File vsftpd-2.3.5-conf.patch of Package vsftpd.20180

Index: vsftpd.conf
===================================================================
--- vsftpd.conf.orig
+++ vsftpd.conf
@@ -4,23 +4,89 @@
 # loosens things up a bit, to make the ftp daemon more usable.
 # Please see vsftpd.conf.5 for all compiled in defaults.
 #
+# If you do not change anything here you will have a minimum setup for an
+# anonymus FTP server.
+#
 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
 # capabilities.
 #
-# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=YES
-#
-# Uncomment this to allow local users to log in.
-#local_enable=YES
+# ################
+# General Settings
+# ################
 #
 # Uncomment this to enable any form of FTP write command.
-#write_enable=YES
+write_enable=NO
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+nopriv_user=ftpsecure
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# If  enabled,  all  user  and  group  information in
+# directory listings will be displayed as "ftp".
+#hide_ids=YES
+#
+# #######################
+# Local FTP user Settings
+# #######################
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
 #
 # Default umask for local users is 077. You may wish to change this to 022,
 # if your users expect that (022 is used by most other ftpd's)
 #local_umask=022
 #
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_local_user=YES
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# The maximum data transfer rate permitted, in bytes per second, for
+# local authenticated users. The default is 0 (unlimited).
+#local_max_rate=7200
+#
+# ##########################
+# Anonymus FTP user Settings
+# ##########################
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=YES
+#
+# The maximum data transfer rate permitted, in bytes per second, for anonymous
+# authenticated users. The default is 0 (unlimited).
+#anon_max_rate=7200
+#
+# Anonymous users will only be allowed to download files which are
+# world readable.
+anon_world_readable_only=YES
+#
+# Default umask for anonymus users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#anon_umask=022
+#
 # Uncomment this to allow the anonymous FTP user to upload files. This only
 # has an effect if the above global write enable is activated. Also, you will
 # obviously need to create a directory writable by the FTP user.
@@ -30,15 +96,9 @@ anonymous_enable=YES
 # new directories.
 #anon_mkdir_write_enable=YES
 #
-# Activate directory messages - messages given to remote users when they
-# go into a certain directory.
-dirmessage_enable=YES
-#
-# Activate logging of uploads/downloads.
-xferlog_enable=YES
-#
-# Make sure PORT transfer connections originate from port 20 (ftp-data).
-connect_from_port_20=YES
+# Uncomment this to enable anonymus FTP users to perform other write operations
+# like deletion and renaming.
+#anon_other_write_enable=YES
 #
 # If you want, you can arrange for uploaded anonymous files to be owned by
 # a different user. Note! Using "root" for uploaded files is not
@@ -46,24 +106,51 @@ connect_from_port_20=YES
 #chown_uploads=YES
 #chown_username=whoever
 #
+# ############
+# Log Settings
+# ############
+#
+# Log to the syslog daemon instead of using an logfile.
+syslog_enable=YES
+#
+# Uncomment this to log all FTP requests and responses.
+#log_ftp_protocol=YES
+#
+# Activate logging of uploads/downloads.
+#xferlog_enable=YES
+#
 # You may override where the log file goes if you like. The default is shown
 # below.
-#xferlog_file=/var/log/vsftpd.log
+#
+#vsftpd_log_file=/var/log/vsftpd.log
 #
 # If you want, you can have your log file in standard ftpd xferlog format.
 # Note that the default log file location is /var/log/xferlog in this case.
 #xferlog_std_format=YES
 #
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
+#dual_log_enable=YES
+#
+# Uncomment this to enable session status information in the system process listing.
+#setproctitle_enable=YES
+#
+# #################
+# Transfer Settings
+# #################
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
 # You may change the default value for timing out an idle session.
 #idle_session_timeout=600
 #
 # You may change the default value for timing out a data connection.
 #data_connection_timeout=120
 #
-# It is recommended that you define on your system a unique user which the
-# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
-#
 # Enable this and the server will recognise asynchronous ABOR requests. Not
 # recommended for security (the code is non-trivial). Not enabling it,
 # however, may confuse older FTP clients.
@@ -77,41 +164,46 @@ connect_from_port_20=YES
 # predicted this attack and has always been safe, reporting the size of the
 # raw file.
 # ASCII mangling is a horrible feature of the protocol.
-#ascii_upload_enable=YES
+ascii_upload_enable=YES
 #ascii_download_enable=YES
 #
-# You may fully customise the login banner string:
-#ftpd_banner=Welcome to blah FTP service.
-#
-# You may specify a file of disallowed anonymous e-mail addresses. Apparently
-# useful for combatting certain DoS attacks.
-#deny_email_enable=YES
-# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
-#
-# You may specify an explicit list of local users to chroot() to their home
-# directory. If chroot_local_user is YES, then this list becomes a list of
-# users to NOT chroot().
-# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
-# the user does not have write access to the top level directory within the
-# chroot)
-#chroot_local_user=YES
-#chroot_list_enable=YES
-# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+# Set to NO if you want to disallow the  PASV  method of obtaining a data
+# connection.
+#pasv_enable=NO
 #
-# You may activate the "-R" option to the builtin ls. This is disabled by
-# default to avoid remote users being able to cause excessive I/O on large
-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
-# the presence of the "-R" option, so there is a strong case for enabling it.
-#ls_recurse_enable=YES
+# PAM setting. Do NOT change this unless you know what you do!
+pam_service_name=vsftpd
 #
 # When "listen" directive is enabled, vsftpd runs in standalone mode and
 # listens on IPv4 sockets. This directive cannot be used in conjunction
 # with the listen_ipv6 directive.
-listen=YES
+listen=NO
 #
 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
 # sockets, you must run two copies of vsftpd with two configuration files.
 # Make sure, that one of the listen options is commented !!
-#listen_ipv6=YES
+listen_ipv6=YES
+#
+# Set to ssl_enable=YES if you want to enable SSL
+ssl_enable=NO
+#
+# Limit passive ports to this range to assis firewalling
+pasv_min_port=30000
+pasv_max_port=30100
+
+### security features that are incompatible with some other settings. ###
+
+# isolate_network ensures the vsftpd subprocess is started in own network
+# namespace (see CLONE_NEWNET in clone(2)). It however disables the
+# authentication methods needs the network access (LDAP, NIS, ...).
+#isolate_network=NO
+
+# seccomp_sanbox add an aditional security layer limiting the number of a
+# syscalls can be performed via vsftpd. However it might happen that a
+# whitelist don't allow a legitimate call (usually indirectly triggered by
+# third-party library like pam, or openssl) and the process is being killed by kernel.
+#
+# Therefor if your server dies on common situations (file download, upload),
+# uncomment following line and don't forget to open  bug at
+# https://bugzilla.novell.com
+#seccomp_sandbox=NO