1 Author: Daniel Jacobowitz <dan@debian.org>
2 Description: Set default configuration.
4 diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
5 --- vsftpd.orig/tunables.c 2009-07-15 22:08:27.000000000 +0200
6 +++ vsftpd/tunables.c 2009-11-06 13:33:34.000000000 +0100
7 @@ -246,7 +246,7 @@ tunables_load_defaults()
9 tunable_chown_upload_mode = 0600;
11 - install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
12 + install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
13 install_str_setting("ftp", &tunable_ftp_username);
14 install_str_setting("root", &tunable_chown_username);
15 install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
16 @@ -256,7 +256,7 @@ tunables_load_defaults()
17 install_str_setting(0, &tunable_ftpd_banner);
18 install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
19 install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
20 - install_str_setting("ftp", &tunable_pam_service_name);
21 + install_str_setting("vsftpd", &tunable_pam_service_name);
22 install_str_setting("ftp", &tunable_guest_username);
23 install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
24 install_str_setting(0, &tunable_anon_root);
25 diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
26 --- vsftpd.orig/vsftpd.conf 2009-11-06 08:41:11.000000000 +0100
27 +++ vsftpd/vsftpd.conf 2009-11-06 13:35:37.000000000 +0100
29 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
33 +# Run standalone? vsftpd can run either from an inetd or as a standalone
34 +# daemon started from an initscript.
37 +# Run standalone with IPv6?
38 +# Like the listen parameter, except vsftpd will listen on an IPv6 socket
39 +# instead of an IPv4 one. This parameter and the listen parameter are mutually
43 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
46 @@ -34,6 +45,12 @@ anonymous_enable=YES
47 # go into a certain directory.
50 +# If enabled, vsftpd will display directory listings with the time
51 +# in your local time zone. The default is to display GMT. The
52 +# times returned by the MDTM FTP command are also affected by this
56 # Activate logging of uploads/downloads.
59 @@ -89,6 +106,11 @@ connect_from_port_20=YES
61 #banned_email_file=/etc/vsftpd.banned_emails
63 +# You may restrict local users to their home directories. See the FAQ for
64 +# the possible risks in this before using chroot_local_user or
65 +# chroot_list_enable below.
66 +#chroot_local_user=YES
68 # You may specify an explicit list of local users to chroot() to their home
69 # directory. If chroot_local_user is YES, then this list becomes a list of
70 # users to NOT chroot().
71 @@ -103,12 +123,22 @@ connect_from_port_20=YES
72 # the presence of the "-R" option, so there is a strong case for enabling it.
73 #ls_recurse_enable=YES
75 -# When "listen" directive is enabled, vsftpd runs in standalone mode and
76 -# listens on IPv4 sockets. This directive cannot be used in conjunction
77 -# with the listen_ipv6 directive.
81 -# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
82 -# sockets, you must run two copies of vsftpd with two configuration files.
83 -# Make sure, that one of the listen options is commented !!
85 +# Some of vsftpd's settings don't fit the filesystem layout by
88 +# This option should be the name of a directory which is empty. Also, the
89 +# directory should not be writable by the ftp user. This directory is used
90 +# as a secure chroot() jail at times vsftpd does not require filesystem
92 +secure_chroot_dir=/var/run/vsftpd/empty
94 +# This string is the name of the PAM service vsftpd will use.
95 +pam_service_name=vsftpd
97 +# This option specifies the location of the RSA certificate to use for SSL
98 +# encrypted connections.
99 +rsa_cert_file=/etc/ssl/private/vsftpd.pem
102 diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
103 --- vsftpd.orig/vsftpd.conf.5 2009-11-06 08:41:11.000000000 +0100
104 +++ vsftpd/vsftpd.conf.5 2009-11-06 13:37:10.000000000 +0100
105 @@ -940,7 +940,7 @@ Default: nobody
107 This string is the name of the PAM service vsftpd will use.
113 Use this option to override the IP address that vsftpd will advertise in
114 @@ -969,7 +969,7 @@ This option should be the name of a dire
115 directory should not be writable by the ftp user. This directory is used
116 as a secure chroot() jail at times vsftpd does not require filesystem access.
118 -Default: /usr/share/empty
119 +Default: /var/run/vsftpd/empty
122 This option can be used to select which SSL ciphers vsftpd will allow for