/etc/vsftpd/vsftpd.chroot_list";
++const char* tunable_pam_service_name = "vsftpd";
+ const char* tunable_guest_username = "ftp";
+-const char* tunable_userlist_file = "/etc/vsftpd.user_list";
++const char* tunable_userlist_file = "/etc/vsftpd/vsftpd.user_list";
+ const char* tunable_anon_root = 0;
+ const char* tunable_local_root = 0;
+
+diff -ur vsftpd-1.0.1.orig/vsftpd.8 vsftpd-1.0.1/vsftpd.8
+--- vsftpd-1.0.1.orig/vsftpd.8 Sun Mar 11 20:14:07 2001
++++ vsftpd-1.0.1/vsftpd.8 Tue Nov 20 22:56:43 2001
+@@ -20,7 +20,7 @@
+ An optional
+ .Op configuration file
+ may be given on the command line. The default configuration file is
+-.Pa /etc/vsftpd.conf .
++.Pa /etc/vsftpd/vsftpd.conf .
+ .Sh SEE ALSO
+ .Xr vsftpd.conf 5
+
+diff -ur vsftpd-1.0.1.orig/vsftpd.conf.5 vsftpd-1.0.1/vsftpd.conf.5
+--- vsftpd-1.0.1.orig/vsftpd.conf.5 Wed Nov 7 20:30:21 2001
++++ vsftpd-1.0.1/vsftpd.conf.5 Tue Nov 20 22:58:09 2001
+@@ -4,7 +4,7 @@
+ .SH DESCRIPTION
+ vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
+ default, vsftpd looks for this file at the location
+-.BR /etc/vsftpd.conf .
++.BR /etc/vsftpd/vsftpd.conf .
+ However, you may override this by specifying a command line argument to
+ vsftpd. The command line argument is the pathname of the configuration file
+ for vsftpd. This behaviour is useful because you may wish to use an advanced
+@@ -109,7 +109,7 @@
+ different if chroot_local_user is set to YES. In this case, the list becomes
+ a list of users which are NOT to be placed in a chroot() jail.
+ By default, the file containing this list is
+-/etc/vsftpd.chroot_list, but you may override this with the
++/etc/vsftpd/vsftpd.chroot_list, but you may override this with the
+ .BR chroot_list_file
+ setting.
+
+@@ -135,7 +135,7 @@
+ .B deny_email_enable
+ If activated, you may provide a list of anonymous password e-mail responses
+ which cause login to be denied. By default, the file containing this list is
+-/etc/vsftpd.banned_emails, but you may override this with the
++/etc/vsftpd/vsftpd.banned_emails, but you may override this with the
+ .BR banned_email_file
+ setting.
+
+@@ -249,7 +249,7 @@
+ .TP
+ .B xferlog_enable
+ If enabled, a log file will be maintained detailling uploads and downloads.
+-By default, this file will be placed at /var/log/vsftpd.log, but this location
++By default, this file will be placed at /var/log/vsftpd/vsftpd.log, but this location
+ may be overridden using the configuration setting
+ .BR xferlog_file .
+
+@@ -355,7 +355,7 @@
+ .BR deny_email_enable
+ is enabled.
+
+-Default: /etc/vsftpd.banned_emails
++Default: /etc/vsftpd/vsftpd.banned_emails
+ .TP
+ .B chown_username
+ This is the name of the user who is given ownership of anonymously uploaded
+@@ -374,7 +374,7 @@
+ .BR chroot_local_user
+ is disabled.
+
+-Default: /etc/vsftpd.chroot_list
++Default: /etc/vsftpd/vsftpd.chroot_list
+ .TP
+ .B guest_username
+ See the boolean setting
+@@ -422,21 +422,21 @@
+ .B pam_service_name
+ This string is the name of the PAM service vsftpd will use.
+
+-Default: ftp
++Default: vsftpd
+ .TP
+ .B secure_chroot_dir
+ This option should be the name of a directory which is empty. Also, the
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+
+-Default: /usr/share/empty
++Default: /usr/share/vsftpd/empty
+ .TP
+ .B userlist_file
+ This option is the name of the file loaded when the
+ .BR userlist_enable
+ option is active.
+
+-Default: /etc/vsftpd.user_list
++Default: /etc/vsftpd/vsftpd.user_list
+ .TP
+ .B xferlog_file
+ This option is the name of the file to which we write the transfer log. The
+@@ -444,7 +444,7 @@
+ .BR xferlog_enable
+ is set.
+
+-Default: /var/log/vsftpd.log
++Default: /var/log/vsftpd/vsftpd.log
+
+ .SH AUTHOR
+ chris@scary.beasts.org
diff --git a/net-ftp/vsftpd/files/vsftpd.conf b/net-ftp/vsftpd/files/vsftpd.conf
new file mode 100644
index 000000000000..f7334e984824
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.conf
@@ -0,0 +1,100 @@
+#
+# Example vsftpd config file
+#
+# See man 5 vsftpd.conf for more information.
+#
+
+# Allow anonymous FTP?
+anonymous_enable=YES
+
+# Uncomment this to allow local users to log in.
+#local_enable=YES
+
+# Uncomment this to enable any form of FTP write command.
+#write_enable=YES
+
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#local_umask=022
+
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+
+# You may override where the log file goes if you like. The default is shown
+# below.
+xferlog_file=/var/log/vsftpd/vsftpd.log
+
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+nopriv_user=nobody
+
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd/vsftpd.banned_emails
+
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
+
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
diff --git a/net-ftp/vsftpd/files/vsftpd.pam b/net-ftp/vsftpd/files/vsftpd.pam
new file mode 100644
index 000000000000..ba1a4023ab4f
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth required /lib/security/pam_pwdb.so shadow nullok
+auth required /lib/security/pam_shells.so
+account required /lib/security/pam_pwdb.so
+session required /lib/security/pam_pwdb.so
diff --git a/net-ftp/vsftpd/files/vsftpd.xinetd b/net-ftp/vsftpd/files/vsftpd.xinetd
new file mode 100644
index 000000000000..d77213fa5ca3
--- /dev/null
+++ b/net-ftp/vsftpd/files/vsftpd.xinetd
@@ -0,0 +1,15 @@
+# default: off
+# description: Vsftpd is an FTP server, designed to be secure.
+
+service ftp
+{
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/sbin/vsftpd
+ server_args = /etc/vsftpd/vsftpd.conf
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ nice = 10
+ disable = yes
+}
diff --git a/net-ftp/vsftpd/vsftpd-1.0.1.ebuild b/net-ftp/vsftpd/vsftpd-1.0.1.ebuild
new file mode 100644
index 000000000000..e049d9225197
--- /dev/null
+++ b/net-ftp/vsftpd/vsftpd-1.0.1.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2000 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Author Donny Davies <woodchip@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/vsftpd-1.0.1.ebuild,v 1.1 2001/11/21 05:44:08 woodchip Exp $
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Very Secure FTP Daemon written with speed, size and security in mind"
+SRC_URI="ftp://ferret.lmh.ox.ac.uk/pub/linux/${P}.tar.gz"
+
+DEPEND="virtual/glibc >=sys-libs/pam-0.75"
+RDEPEND="${DEPEND} sys-apps/xinetd"
+
+src_unpack() {
+
+ unpack ${A} ; cd ${S}
+ patch -p1 < ${FILESDIR}/${PF}-gentoo.diff || die "bad patchfile"
+}
+
+src_compile() {
+
+ make CFLAGS="${CFLAGS}" || die "compile problem"
+}
+
+src_install () {
+
+ dodir /home/ftp /usr/share/vsftpd/empty /var/log/vsftpd
+ doman vsftpd.conf.5 vsftpd.8
+ dosbin vsftpd
+
+ dodoc AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL KERNEL-2.4.0-WARNING
+ dodoc LICENSE README README.security REWARD SIZE SPEED TODO TUNING
+ docinto security ; dodoc SECURITY/*
+ newdoc ${FILESDIR}/vsftpd.conf vsftpd.conf.sample
+ newdoc vsftpd.conf vsftpd.conf.dist.sample
+
+ insinto /etc ; doins ${FILESDIR}/ftpusers
+ insinto /etc/vsftpd ; newins ${FILESDIR}/vsftpd.conf vsftpd.conf.sample
+ insinto /etc/xinetd.d ; newins ${FILESDIR}/vsftpd.xinetd vsftpd
+ insinto /etc/pam.d ; newins ${FILESDIR}/vsftpd.pam vsftpd
+}