Alt-F vsftpd advanced options unsupported

[Cem Basu]

Hello, I have recently installed RC3, opting to perform a flash replacement on my DNS323.  I previously had fun_plug and was running pure-ftpd (simple out of the box ftp server).  I discovered early on a major issue I had was hackers trying to get in on the standard port 21 which upon discovery, I changed to some obscure port (>1024).  Well, after flipping to Alt-F, it took me a while to figure out how to run vsftpd via inetd on a non-standard port (modified /etc/services), however I now have other problems - while vsftpd is great out of the box (v 3.0.2) with Alt-F, I am unable to customize the other aspects of vsftpd when launched through inetd.  For example, to limit the number of clients and connections, pasv settings, etc. not to mention listen_port.

My question is why are bulk of the customizations of vsftpd not allowed when run through inetd?  I experimented a bit with trying to run vsftpd standalone (which allowed all customizations to work!), but the drawback was that I couldn't get it launch through user services - I enabled user script of '/usr/sbin/vsftp' but that did not start vsftpd at reboot.

It would be great to either allow full customization through vsftpd.conf under inetd OR have a better way to launch vsftpd standalone.

Any suggestions or thoughts?

[João Cardoso]

On Monday, August 12, 2013 4:28:04 AM UTC+1, Cem Basu wrote:

Hello, I have recently installed RC3, opting to perform a flash replacement on my DNS323.  I previously had fun_plug and was running pure-ftpd (simple out of the box ftp server).  I discovered early on a major issue I had was hackers trying to get in on the standard port 21 which upon discovery, I changed to some obscure port (>1024).  Well, after flipping to Alt-F, it took me a while to figure out how to run vsftpd via inetd on a non-standard port (modified /etc/services), however I now have other problems - while vsftpd is great out of the box (v 3.0.2) with Alt-F, I am unable to customize the other aspects of vsftpd when launched through inetd.  For example, to limit the number of clients and connections, pasv settings, etc. not to mention listen_port.

My question is why are bulk of the customizations of vsftpd not allowed when run through inetd?

They are. You probably have an error in the configuration file, look at the logs.

 

 I experimented a bit with trying to run vsftpd standalone (which allowed all customizations to work!), but the drawback was that I couldn't get it launch through user services - I enabled user script of '/usr/sbin/vsftp'

How exactly did you do that?

You also have to disable ftp from inetd.

[Cem Basu]

On Wednesday, August 14, 2013 7:04:09 AM UTC-5, João Cardoso wrote:

On Monday, August 12, 2013 4:28:04 AM UTC+1, Cem Basu wrote:

Hello, I have recently installed RC3, opting to perform a flash replacement on my DNS323.  I previously had fun_plug and was running pure-ftpd (simple out of the box ftp server).  I discovered early on a major issue I had was hackers trying to get in on the standard port 21 which upon discovery, I changed to some obscure port (>1024).  Well, after flipping to Alt-F, it took me a while to figure out how to run vsftpd via inetd on a non-standard port (modified /etc/services), however I now have other problems - while vsftpd is great out of the box (v 3.0.2) with Alt-F, I am unable to customize the other aspects of vsftpd when launched through inetd.  For example, to limit the number of clients and connections, pasv settings, etc. not to mention listen_port.

My question is why are bulk of the customizations of vsftpd not allowed when run through inetd?

They are. You probably have an error in the configuration file, look at the logs.

When I run it in standalone (listen=yes) and launched from command line, it works as expected - the settings for max clients holds.  But when I flip the config back to 'listen=no' and run it via inetd, the setting for max number of clients does not hold and uses the default I guess (I had 10 open sessions when the setting was set to 2, if not specified the default is 50). 

 

 I experimented a bit with trying to run vsftpd standalone (which allowed all customizations to work!), but the drawback was that I couldn't get it launch through user services - I enabled user script of '/usr/sbin/vsftp'

How exactly did you do that?

You also have to disable ftp from inetd.

I am able to launch standalone via the command line by setting the parameter, 'listen=yes'.  To have it run from inetd, I flip this setting back and launch through the inetd services. Of course to run it standalone, it will not work unless I set 'listen=yes' and for inetd vice versa.

 

but that did not start vsftpd at reboot.

It would be great to either allow full customization through vsftpd.conf under inetd OR have a better way to launch vsftpd standalone.

Any suggestions or thoughts?

I am really curious as to how I can run standalone mode (ala command line) through an easier way than inserting something into inittab or 'at' or 'cron'.  I figured I might be able to use the user script facility under services.

Thanks

[João Cardoso]

On Thursday, August 15, 2013 3:00:41 AM UTC+1, Cem Basu wrote:

On Wednesday, August 14, 2013 7:04:09 AM UTC-5, João Cardoso wrote:

On Monday, August 12, 2013 4:28:04 AM UTC+1, Cem Basu wrote:

Hello, I have recently installed RC3, opting to perform a flash replacement on my DNS323.  I previously had fun_plug and was running pure-ftpd (simple out of the box ftp server).  I discovered early on a major issue I had was hackers trying to get in on the standard port 21 which upon discovery, I changed to some obscure port (>1024).  Well, after flipping to Alt-F, it took me a while to figure out how to run vsftpd via inetd on a non-standard port (modified /etc/services), however I now have other problems - while vsftpd is great out of the box (v 3.0.2) with Alt-F, I am unable to customize the other aspects of vsftpd when launched through inetd.  For example, to limit the number of clients and connections, pasv settings, etc. not to mention listen_port.

My question is why are bulk of the customizations of vsftpd not allowed when run through inetd?

They are. You probably have an error in the configuration file, look at the logs.

When I run it in standalone (listen=yes) and launched from command line, it works as expected - the settings for max clients holds.  But when I flip the config back to 'listen=no' and run it via inetd, the setting for max number of clients does not hold and uses the default I guess (I had 10 open sessions when the setting was set to 2, if not specified the default is 50). 

ah, ok, you are right regarding the number of clients.

This happens because inetd just launchs a new vsftpd process whenever a new connection is made, it is not aware of vsftpd configuration. On the other side, each new vsftpd process is not aware of other vsftpd processes.

From the manual page:

max_clients

If vsftpd is in standalone mode, this is the maximum number of clients which may be connected. Any additional clients connecting will get an error message.

Your only option is to run vsftpd out of inetd.

-Disable ftp from inetd; Services->Network->inetd Configure-> Uncheck ftp Enable, Submit, or use the cmd 'rcinetd disable ftp'

-You then have to make /etc/init.d/S63vsftpd executable in order to execute on boot (use 'rcvsftpd enable')

-Edit /etc/vsftpd.conf, you know that

-Save settings so changes will persist after reboot (or use 'loadsave_settings -sf')

-start standalone: 'rcvsftpd start'

If you want to be able to start/stop vsftpd from the webUI, edit /etc/init.d/S63vsftpd and add a line with 'TYPE=net' near the top (look at other initscripts); it will now appear under Services Network

Solved?

[Cem Basu]

This worked, thanks João

By enabling vsftpd in this manner (outside of inetd), I see the following as far as running processes (with no client connections) -

 3503 root     {rcvsftpd} /bin/sh /sbin/rcvsftpd start

 3505 root     sh /etc/init.d/S63vsftpd start

 3507 root     vsftpd

Is this normal?  I was able to ftp connect and 'netstat -tpan' shows 3507 as the listening process on my designated ftp port.  Wasn't sure about the other 2

processes, seems like residue.  All is working, thanks again.

[João Cardoso]

On Thursday, August 15, 2013 8:54:36 PM UTC+1, Cem Basu wrote:

This worked, thanks João

By enabling vsftpd in this manner (outside of inetd), I see the following as far as running processes (with no client connections) -

 3503 root     {rcvsftpd} /bin/sh /sbin/rcvsftpd start

 3505 root     sh /etc/init.d/S63vsftpd start

 3507 root     vsftpd

Is this normal?

Yes and No :-)

Yes, tt is the default behaviour of vsftpd not to background, but no, Alt-F init scripts expects it to do so, so, in addition to 'listen=yes',  add to vsftpd.conf

background=yes

I should fix the vsftpd initscript to take this into account... 

If you want to have a Configure button available for vsftpd under Services->Network, assuming that you have add 'TYPE=net' to its initscript, do

ln -sf /usr/www/cgi-bin/ftp.cgi /usr/www/cgi-bin/vsftpd.cgi

[Cem Basu]

All working perfectly now, thank you very much.  If considering future enhancement on this service, you may want to incorporate the Configure option to pull in the entire contents of vsftpd.conf and not just the basic parameters - just a thought :-)

On Sunday, August 11, 2013 10:28:04 PM UTC-5, Cem Basu wrote:

[João Cardoso]

On Friday, August 16, 2013 11:40:38 PM UTC+1, Cem Basu wrote:

All working perfectly now, thank you very much.  If considering future enhancement on this service, you may want to incorporate the Configure option to pull in the entire contents of vsftpd.conf and not just the basic parameters - just a thought :-)

All 125 of them? Really? :)

[Marc Schubert]

You could have an "Advanced" button on the vsftp configuration page that opens a new page with all the options???

Afterall the point of having a web gui is so that people don't have to ssh in and mess with configuration files... especially as root, that can be pretty dangerous for someone who doesn't know what they're doing.