Linux Mint - Free and powerful

Wednesday, 21 March 2012

Using the vsftpd FTP server to send and receive large files in linux

I am trying to send someone a large file (800MB). All the "free" send utils are far from free and when they say they will throttle the upload they really mean it. after 48 hours I was at 541 MB.

So I decided to use FTP as I have fibre Unifi that is 5 MB up and down.

This is not as easy as you may think. There is really onky one choice called vsftpd. I installed and customised the configuration and created a user account to be used. That all works apart from the user being able to access other directories and download my stuff at will.

Auntie Google told me there was a way to use virtual addresses but as always nothing is easy. I had to follow three blogs as they all did it in a slightly different way.

Here is how I did it to suit my needs. As Notes Sensei will say Your Mileage May Vary (YMMV)

Install vsftpd
sudo apt-get install vsftpd
Create a user text based user database
sudo gedit ~/Downloads/FTPusers.txt
ray                      #userid
pissoff               #password

Use the  Berkeley Database Utilities to create a PAM compatible database
sudo aptitude install db4.8-util   (good luck with this or finding 5.1 in Mint)
Just download the db5.1 deb from here:

Create a directory in etc for simplicity
sudo mkdir -p /etc/vsftpd
 Create the hash database
sudo db5.1_load -T -t hash -f ~/Downloads/FTPusers.txt ~/Downloads/FTPuserslogin.db
cat ~/Downloads/FTPuserslogin.db
cp ~/Downloads/FTPuserslogin.db /etc/vsftpd
Set the permissions
ls -l /etc/vsftpd/FTPuserslogin.db
-rw-rw-r-- 1 rayd rayd 12288 2012-03-21 13:16 /etc/vsftpd/FTPuserslogin.db
sudo chmod 600 /etc/vsftpd/FTPuserslogin.db
ls -l /etc/vsftpd/FTPuserslogin.db 
-rw------- 1 rayd rayd 12288 2012-03-21 13:16 /etc/vsftpd/FTPuserslogin.db

Create the PAM file
sudo gedit ~/Downloads/vsftpd.pam &
Add the following into the PAM file

auth required db=/etc/vsftpd/FTPuserslogin
account required db=/etc/vsftpd/FTPuserslogin

Copy the PAM file
sudo cp ~/Downloads/vsftpd.pam /etc/pam.d/ftp
Configure vsftpd home directory
sudo mkdir -p ~/ftp-data
sudo chown -R ftp:ftp ~/ftp-data
sudo useradd -d /home/ftp-data ftpvirtual
 Backup the config
sudo mv /etc/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak 
sudo gedit /etc/vsftpd.conf
# runs vsftpd in standalone mode
# listens on this port for incoming FTP connections
# Disable anonymous FTP and enables the local user virtual.
# enables uploads and new directories
# the umask for file creation
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
# Activate logging of uploads/downloads.
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# Make sure that the virtual user is restricted to the user directory.
# the PAM file used by authentication of virtual uses
# SSL configuration directives
# rsa_cert_file=/etc/ssl/certs/server.crt
# rsa_private_key_file=/etc/ssl/private/server.key
# ssl_enable=YES
# force_local_logins_ssl=YES
# force_local_data_ssl=YES
# ssl_tlsv1=YES
# ssl_sslv2=NO
# ssl_sslv3=NO
# the minimum port to allocate for PASV style data connections
# the maximum port to allocate for PASV style data connections
# Activate virtual users.
# Guest_username are mapped to the real users. If ftpvirtual was used then the directory of ftpvirtual would be /home/ftp-data
# guest_username=virtual
# virtual users to use local privs, not anon privs
# specifies a home directory for all virtual users
# hides the FTP server user ID, just show "ftp" in directory listings

Restart vsftpd
sudo service vsftpd restart
Ahhhh, much better. The user can now only see files I have placed in my ftp-data directory.

Opening up the firewall etc

I currently live in Kuala Lumpur and here our provider is TM (no competition) and the service available to me is Unifi. My home built machine was a bit rubbish (ASUS P5G41T-M LX) and corrupted a number of drives. I have swapped back to an old Intel motherboard with a 641 CPU and all is well. However, I had my Mac address set a permanent DHCP lease that is of course not valid now so I will create a quick addition to show how to do open the ftp port to the Internet. TM has provided a D-Link DIR-615 router.

Configure the DHCP reservation

 Here is my current adapter details.

After the change.

Create a Port Forwarding rule

That should now work. If this is a big file then remember to switch of your suspend when inactive setting.

Easy?  NOT!!!!!


Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers


Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed


Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.