Skip to content

REFERENCE.md

Latest commit

 

History

History
1301 lines (620 loc) · 27.1 KB

REFERENCE.md

File metadata and controls

1301 lines (620 loc) · 27.1 KB

Reference

Table of Contents

Classes

  • vsftpd: A more Puppety way of installing and managing the vsftpd daemon.

Classes

vsftpd

feature. Additionally, this feature is awkward to handle, so it is disabled by default. Unfortunately, some FTP clients will hang when cancelling a transfer unless this feature is available, so you may wish to enable it.

Default: NO

Default: YES

Examples

class { 'vsftpd':
  pam_service_name => 'ftp',
  pasv_enable      => true,
  pasv_min_port    => 1024,
  pasv_max_port    => 1048,
  pasv_address     => '127.0.0.1',
}

Parameters

The following parameters are available in the vsftpd class:

config_path

Data type: String

The path to the main configuration file of vsftpd. Defaults to the os specific path.

package_name

Data type: String

The name of the package.

Default value: vsftpd

service_name

Data type: String

The name of systemd service

Default value: vsftpd

manage_service

Data type: Boolean

Wether to manage the systemd service or not.

Default value: true

service_enable

Data type: Variant[Boolean, Enum['manual', 'mask']]

Wether to enable the service when booting or not.

Default value: true

service_ensure

Data type: Variant[Boolean, Enum['running', 'stopped']]

Control if the service is running or not

Default value: 'running'

template

Data type: String

Path to the template the file resource is using.

Default value: 'vsftpd/configfile.erb'

allow_anon_ssl

Data type: Optional[Boolean]

Only applies if ssl_enable is active. If set to YES, anonymous users will be allowed to use secured SSL connections.

Default when Boolean is undef: NO

Default value: undef

allow_root_squashed_chroot

Data type: Optional[Boolean]

Default value: undef

allow_writeable_chroot

Data type: Optional[Boolean]

Default value: undef

anon_mkdir_write_enable

Data type: Optional[Boolean]

If set to YES, anonymous users will be permitted to create new directories under certain conditions. For this to work, the option write_enable must be activated, and the anonymous ftp user must have write permission on the parent directory.

Default when Boolean is undef: NO

Default value: undef

anon_other_write_enable

Data type: Optional[Boolean]

If set to YES, anonymous users will be permitted to perform write operations other than upload and create directory, such as deletion and renaming. This is generally not recommended but included for completeness.

Default when Boolean is undef: NO

Default value: undef

anon_upload_enable

Data type: Optional[Boolean]

If set to YES, anonymous users will be permitted to upload files under certain conditions. For this to work, the option write_enable must be activated, and the anonymous ftp user must have write permission on desired upload locations. This setting is also required for virtual users to upload; by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege.

Default when Boolean is undef: NO

Default value: undef

anon_world_readable_only

Data type: Optional[Boolean]

When enabled, anonymous users will only be allowed to download files which are world readable. This is recognising that the ftp user may own files, especially in the presence of uploads.

Default when Boolean is undef: YES

Default value: undef

anonymous_enable

Data type: Optional[Boolean]

Controls whether anonymous logins are permitted or not. If enabled, both the usernames ftp and anonymous are recognised as anonymous logins.

Default: YES

Default value: undef

ascii_download_enable

Data type: Optional[Boolean]

When enabled, ASCII mode data transfers will be honoured on downloads.

Default: NO

Default value: undef

ascii_upload_enable

Data type: Optional[Boolean]

When enabled, ASCII mode data transfers will be honoured on uploads.

Default: NO

Default value: undef

async_abor_enable

Data type: Optional[Boolean]

When enabled, a special FTP command known as "async ABOR" will be enabled. Only ill advised FTP clients will use this

Default value: undef

background

Data type: Optional[Boolean]

When enabled, and vsftpd is started in "listen" mode, vsftpd will background the listener process. i.e. control will immediately be returned to the shell which launched vsftpd.

Default: YES

Default value: undef

check_shell

Data type: Optional[Boolean]

Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins.

Default: YES

Default value: undef

chmod_enable

Data type: Optional[Boolean]

When enabled, allows use of the SITE CHMOD command. NOTE! This only applies to local users. Anonymous users never get to use SITE CHMOD.

Default value: undef

chown_uploads

Data type: Optional[Boolean]

If enabled, all anonymously uploaded files will have the ownership changed to the user specified in the setting chown_username. This is useful from an administrative, and perhaps security, standpoint.

Default: NO

Default value: undef

chroot_list_enable

Data type: Optional[Boolean]

If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd/chroot_list, but you may override this with the chroot_list_file setting.

Default: NO

Default value: undef

chroot_local_user

Data type: Optional[Boolean]

If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

Default: NO

Default value: undef

connect_from_port_20

Data type: Optional[Boolean]

This controls whether PORT style data connections use port 20 (ftp-data) on the server machine. For security reasons, some clients may insist that this is the case. Conversely, disabling this option enables vsftpd to run with slightly less privilege.

Default: NO (but the sample config file enables it)

Default value: undef

debug_ssl

Data type: Optional[Boolean]

Default value: undef

delete_failed_uploads

Data type: Optional[Boolean]

Default value: undef

deny_email_enable

Data type: Optional[Boolean]

Default value: undef

dirlist_enable

Data type: Optional[Boolean]

Default value: undef

dirmessage_enable

Data type: Optional[Boolean]

Default value: undef

download_enable

Data type: Optional[Boolean]

Default value: undef

dual_log_enable

Data type: Optional[Boolean]

Default value: undef

force_dot_files

Data type: Optional[Boolean]

Default value: undef

force_anon_data_ssl

Data type: Optional[Boolean]

Default value: undef

force_anon_logins_ssl

Data type: Optional[Boolean]

Default value: undef

force_local_data_ssl

Data type: Optional[Boolean]

Default value: undef

force_local_logins_ssl

Data type: Optional[Boolean]

Default value: undef

guest_enable

Data type: Optional[Boolean]

Default value: undef

hide_ids

Data type: Optional[Boolean]

Default value: undef

implicit_ssl

Data type: Optional[Boolean]

Default value: undef

listen

Data type: Optional[Boolean]

Default value: undef

listen_ipv6

Data type: Optional[Boolean]

Default value: undef

local_enable

Data type: Optional[Boolean]

Default value: undef

lock_upload_files

Data type: Optional[Boolean]

Default value: undef

log_ftp_protocol

Data type: Optional[Boolean]

Default value: undef

ls_recurse_enable

Data type: Optional[Boolean]

Default value: undef

mdtm_write

Data type: Optional[Boolean]

Default value: undef

no_anon_password

Data type: Optional[Boolean]

Default value: undef

no_log_lock

Data type: Optional[Boolean]

Default value: undef

one_process_model

Data type: Optional[Boolean]

Default value: undef

passwd_chroot_enable

Data type: Optional[Boolean]

Default value: undef

pasv_addr_resolve

Data type: Optional[Boolean]

Default value: undef

pasv_enable

Data type: Optional[Boolean]

Default value: undef

pasv_promiscuous

Data type: Optional[Boolean]

Default value: undef

port_enable

Data type: Optional[Boolean]

Default value: undef

port_promiscuous

Data type: Optional[Boolean]

Default value: undef

require_cert

Data type: Optional[Boolean]

Default value: undef

require_ssl_reuse

Data type: Optional[Boolean]

Default value: undef

run_as_launching_user

Data type: Optional[Boolean]

Default value: undef

secure_email_list_enable

Data type: Optional[Boolean]

Default value: undef

session_support

Data type: Optional[Boolean]

Default value: undef

setproctitle_enable

Data type: Optional[Boolean]

Default value: undef

ssl_enable

Data type: Optional[Boolean]

Default value: undef

ssl_request_cert

Data type: Optional[Boolean]

Default value: undef

ssl_sslv2

Data type: Optional[Boolean]

Default value: undef

ssl_sslv3

Data type: Optional[Boolean]

Default value: undef

ssl_tlsv1

Data type: Optional[Boolean]

Default value: undef

strict_ssl_read_eof

Data type: Optional[Boolean]

Default value: undef

strict_ssl_write_shutdown

Data type: Optional[Boolean]

Default value: undef

syslog_enable

Data type: Optional[Boolean]

Default value: undef

tcp_wrappers

Data type: Optional[Boolean]

Default value: undef

text_userdb_names

Data type: Optional[Boolean]

Default value: undef

tilde_user_enable

Data type: Optional[Boolean]

Default value: undef

use_localtime

Data type: Optional[Boolean]

Default value: undef

use_sendfile

Data type: Optional[Boolean]

Default value: undef

userlist_deny

Data type: Optional[Boolean]

Default value: undef

userlist_enable

Data type: Optional[Boolean]

Default value: undef

validate_cert

Data type: Optional[Boolean]

Default value: undef

virtual_use_local_privs

Data type: Optional[Boolean]

Default value: undef

write_enable

Data type: Optional[Boolean]

Default value: undef

xferlog_enable

Data type: Optional[Boolean]

Default value: undef

xferlog_std_format

Data type: Optional[Boolean]

Default value: undef

accept_timeout

Data type: Optional[Integer]

Default value: undef

address_space_limit

Data type: Optional[Integer]

Default value: undef

anon_max_rate

Data type: Optional[Integer]

Default value: undef

anon_umask

Data type: Optional[String]

Default value: undef

chown_upload_mode

Data type: Optional[String]

Default value: undef

connect_timeout

Data type: Optional[Integer]

Default value: undef

data_connection_timeout

Data type: Optional[Integer]

Default value: undef

delay_failed_login

Data type: Optional[Integer]

Default value: undef

delay_successful_login

Data type: Optional[Integer]

Default value: undef

file_open_mode

Data type: Optional[String]

Default value: undef

ftp_data_port

Data type: Optional[Integer]

Default value: undef

idle_session_timeout

Data type: Optional[Integer]

Default value: undef

listen_port

Data type: Optional[Integer]

Default value: undef

local_max_rate

Data type: Optional[Integer]

Default value: undef

local_umask

Data type: Optional[String]

Default value: undef

max_clients

Data type: Optional[Integer]

Default value: undef

max_login_fails

Data type: Optional[Integer]

Default value: undef

max_per_ip

Data type: Optional[Integer]

Default value: undef

pasv_min_port

Data type: Optional[Integer]

Default value: undef

pasv_max_port

Data type: Optional[Integer]

Default value: undef

trans_chunk_size

Data type: Optional[Integer]

Default value: undef

anon_root

Data type: Optional[String]

Default value: undef

banned_email_file

Data type: Optional[String]

Default value: undef

banner_file

Data type: Optional[String]

Default value: undef

ca_certs_file

Data type: Optional[String]

Default value: undef

chown_username

Data type: Optional[String]

Default value: undef

chroot_list_file

Data type: Optional[String]

Default value: undef

cmds_allowed

Data type: Optional[Array[Vsftpd::Cmd]]

Default value: undef

cmds_denied

Data type: Optional[Array[Vsftpd::Cmd]]

Default value: undef

deny_file

Data type: Optional[Array[String]]

Default value: undef

dsa_cert_file

Data type: Optional[String]

Default value: undef

dsa_private_key_file

Data type: Optional[String]

Default value: undef

email_password_file

Data type: Optional[String]

Default value: undef

ftp_username

Data type: Optional[String]

Default value: undef

ftpd_banner

Data type: Optional[String]

Default value: undef

guest_username

Data type: Optional[String]

Default value: undef

hide_file

Data type: Optional[Array[String]]

Default value: undef

listen_address

Data type: Optional[String]

Default value: undef

listen_address6

Data type: Optional[String]

Default value: undef

local_root

Data type: Optional[String]

Default value: undef

message_file

Data type: Optional[String]

Default value: undef

nopriv_user

Data type: Optional[String]

Default value: undef

pam_service_name

Data type: Optional[String]

Default value: undef

pasv_address

Data type: Optional[String]

Default value: undef

rsa_cert_file

Data type: Optional[String]

Default value: undef

rsa_private_key_file

Data type: Optional[String]

Default value: undef

secure_chroot_dir

Data type: Optional[String]

Default value: undef

ssl_ciphers

Data type: Optional[String]

Default value: undef

user_config_dir

Data type: Optional[String]

Default value: undef

user_sub_token

Data type: Optional[String]

Default value: undef

userlist_file

Data type: Optional[String]

Default value: undef

vsftpd_log_file

Data type: Optional[String]

Default value: undef

xferlog_file

Data type: Optional[String]

Default value: undef