I have vsftp running under LFS on my main computer (bigboy) and I am using gftp on my laptop (littleboy) to download dump tarballs. For those who haven't used gftp, it has a user interface similar to midnight commander, with the local and remote directories listed side by side, and arrows to do the transfers between them. This means that, unlike command line ftp, it has to get remote directory listings in order to function at all.

I have enabled local user login on the server. I find that I can get directory listings from /home/ftp but not from $HOME. The directory listing is empty and often the client disconnects. Why is this? I couldn't find anything in vsftp.conf that restricts directory listings in this way. There's nothing in vsftp's log either to suggest that it is misbehaving.

Make sure that the directory in question (and all subdirectories underneath it) have the execute bit set, so they can be searchable. E.g:

Could you post your vsftp.conf file?

Not familiar with vsftp specifically, but in my experience, ftp users don't "login" to a shell, so I wouldn't expect $HOME to be available, as that's a login shell variable.
[On my server, all ftp and email users have their shell set to /sbin/nologin...]

Edit: To clarify, by "ftp users" I mean users/accounts connecting via an ftp client to an ftp server...there's nothing special about the account itself, just the way in which it's connecting. Enabling login doesn't change that. I have users who could ssh or sftp, but if they ftp, they aren't "logged in"

1 members found this post helpful.

I was using "$HOME" just in this post as a convenient abbreviation. When you use ftp as a local user, you are connected to your home directory automatically. You can specify in vsftpd.conf that users be confined to that directory. It's called a chroot but it isn't really because your home directory wouldn't have the facilities to be used as a real root partition (and of course there's no shell); it's just a jail. But I have left myself freedom to roam.

Here's my conf file.

Attached Files

vsftpd.conf.txt (4.6 KB, 33 views)

Oh. Then I don't understand your OP at all, I guess. What were you using $HOME as a "convenient abbreviation" for, then?

For my actual home directory of course! Do people usually let everyone and his wife know what name they log on with at home?

have you tried debugging with say, scp ?

What happens if you comment out this directive?

Then it fails because it looks by default for a directory called /usr/share/empty, which doesn't exist on my system.

@Habitual. I wasn't able to use scp. I got connection refused. Do I have to have an ssh server running on the remote machine to make this work?

Update: I tried logging in as root and got the same result. I could list files in /home/ftp but not my personal home directory. So it can't be a Unix permissions problem. It must be the vsftpd server itself that is playing up.

By default root is not allowed to use ftp, for security reasons.
And you should keep it this way, as data is transmitted unencrypted in ftp protocol.

Yes. Adding the OpenSSH-server package to your destination machine will allow both scp and SFTP. With the latter you can use Nautilus, Caja, PCManFM, FileZilla, sshfs, and many others, finding a client or two to suit your tastes and work flow. Both scp and SFTP are included and it is enough to install the package and away you go. However, if the service is to be made available over the Internet and not just the LAN, it is a good idea to use SSH keys for authentication and turn off password authentication.

My recommendation is complete removal of the FTP daemon and using SFTP instead.

1 members found this post helpful.

I quite agree. It's very bad practice but this was a one-off experiment for the purpose of testing a puzzling situation. Actually I'm surprised I was allowed to log in as root at all; I'm checking now what configuration files I need to prevent this in future (creating an /etc/ftpusers file should do it).

@Turbocapitalist. This is LFS so adding ssh will be easy enough. Do I need to create a certificate to use ssh and its family?

If LFS is like the other distros, the host keys (identifying the SSH host to incoming accounts) will be generated on first use. The individual authentication keys (identifying the incoming accounts to the SSH host) need to be generated manually for each user.

SSH Certificates are similar to SSH Keys, and used in the same way, but I admit to ignorance in their advantages or differences. For SSH keys, use ssh-keygen on the machine you are connecting from:

I show the -f and -C options for ssh-keygen as it is very useful to annotate the individual keys.

1 members found this post helpful.