nixCraft

You can configure vsftpd server to set permissions on anonymous uploads. anonymous uploads can be very dangerous if not used correctly.

Open your vsftpd config file:
Now add/modify following anonymous uplod specific option
Where,

• ftp_username=inftpadm : This is the name of the user we use for handling anonymous FTP. The home directory of this user is the root of the anonymous FTP area.
• chown_username=inftpadm : This is the name of the user who is given ownership of anonymously uploaded files. This option is only relevant if another option, chown_uploads, is set to YES.
• chown_uploads=YES : This is a security and administrative feature. It enabes, all anonymously uploaded files will have the ownership changed to the user specified in the setting chown_username i.e inftpadm.

Above configuration make sure that all anonymously uploaded files owned by inftpadm user with read/write permission for the inftpadm user only.

Following are general config option
Save and restart server.
Test configuration login as anonymous user and later running ls -l command.

Further readings
=> VSFTP chroot or jail users - limit users to only their home directory howto: http://www.cyberciti.biz/tips/vsftp-...directory.html
=> VSFTPD docs : http://vsftpd.beasts.org/vsftpd_conf.html

__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help

a good start nixCraft, only that unfortunetly the vsftpd has lots of exploits vs to pure-ftpd.

And by the way I do not encourge using the anonymous upload issue, but using the users-base upload much better and more secure + easy to trace. Also I use the jail and use the local_root option to specify a fixed upload area.

Sticky bit and SGID are very useful here if you are using it for a group

__________________
LivE Free 0r DiE
L!nux rul3z aLL

B!n@ry,

I don't think so, it is totally true. Look at ftp.openbsd.org , ftp.redhat.com and there are 100s of public ftp server out there. All runs using VSFTPD. I never saw any one of them hacked or owned by crackers. Do you have any documentation supporting your claim. I am interested to learn more about this issue.

I must agree with you about jail. But sometime you need to allow anonymous upload. Examples open source software which allows uploading patch.

To set chroot just add an option in vsftpd.conf file

__________________
May the force with you!

B!n@ry/Monk good points about jailing user, just updated post. Keep the information coming

__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help

To use the local_root option to share the /var/ftp/pub/share directory add the following:
For me I also add the sticky bit and the SGUID to the directory share

This option shall jail each user defined on the system to his home directory

Yes monk, not every time you disable the anonymous your right with that... But about the pure-ftpd issue this is what I got from asking alot of admin's for me ? I never use somthing rather than vsftpd. Anyway I shall see about the exploit issue and come back to this.

__________________
LivE Free 0r DiE
L!nux rul3z aLL

good job niXcrafT .

but I prefer pure-ftpd , Pure-ftpd support IPV6 , PAM , local domains..etc

Most of these features supported by vsftpd too :P

May be you are comfarable with pure-ftpd