Selecting an FTP Server from openSUSE

OpenSUSE comes with following FTP servers. Users can install any one based on their needs:

• pure-ftpd
• vsftpd
• proftpd
• ftpd (from krb5-apps-servers package)

pure-ftpd

Attributes

• prepared for usage as standalone ftp server
• prepared for usage with xinetd
• many features like PAM support, IPv6, chroot()ed home directories, virtual domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded ports for passive downloads, upload and download ratios, Apache log files, and more

Configuration Files

• /etc/pam.d/pure-ftpd
• /etc/pure-ftpd/pure-ftpd.conf
• /etc/xinetd.d/pure-ftpd

See also

• Pure-FTP with MySQL Auth

vsftpd

Quick Setup

• Install vsftpd using YaST software management
• Enable vsftpd in xinetd. This can be done manually by editing /etc/xinetd.d/vsftpd and changing disabled = yes to disabled = no, or by using the following command

chkconfig vsftpd on

• Start xinetd if its not running already.

/etc/init.d/xinetd start

• Make sure that xinetd is started automatically at boot time

chkconfig xinetd on

• Check that FTP server is working fine. By default only anonymous login is allowed. Data in /srv/ftp/ is made publicly available.

Quick Configuration

To configure vsftpd edit /etc/vsftpd.conf.

• To enable writing of file on server, uncomment

write_enable=YES

• To allow local system users to log in, uncomment

local_enable=YES

• By default, a user can not look outside his/her home directory. To disable this, uncomment

chroot_local_user=NO

• To disable anonymous login

anonymous_enable=NO

Attributes

• prepared for usage with xinetd
• codebase was written with security in mind
• small and lightweight

Configuration Files

• /etc/logrotate.d/vsftpd
• /etc/pam.d/vsftpd
• /etc/vsftpd.conf
• /etc/vsftpd.chroot_list

This file describes the names of the users that have access to the whole system tree. To all other users their home directory will be showed as root directory (chroot).

• /etc/shells

Before admitting a local user to login, the system defaults to check if it has a valid user shell. In case PAM authentication is not available.

• /etc/ftpusers

This file describes the names of the users that may _*NOT*_ log into the system via the FTP server. This usually includes "root", "uucp", "news" and the like, because those users have too much power to be allowed to do "just" FTP.

proftpd

Quick Setup

• if you want install proftpd you need to add contrib repository ( how to do it you could find on http://en.opensuse.org/Contrib )
• to install mysql modul use

zypper in proftpd-sql-mysql

• to install postgresql modul use

zypper in proftpd-sql-postgresql

Quick Configuration

• to enable uploads directory, uncomment whole <Directory uploads/*> section and as root run :

mkdir /srv/ftp/uploads #create uploads directory
chown ftp:ftp /srv/ftp/uploads #change owner
/etc/init.d/proftpd restart #restart ftp server

FTP Firewall Settings

When the ftpd-server resists on a firewalled server (which is recommented) some ports must be opened and kernel-modules for passive FTP must be added. This section describes how to allow access to a server protected by a local SuSEfirewall2.

• Modify the following lines in /etc/sysconfig/SuSEfirewall2" manually (verified with openSUSE 11.0):

FW_LOAD_MODULES=ip_conntrack_ftp

FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp"

• Use YaST_Firewall to allow the pure-ftpd or vsftpd service to be accessed from the external interface. Save the settings and restart the firewall.