Forge Home

vsftpd

Install, configure and manage vsftpd

5,443 downloads

217 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 8.1.0 (latest)
  • 8.0.1
  • 8.0.0
  • 7.0.3
  • 7.0.2
released Sep 14th 2023
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'pseiler-vsftpd', '8.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add pseiler-vsftpd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install pseiler-vsftpd --version 8.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ftp, vsftpd

Documentation

pseiler/vsftpd — version 8.1.0 Sep 14th 2023

vsftpd Module

Overview

This module installs, configures and manages the vsftpd FTP server. Original module by aneesh. Forked and improved by pseiler

Description

A more Puppety way of managing the vsftpd daemon. Where possible, as many of the configuration options have remained the same with a couple of notable exceptions:

  • Booleans are now used instead of YES/NO. e.g. local_enable=YES == local_enable => true, local_enable=NO == local_enable => false.
  • parameter values seperated by a comma are now arrays. This also applies to parameters with surrounding curly brackets. These parameters are affected: cmds_allowed, cmds_denied, deny_file and hide_file. Examples below

All configuration parameters vsftpd.conf supports, are also supported by this module. Please read the manpage of vsftpd for more informations about every parameter.

These additional parameters have a default and can be overwritten

  • package_name (String) - The name of the package from your package manager for your operating system
  • service_name (String) - the service name. (e.g. systemd service, etc...)
  • config_path (String) - The path where vsftpd.conf should be written to
  • template (String) - path to the erb template used, if you want to provide your own
  • manage_service (Boolean) - Control if the service should be started and enabled The defaults can be found in the params.pp

Usage

Default configuration (pretty empty configuration file with no parameter set is written and not recommended):

include vsftpd

Custom configuration:

class { 'vsftpd':
    anonymous_enable         => false,
    anon_mkdir_write_enable  => false,
    anon_other_write_enable  => false,
    local_enable             => true,
    download_enable          => true,
    write_enable             => true,
    local_umask              => '022',
    dirmessage_enable        => true,
    xferlog_enable           => true,
    connect_from_port_20     => true,
    xferlog_std_format       => true,
    chroot_local_user        => true,
    chroot_list_enable       => true,
    file_open_mode           => '0666'
    ftp_data_port            => 20,
    listen                   => true,
    listen_ipv6              => false,
    listen_port              => 21,
    pam_service_name         => 'vsftpd',
    tcp_wrappers             => true,
    allow_writeable_chroot   => true,
    pasv_enable              => true,
    pasv_min_port            => 1024,
    pasv_max_port            => 1048,
    pasv_address             => '127.0.0.1',
}

A few advanced Configuration parameter examples

    anon_umask               => '077',
    anon_root                => '/var/ftp/anonymous',
    anon_max_rate            => 0,
    ftpd_banner              => 'My custom banner',
    banner_file              => '/etc/vsftpd/my_banner.txt',
    max_clients              => 0,
    max_per_ip               => 0,
    ftp_username             => 'ftp',
    guest_enable             => false,
    guest_username           => 'ftp',
    anon_world_readable_only => false,
    ascii_download_enable    => false,
    ascii_upload_enable      => false,
    chown_uploads            => true,
    chown_username           => 'linux',
    chroot_list_file         => '/etc/vsftpd/my_chroot_list',
    secure_chroot_dir        => '/usr/share/empty',
    user_config_dir          => '/etc/vsftpd/user_config',
    userlist_deny            => true,
    userlist_enable          => true,
    userlist_file            => '/etc/vsftpd/my_userlist',
    delete_failed_uploads    => false,
    cmds_allowed             => ['PASV','RETR','QUIT'],
    cmds_denied              => ['PASV','RETR','QUIT'],
    deny_file                => ['*.mp3','*.mov','.private'],
    hide_file                => ['*.mp3','.hidden','hide*','h?'],
    syslog_enable            => false,
    dual_log_enable          => false,
    hide_ids                 => false,
    use_localtime            => false,
    local_max_rate           => 0,

SSL integration (not a rocksolid configuration)

    rsa_cert_file           => '/etc/ssl/private/vsftpd.pem',
    rsa_private_key_file    => '/etc/ssl/private/vsftpd.pem',
    ca_certs_file            => '/etc/ssl/private/ca.pem',
    ssl_enable              => true,
    allow_anon_ssl          => true,
    force_local_data_ssl    => true,
    force_local_logins_ssl  => true,
    ssl_tlsv1               => true,
    ssl_sslv2               => false,
    ssl_sslv3               => false,
    require_ssl_reuse       => true,
    ssl_ciphers             => 'HIGH',