IPCOP 1.4.10: Installing ftp server (vsftpd)

By Carel van Wyk (cpjvw [at] psichron[dot] za [dot] net)

With help from Rafal

This guide explains how to set up an ftp server (vsftpd) on an IPCOP (v1.4.10) system.
Anonymous access not supported - that should be easy enough figuring out after reading this guide and a vsftpd.conf guide.

1. Creating the login user and ftp root directory

ssh to your ipcop firewall as root: ssh root@[ipcop IP] -p 222
Create the user's home directory (this will be the root ftp directory), so make sure you have enough space.

This is my output for df -h:
FilesystemSize Used AvailUse%Mounted on
rootfs7.1G 166M 6.9G 3%/
/dev/root7.1G 166M 6.9G 3%/
/dev/harddisk116M 6.1M 9.2M 40%/boot
/dev/harddisk222G 2.6G 18G 13%/var/log

"harddisk2" is the largest partition on the drive that IPCop is installed on. I decided to make my home-directory somewhere on this partition. As you can see, it is already mounted at /var/log, and I just created the home directory at /var/log/home/data : mkdir /var/log/home/data
I added a data group which is probably redundant: groupadd data
Next I created the data user: useradd -g data -d /var/log/home/data -s /bin/bash data
And gave him a password: passwd data

Unfortunately, vsftpd will require that the ftp root directory is owned by the root user, so I did:
chown root:root /var/log/home/data
It has to be writable and executable by all users: chmod 777 /var/log/home/data
Just remember this if you want to remove the user.

2. Download and install vsftpd

Now download vsftpd from here: Tom's IPCop binary collection
(::mirror:: - please don't use unless the other one is down)
Follow the installation instructions on Tom's page.
In short, you can use winSCP to copy the .tar.gz file to the IPCop box (make sure it connects on port 222).
Use tar to unpack it: tar -xvzf vsftpd203.tar.gz and run the install script:
cd vsftpd*
./install
I copied vsftpd to /usr/sbin to make it executable from anywhere.

Editing /etc/vsftpd.conf
Now edit your /etc/vsftpd.conf using vim or any other editor
Mine looks like this (anonymous disabled):

anonymous_enable=NO
#ftp_username=data
#no_anon_password=YES
#anon_other_write_enable=YES

## IMPORTANT FOR IPCOP ##
check_shell=NO

local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
listen=Yes
You will also need to create the following directory: mkdir /usr/share/empty

Starting vsftpd:
Fire up vsftpd as a daemon: vsftpd &
To start vsftpd when IPCop boots, edit /etc/rc.d/rc.sysinit as follows:
Beneath the line that says: "/usr/local/bin/restartntpd", insert: /path/to/vsftpd &

That is that. If you have any problems, send me an email or chat to me on: #programming za.shadowfire.org

-----------------------

Carel van Wyk
http://psichron.za.net/