vsftpd: update to 2.0.7

3 files changed, 21 insertions, 1025 deletions

diff --git a/vsftpd/.md5sum b/vsftpd/.md5sum
index c08257de5..b995179f6 100644
--- a/vsftpd/.md5sum
+++ b/vsftpd/.md5sum
@@ -1,4 +1,4 @@
 7a0ece0af8aefad4313270a8786e041e  vsftpd
-f7a742690d7f86e356fb66d3840079c7  vsftpd-2.0.6.tar.gz
-42228defa4d54bdc280c1e885944942c  vsftpd-config.patch
+3e39cb7b0bee306ad7df8e3552e15297  vsftpd-2.0.7.tar.gz
+d69ea2c7fe28d63a586f47deb5ea7726  vsftpd-config.patch
 50909902ac4ee17700ae9f3cc712485b  vsftpd-syscall.patch
diff --git a/vsftpd/Pkgfile b/vsftpd/Pkgfile
index 91356b45d..5b57c8be5 100644
--- a/vsftpd/Pkgfile
+++ b/vsftpd/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on:  openssl
 
 name=vsftpd
-version=2.0.6
+version=2.0.7
 release=1
 source=(ftp://vsftpd.beasts.org/users/cevans/$name-$version.tar.gz \
         $name-config.patch $name-syscall.patch vsftpd)
diff --git a/vsftpd/vsftpd-config.patch b/vsftpd/vsftpd-config.patch
index 52c20023c..b5bbc8ccb 100644
--- a/vsftpd/vsftpd-config.patch
+++ b/vsftpd/vsftpd-config.patch
@@ -1,6 +1,6 @@
-diff -Nru vsftpd-2.0.6.orig/Makefile vsftpd-2.0.6/Makefile
---- vsftpd-2.0.6.orig/Makefile	2008-02-14 11:06:23.000000000 +0100
-+++ vsftpd-2.0.6/Makefile	2008-02-14 11:06:37.000000000 +0100
+diff -Nru vsftpd-2.0.7.orig/Makefile vsftpd-2.0.7/Makefile
+--- vsftpd-2.0.7.orig/Makefile	2008-07-30 22:19:12.000000000 +0200
++++ vsftpd-2.0.7/Makefile	2008-07-30 22:19:26.000000000 +0200
 @@ -3,7 +3,7 @@
  INSTALL	=	install
  IFLAGS  = -idirafter dummyinc
@@ -36,9 +36,9 @@ diff -Nru vsftpd-2.0.6.orig/Makefile vsftpd-2.0.6/Makefile
  
  clean:
  	rm -f *.o *.swp vsftpd
-diff -Nru vsftpd-2.0.6.orig/builddefs.h vsftpd-2.0.6/builddefs.h
---- vsftpd-2.0.6.orig/builddefs.h	2008-02-14 11:06:23.000000000 +0100
-+++ vsftpd-2.0.6/builddefs.h	2008-02-14 11:06:37.000000000 +0100
+diff -Nru vsftpd-2.0.7.orig/builddefs.h vsftpd-2.0.7/builddefs.h
+--- vsftpd-2.0.7.orig/builddefs.h	2008-07-30 22:19:12.000000000 +0200
++++ vsftpd-2.0.7/builddefs.h	2008-07-30 22:19:26.000000000 +0200
 @@ -1,9 +1,9 @@
  #ifndef VSF_BUILDDEFS_H
  #define VSF_BUILDDEFS_H
@@ -52,10 +52,10 @@ diff -Nru vsftpd-2.0.6.orig/builddefs.h vsftpd-2.0.6/builddefs.h
  
  #endif /* VSF_BUILDDEFS_H */
  
-diff -Nru vsftpd-2.0.6.orig/tunables.c vsftpd-2.0.6/tunables.c
---- vsftpd-2.0.6.orig/tunables.c	2008-02-14 11:06:23.000000000 +0100
-+++ vsftpd-2.0.6/tunables.c	2008-02-14 11:06:37.000000000 +0100
-@@ -100,7 +100,7 @@
+diff -Nru vsftpd-2.0.7.orig/tunables.c vsftpd-2.0.7/tunables.c
+--- vsftpd-2.0.7.orig/tunables.c	2008-07-30 22:19:12.000000000 +0200
++++ vsftpd-2.0.7/tunables.c	2008-07-30 22:19:26.000000000 +0200
+@@ -104,7 +104,7 @@
  /* -rw------- */
  unsigned int tunable_chown_upload_mode = 0600;
  
@@ -64,7 +64,7 @@ diff -Nru vsftpd-2.0.6.orig/tunables.c vsftpd-2.0.6/tunables.c
  const char* tunable_ftp_username = "ftp";
  const char* tunable_chown_username = "root";
  const char* tunable_xferlog_file = "/var/log/xferlog";
-@@ -125,10 +125,10 @@
+@@ -129,10 +129,10 @@
  const char* tunable_deny_file = 0;
  const char* tunable_user_sub_token = 0;
  const char* tunable_email_password_file = "/etc/vsftpd.email_passwords";
@@ -77,9 +77,9 @@ diff -Nru vsftpd-2.0.6.orig/tunables.c vsftpd-2.0.6/tunables.c
  const char* tunable_dsa_private_key_file = 0;
  const char* tunable_ca_certs_file = 0;
  
-diff -Nru vsftpd-2.0.6.orig/vsftpd.conf vsftpd-2.0.6/vsftpd.conf
---- vsftpd-2.0.6.orig/vsftpd.conf	2008-02-14 11:06:23.000000000 +0100
-+++ vsftpd-2.0.6/vsftpd.conf	2008-02-14 11:06:37.000000000 +0100
+diff -Nru vsftpd-2.0.7.orig/vsftpd.conf vsftpd-2.0.7/vsftpd.conf
+--- vsftpd-2.0.7.orig/vsftpd.conf	2008-07-30 22:19:12.000000000 +0200
++++ vsftpd-2.0.7/vsftpd.conf	2008-07-30 22:19:26.000000000 +0200
 @@ -8,11 +8,25 @@
  # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  # capabilities.
@@ -106,10 +106,10 @@ diff -Nru vsftpd-2.0.6.orig/vsftpd.conf vsftpd-2.0.6/vsftpd.conf
  #
  # Uncomment this to enable any form of FTP write command.
  #write_enable=YES
-diff -Nru vsftpd-2.0.6.orig/vsftpd.conf.5 vsftpd-2.0.6/vsftpd.conf.5
---- vsftpd-2.0.6.orig/vsftpd.conf.5	2008-02-14 11:06:23.000000000 +0100
-+++ vsftpd-2.0.6/vsftpd.conf.5	2008-02-14 11:06:37.000000000 +0100
-@@ -897,21 +897,21 @@
+diff -Nru vsftpd-2.0.7.orig/vsftpd.conf.5 vsftpd-2.0.7/vsftpd.conf.5
+--- vsftpd-2.0.7.orig/vsftpd.conf.5	2008-07-30 22:19:12.000000000 +0200
++++ vsftpd-2.0.7/vsftpd.conf.5	2008-07-30 22:19:26.000000000 +0200
+@@ -927,21 +927,21 @@
  This option specifies the location of the RSA certificate to use for SSL
  encrypted connections.
  
@@ -134,1007 +134,3 @@ diff -Nru vsftpd-2.0.6.orig/vsftpd.conf.5 vsftpd-2.0.6/vsftpd.conf.5
  .TP
  .B ssl_ciphers
  This option can be used to select which SSL ciphers vsftpd will allow for
-diff -Nru vsftpd-2.0.6.orig/vsftpd.conf.5~ vsftpd-2.0.6/vsftpd.conf.5~
---- vsftpd-2.0.6.orig/vsftpd.conf.5~	1970-01-01 01:00:00.000000000 +0100
-+++ vsftpd-2.0.6/vsftpd.conf.5~	2008-02-12 05:56:32.000000000 +0100
-@@ -0,0 +1,1000 @@
-+.TH VSFTPD.CONF 5
-+.SH NAME
-+vsftpd.conf \- config file for vsftpd
-+.SH DESCRIPTION
-+vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
-+default, vsftpd looks for this file at the location
-+.BR /etc/vsftpd.conf .
-+However, you may override this by specifying a command line argument to
-+vsftpd. The command line argument is the pathname of the configuration file
-+for vsftpd. This behaviour is useful because you may wish to use an advanced
-+inetd such as
-+.BR xinetd
-+to launch vsftpd with different configuration files on a per virtual host
-+basis.
-+
-+.SH FORMAT
-+The format of vsftpd.conf is very simple. Each line is either a comment or
-+a directive. Comment lines start with a # and are ignored. A directive line
-+has the format:
-+
-+option=value
-+
-+It is important to note that it is an error to put any space between the
-+option, = and value.
-+
-+Each setting has a compiled in default which may be modified in the
-+configuration file.
-+
-+.SH BOOLEAN OPTIONS
-+Below is a list of boolean options. The value for a boolean option may be set
-+to
-+.BR YES
-+or
-+.BR NO .
-+
-+.TP
-+.B allow_anon_ssl
-+Only applies if
-+.BR ssl_enable
-+is active. If set to YES, anonymous users will be allowed to use secured SSL
-+connections.
-+
-+Default: NO
-+.TP
-+.B anon_mkdir_write_enable
-+If set to YES, anonymous users will be permitted to create new directories
-+under certain conditions. For this to work, the option
-+.BR write_enable
-+must be activated, and the anonymous ftp user must have write permission on
-+the parent directory.
-+
-+Default: NO
-+.TP
-+.B anon_other_write_enable
-+If set to YES, anonymous users will be permitted to perform write operations
-+other than upload and create directory, such as deletion and renaming. This
-+is generally not recommended but included for completeness.
-+
-+Default: NO
-+.TP
-+.B anon_upload_enable
-+If set to YES, anonymous users will be permitted to upload files under certain
-+conditions. For this to work, the option
-+.BR write_enable
-+must be activated, and the anonymous ftp user must have write permission on
-+desired upload locations. This setting is also required for virtual users to
-+upload; by default, virtual users are treated with anonymous (i.e. maximally
-+restricted) privilege.
-+
-+Default: NO
-+.TP
-+.B anon_world_readable_only
-+When enabled, anonymous users will only be allowed to download files which
-+are world readable. This is recognising that the ftp user may own files,
-+especially in the presence of uploads.
-+
-+Default: YES
-+.TP
-+.B anonymous_enable
-+Controls whether anonymous logins are permitted or not. If enabled,
-+both the usernames
-+.BR ftp
-+and
-+.BR anonymous
-+are recognised as anonymous logins.
-+
-+Default: YES
-+.TP
-+.B ascii_download_enable
-+When enabled, ASCII mode data transfers will be honoured on downloads.
-+
-+Default: NO
-+.TP
-+.B ascii_upload_enable
-+When enabled, ASCII mode data transfers will be honoured on uploads.
-+
-+Default: NO
-+.TP
-+.B async_abor_enable
-+When enabled, a special FTP command known as "async ABOR" will be enabled.
-+Only ill advised FTP clients will use this feature. Additionally, this feature
-+is awkward to handle, so it is disabled by default. Unfortunately, some FTP
-+clients will hang when cancelling a transfer unless this feature is available,
-+so you may wish to enable it.
-+
-+Default: NO
-+.TP
-+.B background
-+When enabled, and vsftpd is started in "listen" mode, vsftpd will background
-+the listener process. i.e. control will immediately be returned to the shell
-+which launched vsftpd.
-+
-+Default: NO
-+.TP
-+.B check_shell
-+Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,
-+vsftpd will not check /etc/shells for a valid user shell for local logins.
-+
-+Default: YES
-+.TP
-+.B chmod_enable
-+When enables, allows use of the SITE CHMOD command. NOTE! This only applies
-+to local users. Anonymous users never get to use SITE CHMOD.
-+
-+Default: YES
-+.TP
-+.B chown_uploads
-+If enabled, all anonymously uploaded files will have the ownership changed
-+to the user specified in the setting
-+.BR chown_username .
-+This is useful from an administrative, and perhaps security, standpoint.
-+
-+Default: NO
-+.TP
-+.B chroot_list_enable
-+If activated, you may provide a list of local users who are placed in a
-+chroot() jail in their home directory upon login. The meaning is slightly
-+different if chroot_local_user is set to YES. In this case, the list becomes
-+a list of users which are NOT to be placed in a chroot() jail.
-+By default, the file containing this list is
-+/etc/vsftpd.chroot_list, but you may override this with the
-+.BR chroot_list_file
-+setting.
-+
-+Default: NO
-+.TP
-+.B chroot_local_user
-+If set to YES, local users will be (by default) placed in a chroot() jail in
-+their home directory after login.
-+.BR Warning:
-+This option has security implications, especially if the users have upload
-+permission, or shell access. Only enable if you know what you are doing.
-+Note that these security implications are not vsftpd specific. They apply to
-+all FTP daemons which offer to put local users in chroot() jails.
-+
-+Default: NO
-+.TP
-+.B connect_from_port_20
-+This controls whether PORT style data connections use port 20 (ftp-data) on
-+the server machine. For security reasons, some clients may insist that this
-+is the case. Conversely, disabling this option enables vsftpd to run with
-+slightly less privilege.
-+
-+Default: NO (but the sample config file enables it)
-+.TP
-+.B debug_ssl
-+If true, OpenSSL connection diagnostics are dumped to the vsftpd log file.
-+(Added in v2.0.6).
-+
-+Default: NO
-+.TP
-+.B deny_email_enable
-+If activated, you may provide a list of anonymous password e-mail responses
-+which cause login to be denied. By default, the file containing this list is
-+/etc/vsftpd.banned_emails, but you may override this with the
-+.BR banned_email_file
-+setting.
-+
-+Default: NO
-+.TP
-+.B dirlist_enable
-+If set to NO, all directory list commands will give permission denied.
-+
-+Default: YES
-+.TP
-+.B dirmessage_enable
-+If enabled, users of the FTP server can be shown messages when they first
-+enter a new directory. By default, a directory is scanned for the
-+file .message, but that may be overridden with the configuration setting
-+.BR message_file .
-+
-+Default: NO (but the sample config file enables it)
-+.TP
-+.B download_enable
-+If set to NO, all download requests will give permission denied.
-+
-+Default: YES
-+.TP
-+.B dual_log_enable
-+If enabled, two log files are generated in parallel, going by default to
-+.BR /var/log/xferlog
-+and
-+.BR /var/log/vsftpd.log .
-+The former is a wu-ftpd style transfer log, parseable by standard tools. The
-+latter is vsftpd's own style log.
-+
-+Default: NO
-+.TP
-+.B force_dot_files
-+If activated, files and directories starting with . will be shown in directory
-+listings even if the "a" flag was not used by the client. This override
-+excludes the "." and ".." entries.
-+
-+Default: NO
-+.TP
-+.B force_anon_data_ssl
-+Only applies if
-+.BR ssl_enable
-+is activated. If activated, all anonymous logins are forced to use a secure
-+SSL connection in order to send and receive data on data connections.
-+
-+Default: NO
-+.TP
-+.B force_anon_logins_ssl
-+Only applies if
-+.BR ssl_enable
-+is activated. If activated, all anonymous logins are forced to use a secure
-+SSL connection in order to send the password.
-+
-+Default: NO
-+.TP
-+.B force_local_data_ssl
-+Only applies if
-+.BR ssl_enable
-+is activated. If activated, all non-anonymous logins are forced to use a secure
-+SSL connection in order to send and receive data on data connections.
-+
-+Default: YES
-+.TP
-+.B force_local_logins_ssl
-+Only applies if
-+.BR ssl_enable
-+is activated. If activated, all non-anonymous logins are forced to use a secure
-+SSL connection in order to send the password.
-+
-+Default: YES
-+.TP
-+.B guest_enable
-+If enabled, all non-anonymous logins are classed as "guest" logins. A guest
-+login is remapped to the user specified in the
-+.BR guest_username
-+setting.
-+
-+Default: NO
-+.TP
-+.B hide_ids
-+If enabled, all user and group information in directory listings will be
-+displayed as "ftp".
-+
-+Default: NO
-+.TP
-+.B listen
-+If enabled, vsftpd will run in standalone mode. This means that vsftpd must
-+not be run from an inetd of some kind. Instead, the vsftpd executable is
-+run once directly. vsftpd itself will then take care of listening for and
-+handling incoming connections.
-+
-+Default: NO
-+.TP
-+.B listen_ipv6
-+Like the listen parameter, except vsftpd will listen on an IPv6 socket instead
-+of an IPv4 one. This parameter and the listen parameter are mutually
-+exclusive.
-+
-+Default: NO
-+.TP
-+.B local_enable
-+Controls whether local logins are permitted or not. If enabled, normal
-+user accounts in /etc/passwd (or wherever your PAM config references) may be
-+used to log in. This must be enable for any non-anonymous login to work,
-+including virtual users.
-+
-+Default: NO
-+.TP
-+.B lock_upload_files
-+When enabled, all uploads proceed with a write lock on the upload file. All
-+downloads proceed with a shared read lock on the download file. WARNING!
-+Before enabling this, be aware that malicious readers could starve a writer
-+wanting to e.g. append a file.
-+
-+Default: YES
-+.TP
-+.B log_ftp_protocol
-+When enabled, all FTP requests and responses are logged, providing the option
-+xferlog_std_format is not enabled. Useful for debugging.
-+
-+Default: NO
-+.TP
-+.B ls_recurse_enable
-+When enabled, this setting will allow the use of "ls -R". This is a minor
-+security risk, because a ls -R at the top level of a large site may consume
-+a lot of resources.
-+
-+Default: NO
-+.TP
-+.B mdtm_write
-+When enabled, this setting will allow MDTM to set file modification times
-+(subject to the usual access checks).
-+
-+Default: YES
-+.TP
-+.B no_anon_password
-+When enabled, this prevents vsftpd from asking for an anonymous password -
-+the anonymous user will log straight in.
-+
-+Default: NO
-+.TP
-+.B no_log_lock
-+When enabled, this prevents vsftpd from taking a file lock when writing to log
-+files. This option should generally not be enabled. It exists to workaround
-+operating system bugs such as the Solaris / Veritas filesystem combination
-+which has been observed to sometimes exhibit hangs trying to lock log files.
-+
-+Default: NO
-+.TP
-+.B one_process_model
-+If you have a Linux 2.4 kernel, it is possible to use a different security
-+model which only uses one process per connection. It is a less pure security
-+model, but gains you performance. You really don't want to enable this unless
-+you know what you are doing, and your site supports huge numbers of
-+simultaneously connected users.
-+
-+Default: NO
-+.TP
-+.B passwd_chroot_enable
-+If enabled, along with
-+.BR chroot_local_user
-+, then a chroot() jail location may be specified on a per-user basis. Each
-+user's jail is derived from their home directory string in /etc/passwd. The
-+occurrence of /./ in the home directory string denotes that the jail is at that
-+particular location in the path.
-+
-+Default: NO
-+.TP
-+.B pasv_addr_resolve
-+Set to YES if you want to use a hostname (as opposed to IP address) in the
-+.BR pasv_address
-+option.
-+
-+Default: NO
-+.TP
-+.B pasv_enable
-+Set to NO if you want to disallow the PASV method of obtaining a data
-+connection.
-+
-+Default: YES
-+.TP
-+.B pasv_promiscuous
-+Set to YES if you want to disable the PASV security check that ensures the
-+data connection originates from the same IP address as the control connection.
-+Only enable if you know what you are doing! The only legitimate use for this
-+is in some form of secure tunnelling scheme, or perhaps to facilitate FXP
-+support.
-+
-+Default: NO
-+.TP
-+.B port_enable
-+Set to NO if you want to disallow the PORT method of obtaining a data
-+connection.
-+
-+Default: YES
-+.TP
-+.B port_promiscuous
-+Set to YES if you want to disable the PORT security check that ensures that
-+outgoing data connections can only connect to the client. Only enable if
-+you know what you are doing!
-+
-+Default: NO
-+.TP
-+.B require_cert
-+If set to yes, all SSL client connections are required to present a client
-+certificate. The degree of validation applied to this certificate is
-+controlled by
-+.BR validate_cert
-+(Added in v2.0.6).
-+
-+Default: NO
-+.TP
-+.B run_as_launching_user
-+Set to YES if you want vsftpd to run as the user which launched vsftpd. This is
-+useful where root access is not available. MASSIVE WARNING! Do NOT enable this
-+option unless you totally know what you are doing, as naive use of this option
-+can create massive security problems. Specifically, vsftpd does not / cannot
-+use chroot technology to restrict file access when this option is set (even if
-+launched by root). A poor substitute could be to use a
-+.BR deny_file
-+setting such as {/*,*..*}, but the reliability of this cannot compare to
-+chroot, and should not be relied on.
-+If using this option, many restrictions on other options
-+apply. For example, options requiring privilege such as non-anonymous logins,
-+upload ownership changing, connecting from port 20 and listen ports less than
-+1024 are not expected to work. Other options may be impacted.
-+
-+Default: NO
-+.TP
-+.B secure_email_list_enable
-+Set to YES if you want only a specified list of e-mail passwords for anonymous
-+logins to be accepted. This is useful as a low-hassle way of restricting
-+access to low-security content without needing virtual users. When enabled,
-+anonymous logins are prevented unless the password provided is listed in the
-+file specified by the
-+.BR email_password_file
-+setting. The file format is one password per line, no extra whitespace. The
-+default filename is /etc/vsftpd.email_passwords.
-+
-+Default: NO
-+.TP
-+.B session_support
-+This controls whether vsftpd attempts to maintain sessions for logins. If
-+vsftpd is maintaining sessions, it will try and update utmp and wtmp. It
-+will also open a pam_session if using PAM to authenticate, and only close
-+this upon logout. You may wish to disable this if you do not need session
-+logging, and you wish to give vsftpd more opportunity to run with less
-+processes and / or less privilege. NOTE - utmp and wtmp support is only
-+provided with PAM enabled builds.
-+
-+Default: NO
-+.TP
-+.B setproctitle_enable
-+If enabled, vsftpd will try and show session status information in the system
-+process listing. In other words, the reported name of the process will change
-+to reflect what a vsftpd session is doing (idle, downloading etc). You
-+probably want to leave this off for security purposes.
-+
-+Default: NO
-+.TP
-+.B ssl_enable
-+If enabled, and vsftpd was compiled against OpenSSL, vsftpd will support secure
-+connections via SSL. This applies to the control connection (including login)
-+and also data connections. You'll need a client with SSL support too. NOTE!!
-+Beware enabling this option. Only enable it if you need it. vsftpd can make no
-+guarantees about the security of the OpenSSL libraries. By enabling this
-+option, you are declaring that you trust the security of your installed
-+OpenSSL library.
-+
-+Default: NO
-+.TP
-+.B ssl_sslv2
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit SSL v2 protocol connections.
-+TLS v1 connections are preferred.
-+
-+Default: NO
-+.TP
-+.B ssl_sslv3
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit SSL v3 protocol connections.
-+TLS v1 connections are preferred.
-+
-+Default: NO
-+.TP
-+.B ssl_tlsv1
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1 protocol connections.
-+TLS v1 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B syslog_enable
-+If enabled, then any log output which would have gone to /var/log/vsftpd.log
-+goes to the system log instead. Logging is done under the FTPD facility.
-+
-+Default: NO
-+.TP
-+.B tcp_wrappers
-+If enabled, and vsftpd was compiled with tcp_wrappers support, incoming
-+connections will be fed through tcp_wrappers access control. Furthermore,
-+there is a mechanism for per-IP based configuration. If tcp_wrappers sets
-+the VSFTPD_LOAD_CONF environment variable, then the vsftpd session will try
-+and load the vsftpd configuration file specified in this variable. 
-+
-+Default: NO
-+.TP
-+.B text_userdb_names
-+By default, numeric IDs are shown in the user and group fields of directory
-+listings. You can get textual names by enabling this parameter. It is off
-+by default for performance reasons.
-+
-+Default: NO
-+.TP
-+.B tilde_user_enable
-+If enabled, vsftpd will try and resolve pathnames such as ~chris/pics, i.e. a
-+tilde followed by a username. Note that vsftpd will always resolve the
-+pathnames ~ and ~/something (in this case the ~ resolves to the initial
-+login directory). Note that ~user paths will only resolve if the file
-+.BR /etc/passwd
-+may be found within the _current_ chroot() jail.
-+
-+Default: NO
-+.TP
-+.B use_localtime
-+If enabled, vsftpd will display directory listings with the time in your
-+local time zone. The default is to display GMT. The times returned by the
-+MDTM FTP command are also affected by this option.
-+
-+Default: NO
-+.TP
-+.B use_sendfile
-+An internal setting used for testing the relative benefit of using the
-+sendfile() system call on your platform.
-+
-+Default: YES
-+.TP
-+.B userlist_deny
-+This option is examined if
-+.B userlist_enable
-+is activated. If you set this setting to NO, then users will be denied login
-+unless they are explicitly listed in the file specified by
-+.BR userlist_file .
-+When login is denied, the denial is issued before the user is asked for a
-+password.
-+
-+Default: YES
-+.TP
-+.B userlist_enable
-+If enabled, vsftpd will load a list of usernames, from the filename given by
-+.BR userlist_file .
-+If a user tries to log in using a name in this file, they will be denied
-+before they are asked for a password. This may be useful in preventing
-+cleartext passwords being transmitted. See also
-+.BR userlist_deny .
-+
-+Default: NO
-+.TP
-+.B validate_cert
-+If set to yes, all SSL client certificates received must validate OK.
-+Self-signed certs do not constitute OK validation. (New in v2.0.6).
-+
-+Default: NO
-+.TP
-+.B virtual_use_local_privs
-+If enabled, virtual users will use the same privileges as local users. By
-+default, virtual users will use the same privileges as anonymous users, which
-+tends to be more restrictive (especially in terms of write access).
-+
-+Default: NO
-+.TP
-+.B write_enable
-+This controls whether any FTP commands which change the filesystem are allowed
-+or not. These commands are: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE.
-+
-+Default: NO
-+.TP
-+.B xferlog_enable
-+If enabled, a log file will be maintained detailling uploads and downloads.
-+By default, this file will be placed at /var/log/vsftpd.log, but this location
-+may be overridden using the configuration setting
-+.BR vsftpd_log_file .
-+
-+Default: NO (but the sample config file enables it)
-+.TP
-+.B xferlog_std_format
-+If enabled, the transfer log file will be written in standard xferlog format,
-+as used by wu-ftpd. This is useful because you can reuse existing transfer
-+statistics generators. The default format is more readable, however. The
-+default location for this style of log file is /var/log/xferlog, but you may
-+change it with the setting
-+.BR xferlog_file .
-+
-+Default: NO
-+
-+.SH NUMERIC OPTIONS
-+Below is a list of numeric options. A numeric option must be set to a non
-+negative integer. Octal numbers are supported, for convenience of the umask
-+options. To specify an octal number, use 0 as the first digit of the number.
-+
-+.TP
-+.B accept_timeout
-+The timeout, in seconds, for a remote client to establish connection with
-+a PASV style data connection.
-+
-+Default: 60
-+.TP
-+.B anon_max_rate
-+The maximum data transfer rate permitted, in bytes per second, for anonymous
-+clients.
-+
-+Default: 0 (unlimited)
-+.TP
-+.B anon_umask
-+The value that the umask for file creation is set to for anonymous users. NOTE! If you want to specify octal values, remember the "0" prefix otherwise the
-+value will be treated as a base 10 integer!
-+
-+Default: 077
-+.TP
-+.B chown_upload_mode
-+The file mode to force for chown()ed anonymous uploads. (Added in v2.0.6).
-+
-+Default: 0600
-+.TP
-+.B connect_timeout
-+The timeout, in seconds, for a remote client to respond to our PORT style
-+data connection.
-+
-+Default: 60
-+.TP
-+.B data_connection_timeout
-+The timeout, in seconds, which is roughly the maximum time we permit data
-+transfers to stall for with no progress. If the timeout triggers, the remote
-+client is kicked off.
-+
-+Default: 300
-+.TP
-+.B delay_failed_login
-+The number of seconds to pause prior to reporting a failed login.
-+
-+Default: 1
-+.TP
-+.B delay_successful_login
-+The number of seconds to pause prior to allowing a successful login.
-+
-+Default: 0
-+.TP
-+.B file_open_mode
-+The permissions with which uploaded files are created. Umasks are applied
-+on top of this value. You may wish to change to 0777 if you want uploaded
-+files to be executable.
-+
-+Default: 0666
-+.TP
-+.B ftp_data_port
-+The port from which PORT style connections originate (as long as the poorly
-+named
-+.BR connect_from_port_20
-+is enabled).
-+
-+Default: 20
-+.TP
-+.B idle_session_timeout
-+The timeout, in seconds, which is the maximum time a remote client may spend
-+between FTP commands. If the timeout triggers, the remote client is kicked
-+off.
-+
-+Default: 300
-+.TP
-+.B listen_port
-+If vsftpd is in standalone mode, this is the port it will listen on for
-+incoming FTP connections.
-+
-+Default: 21
-+.TP
-+.B local_max_rate
-+The maximum data transfer rate permitted, in bytes per second, for local
-+authenticated users.
-+
-+Default: 0 (unlimited)
-+.TP
-+.B local_umask
-+The value that the umask for file creation is set to for local users. NOTE! If
-+you want to specify octal values, remember the "0" prefix otherwise the value
-+will be treated as a base 10 integer!
-+
-+Default: 077
-+.TP
-+.B max_clients
-+If vsftpd is in standalone mode, this is the maximum number of clients which
-+may be connected. Any additional clients connecting will get an error message.
-+
-+Default: 0 (unlimited)
-+.TP
-+.B max_login_fails
-+After this many login failures, the session is killed.
-+
-+Default: 3
-+.TP
-+.B max_per_ip
-+If vsftpd is in standalone mode, this is the maximum number of clients which
-+may be connected from the same source internet address. A client will get an
-+error message if they go over this limit.
-+
-+Default: 0 (unlimited)
-+.TP
-+.B pasv_max_port
-+The maximum port to allocate for PASV style data connections. Can be used to
-+specify a narrow port range to assist firewalling.
-+
-+Default: 0 (use any port)
-+.TP
-+.B pasv_min_port
-+The minimum port to allocate for PASV style data connections. Can be used to
-+specify a narrow port range to assist firewalling.
-+
-+Default: 0 (use any port)
-+.TP
-+.B trans_chunk_size
-+You probably don't want to change this, but try setting it to something like
-+8192 for a much smoother bandwidth limiter.
-+
-+Default: 0 (let vsftpd pick a sensible setting)
-+
-+.SH STRING OPTIONS
-+Below is a list of string options.
-+
-+.TP
-+.B anon_root
-+This option represents a directory which vsftpd will try to change into
-+after an anonymous login. Failure is silently ignored.
-+
-+Default: (none)
-+.TP
-+.B banned_email_file
-+This option is the name of a file containing a list of anonymous e-mail
-+passwords which are not permitted. This file is consulted if the option
-+.BR deny_email_enable
-+is enabled.
-+
-+Default: /etc/vsftpd.banned_emails
-+.TP
-+.B banner_file
-+This option is the name of a file containing text to display when someone
-+connects to the server. If set, it overrides the banner string provided by
-+the
-+.BR ftpd_banner
-+option.
-+
-+Default: (none)
-+.TP
-+.B ca_certs_file
-+This option is the name of a file to load Certificate Authority certs from, for
-+the purpose of validating client certs. Regrettably, the default SSL CA cert
-+paths are not used, because of vsftpd's use of restricted filesystem spaces
-+(chroot). (Added in v2.0.6).
-+
-+Default: (none)
-+.TP
-+.B chown_username
-+This is the name of the user who is given ownership of anonymously uploaded
-+files. This option is only relevant if another option,
-+.BR chown_uploads ,
-+is set.
-+
-+Default: root
-+.TP
-+.B chroot_list_file
-+The option is the name of a file containing a list of local users which
-+will be placed in a chroot() jail in their home directory. This option is
-+only relevant if the option
-+.BR chroot_list_enable
-+is enabled. If the option
-+.BR chroot_local_user
-+is enabled, then the list file becomes a list of users to NOT place in a
-+chroot() jail.
-+
-+Default: /etc/vsftpd.chroot_list
-+.TP
-+.B cmds_allowed
-+This options specifies a comma separated list of allowed FTP commands (post
-+login. USER, PASS and QUIT are always allowed pre-login). Other
-+commands are rejected. This is a powerful method of really locking down an
-+FTP server. Example: cmds_allowed=PASV,RETR,QUIT
-+
-+Default: (none)
-+.TP
-+.B deny_file
-+This option can be used to set a pattern for filenames (and directory names
-+etc.) which should not be accessible in any way. The affected items are not
-+hidden, but any attempt to do anything to them (download, change into
-+directory, affect something within directory etc.) will be denied. This option
-+is very simple, and should not be used for serious access control - the
-+filesystem's permissions should be used in preference. However, this option
-+may be useful in certain virtual user setups. In particular aware that if
-+a filename is accessible by a variety of names (perhaps due to symbolic
-+links or hard links), then care must be taken to deny access to all the names.
-+Access will be denied to items if their name contains the string given by
-+hide_file, or if they match the regular expression specified by hide_file.
-+Note that vsftpd's regular expression matching code is a simple implementation
-+which is a subset of full regular expression functionality. Because of this,
-+you will need to carefully and exhaustively test any application of this
-+option. And you are recommended to use filesystem permissions for any
-+important security policies due to their greater reliability. Supported
-+regex syntax is any number of *, ? and unnested {,} operators. Regex
-+matching is only supported on the last component of a path, e.g. a/b/? is
-+supported but a/?/c is not.
-+Example: deny_file={*.mp3,*.mov,.private}
-+
-+Default: (none)
-+.TP
-+.B dsa_cert_file
-+This option specifies the location of the DSA certificate to use for SSL
-+encrypted connections.
-+
-+Default: (none - an RSA certificate suffices)
-+.TP
-+.B dsa_private_key_file
-+This option specifies the location of the DSA private key to use for SSL
-+encrypted connections. If this option is not set, the private key is expected
-+to be in the same file as the certificate.
-+
-+Default: (none)
-+.TP
-+.B email_password_file
-+This option can be used to provide an alternate file for usage by the
-+.BR secure_email_list_enable
-+setting.
-+
-+Default: /etc/vsftpd.email_passwords
-+.TP
-+.B ftp_username
-+This is the name of the user we use for handling anonymous FTP. The home
-+directory of this user is the root of the anonymous FTP area.
-+
-+Default: ftp
-+.TP
-+.B ftpd_banner
-+This string option allows you to override the greeting banner displayed
-+by vsftpd when a connection first comes in.
-+
-+Default: (none - default vsftpd banner is displayed)
-+.TP
-+.B guest_username
-+See the boolean setting
-+.BR guest_enable
-+for a description of what constitutes a guest login. This setting is the
-+real username which guest users are mapped to.
-+
-+Default: ftp
-+.TP
-+.B hide_file
-+This option can be used to set a pattern for filenames (and directory names
-+etc.) which should be hidden from directory listings. Despite being hidden,
-+the files / directories etc. are fully accessible to clients who know what
-+names to actually use. Items will be hidden if their names contain the string
-+given by hide_file, or if they match the regular expression specified by
-+hide_file. Note that vsftpd's regular expression matching code is a simple
-+implementation which is a subset of full regular expression functionality.
-+See
-+.BR deny_file
-+for details of exactly what regex syntax is supported.
-+Example: hide_file={*.mp3,.hidden,hide*,h?}
-+
-+Default: (none)
-+.TP
-+.B listen_address
-+If vsftpd is in standalone mode, the default listen address (of all local
-+interfaces) may be overridden by this setting. Provide a numeric IP address.
-+
-+Default: (none)
-+.TP
-+.B listen_address6
-+Like listen_address, but specifies a default listen address for the IPv6
-+listener (which is used if listen_ipv6 is set). Format is standard IPv6
-+address format.
-+
-+Default: (none)
-+.TP
-+.B local_root
-+This option represents a directory which vsftpd will try to change into
-+after a local (i.e. non-anonymous) login. Failure is silently ignored.
-+
-+Default: (none)
-+.TP
-+.B message_file
-+This option is the name of the file we look for when a new directory is
-+entered. The contents are displayed to the remote user. This option is
-+only relevant if the option
-+.BR dirmessage_enable
-+is enabled.
-+
-+Default: .message
-+.TP
-+.B nopriv_user
-+This is the name of the user that is used by vsftpd when it wants to be
-+totally unprivileged. Note that this should be a dedicated user, rather
-+than nobody. The user nobody tends to be used for rather a lot of important
-+things on most machines.
-+
-+Default: nobody
-+.TP
-+.B pam_service_name
-+This string is the name of the PAM service vsftpd will use.
-+
-+Default: ftp
-+.TP
-+.B pasv_address
-+Use this option to override the IP address that vsftpd will advertise in
-+response to the PASV command. Provide a numeric IP address, unless
-+.BR pasv_addr_resolve
-+is enabled, in which case you can provide a hostname which will be DNS
-+resolved for you at startup.
-+
-+Default: (none - the address is taken from the incoming connected socket)
-+.TP
-+.B rsa_cert_file
-+This option specifies the location of the RSA certificate to use for SSL
-+encrypted connections.
-+
-+Default: /usr/share/ssl/certs/vsftpd.pem
-+.TP
-+.B rsa_private_key_file
-+This option specifies the location of the RSA private key to use for SSL
-+encrypted connections. If this option is not set, the private key is expected
-+to be in the same file as the certificate.
-+
-+Default: (none)
-+.TP
-+.B secure_chroot_dir
-+This option should be the name of a directory which is empty. Also, the
-+directory should not be writable by the ftp user. This directory is used
-+as a secure chroot() jail at times vsftpd does not require filesystem access.
-+
-+Default: /usr/share/empty
-+.TP
-+.B ssl_ciphers
-+This option can be used to select which SSL ciphers vsftpd will allow for
-+encrpyted SSL connections. See the
-+.BR ciphers
-+man page for further details. Note that restricting ciphers can be a useful
-+security precaution as it prevents malicious remote parties forcing a cipher
-+which they have found problems with.
-+
-+Default: DES-CBC3-SHA
-+.TP
-+.B user_config_dir
-+This powerful option allows the override of any config option specified in
-+the manual page, on a per-user basis. Usage is simple, and is best illustrated
-+with an example. If you set
-+.BR user_config_dir
-+to be
-+.BR /etc/vsftpd_user_conf
-+and then log on as the user "chris", then vsftpd will apply the settings in
-+the file
-+.BR /etc/vsftpd_user_conf/chris
-+for the duration of the session. The format of this file is as detailed in
-+this manual page! PLEASE NOTE that not all settings are effective on a
-+per-user basis. For example, many settings only prior to the user's session
-+being started. Examples of settings which will not affect any behviour on
-+a per-user basis include listen_address, banner_file, max_per_ip, max_clients,
-+xferlog_file, etc.
-+
-+Default: (none)
-+.TP
-+.B user_sub_token
-+This option is useful is conjunction with virtual users. It is used to
-+automatically generate a home directory for each virtual user, based on a
-+template. For example, if the home directory of the real user specified via
-+.BR guest_username
-+is
-+.BR /home/virtual/$USER ,
-+and
-+.BR user_sub_token
-+is set to
-+.BR $USER ,
-+then when virtual user fred logs in, he will end up (usually chroot()'ed) in
-+the directory
-+.BR /home/virtual/fred .
-+This option also takes affect if
-+.BR local_root
-+contains
-+.BR user_sub_token .
-+
-+Default: (none)
-+.TP
-+.B userlist_file
-+This option is the name of the file loaded when the
-+.BR userlist_enable
-+option is active.
-+
-+Default: /etc/vsftpd.user_list
-+.TP
-+.B vsftpd_log_file
-+This option is the name of the file to which we write the vsftpd style
-+log file. This log is only written if the option
-+.BR xferlog_enable
-+is set, and
-+.BR xferlog_std_format
-+is NOT set. Alternatively, it is written if you have set the option
-+.BR dual_log_enable .
-+One further complication - if you have set
-+.BR syslog_enable ,
-+then this file is not written and output is sent to the system log instead.
-+
-+Default: /var/log/vsftpd.log
-+.TP
-+.B xferlog_file
-+This option is the name of the file to which we write the wu-ftpd style
-+transfer log. The transfer log is only written if the option
-+.BR xferlog_enable
-+is set, along with
-+.BR xferlog_std_format .
-+Alternatively, it is written if you have set the option
-+.BR dual_log_enable .
-+
-+Default: /var/log/xferlog
-+
-+.SH AUTHOR
-+scarybeasts@gmail.com
-+