I originally hit a 500 error on login because it was not allowing login to users with write access to home.
2nd issue I had was my fstab mount using cifs to a windows machine. Users could login and download files but they could not upload any files. 530 error message would display.
Below are my steps on a fresh clean install of slackware 14. It will cover commands that I used to setup mirrors, configure vsftpd.config, inetd.conf, adding a new user, adding a share to fstab and running openssl for the sftp part.
information that needs to be entered in will be in the color red everything else is just my comments or instructions.
After you get to terminal we need to uncomment a location to use slackpkg update.
From terminal type: vim /etc/slackpkg/mirrors
Exit vim by saving with :wq
Now we need to run from terminal slackpkg update
vim /etc/vsftpd.conf
From what is listed I have uncommented this below.
I had to add in Allow_writeable_chroot=YES to get past the 500 error
anonymous_enable=no
local_enable=YES
write_enable=YES
local_umask=000
ftpd_banner=Private FTP.
chroot_local_user=YES
chroot_list_enable=YES
allow_writeable_chroot=YES
chroot_list_file=/etc/vsftpd.chroot_list
I commented out
#local_umask=022
Save by :wq
vim /etc/inetd.conf
We need to remove the comments from the line below Very Secure Transfer Protocol(FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
to save :wq
restart the service from terminal by entering
/etc/rc.d/rc.inetd restart
Any users that you want to have full access to all folder on the ftp and not be locked down to their home needs to be placed in the chroot list based on what we have in our changes to vsftpd.conf
vim /etc/vsftpd.chroot_list
Create a directory under home to mount the windows share later
mkdir /home/ftp
Adding our windows share to fstab is my next step. I had to add in for options gid=ftp,dir_mode=0777 to allow the users to upload files to the share. If not it would display the 530 error.
vim /etc/fstab
//servername/foldershare /home/ftp cifs gid=ftp,dir_mode=0777,rw,directio,username=windowusername,password=password 0 0
:wq
Now its time to create our users. I prefer to use terminal adduser and follow through the command prompts entering what information is needed.
When it asks for home it will give a default /home/username change it to be /home/ftp/userid
the user home is now on the windows share
When it asks for groups add the user to group = ftp
Setting up SSl from terminal i chose to run this with 365 days with an rsa key of 1024
openssl req -x509 -nodes -days 365 -newkey rsa:1024
-keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Now we need to edit the inetd.conf to enable ssl Below are the values i added or changed
vim /etc/inetd.conf
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
:wq
Making any changes to this file you will need to either restart the system or issue the kill hup command.
I find it easiest to just restart the server before testing out ftp.
That is all the steps that I took to set up a slackware 14 vsftp server with sftp using a mounted windows share for the home directory.
I did have to ask for help in a forum to figure out my issue with fstab windows mount not allowing file uploads. Through those suggestions I was able to apply the dir_mode option.
I hope this helps anyone else that ran into the same issue as I did.
No comments:
Post a Comment