Friday, July 15, 2011

vsftpd: FTP Server for DD-WRT

I generally prefer Samba over FTP, as it gives a better experience by allowing user to access the files as if they're still on local disk. And, unlike FTP, media files can be played directly from Samba. But, one might still need a FTP server as it offers better performance over Samba.

If the router has at least 8MB flash ROM and happens to run DD-WRT MEGA build, it is very likely there is a proftpd FTP server built in.

So why install vsftpd? The main reason is its size. The proftpd is 500KB while vsftpd is only 100KB! This makes it perfect for embedded systems. Also, vsftpd is easy to use and setup.

  1. Disable stock ProFTPD server
    For DD-WRT, it's in Services->NAS. Set it to Disable then click "Apply Settings".

  2. Install vsftpd
    I assume you have followed previous tutorials and have a working opkg system, now use PuTTY to log in the router and run:

    opkg install vsftpd

  3. (optional) Add a user for anonymous FTP access
    *ignore this part if you've followed the Samba guide, then this user is already in the system
    .

    Create or add to /opt/etc/init.d/adduser with following line:

    grep -q nobody /etc/passwd || echo 'nobody:x:65534:65534:nobody:/mnt:/bin/false' >> /etc/passwd

    Above is one single line and will create a new user "nobody" with no valid password and login shell(thus can't be used for login). Then set it to run during boot up:

    chmod a+x /opt/etc/init.d/adduser
    ln -s /opt/etc/init.d/adduser /opt/etc/init.d/S05adduser

  4. vsftpd.conf, the configuration file for vsftpd
    Edit file /opt/etc/vsftpd.conf with below (delete all previous contents if the file is not empty)

    background=YES
    listen=YES
    listen_port=21
    #Change it if you want to use other port
    anonymous_enable=YES
    #Set it to NO if you don't want anonymous FTP access
    ftp_username=nobody
    #local user used for anonymous FTP access, here is "nobody"
    local_enable=YES
    write_enable=YES
    local_umask=022
    check_shell=NO
    session_support=NO


    For a full list of options, please refer to vsftpd website. These basic options here should be enough for home use. With the settings above, the anonymous user will be locked to "/mnt" folder(if you enable the anonymous option). Can also login with other valid user accounts like "root" or "share" with no restriction.

  5. Set vsftpd to run as a service
    Create file /opt/etc/init.d/vsftpd(delete all previous contents if the file is not empty)

    [ -d /var/run/vsftpd ] || mkdir /var/run/vsftpd
    kill -9 $(pidof vsftpd)
    vsftpd /opt/etc/vsftpd.conf

    Then set it to run as a service

    chmod a+x /opt/etc/init.d/Vsftpd
    ln -s /opt/etc/init.d/vsftpd /opt/etc/init.d/S60Vsftpd

0 comments:

Post a Comment