Documentation du Dr FRAPPE

Ce wiki regroupe les résultats de mes expériences en informatique accumulés au cours de mes recherches sur le net.

Dans la mesure du possible, j'ai cité mes sources ; il en manque certainement… :-)

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision
Révision précédente
logiciel:internet:ftp:vsftpd:faq:start [2021/04/09 12:10] adminlogiciel:internet:ftp:vsftpd:faq:start [2022/08/13 22:27] (Version actuelle) – modification externe 127.0.0.1
Ligne 3: Ligne 3:
 ====== vsftpd FAQ (traduction de questions fréquemment posées) ====== ====== vsftpd FAQ (traduction de questions fréquemment posées) ======
  
-~~FAQ~~  ;?? Puis-je restreindre les utilisateurs à leur répertoire HOME ? +~~FAQ~~ 
-!!! Oui. Sans doute en utilisant :<code>chroot_local_user=YES</code>  ;?? Pourquoi les liens symboliques ne fonctionnent-ils pas avec chroot_local_user=YES ?+  ??? Puis-je restreindre les utilisateurs à leur répertoire HOME ? 
 +!!! Oui. Sans doute en utilisant :<code>chroot_local_user=YES</code> 
 +  ??? Pourquoi les liens symboliques ne fonctionnent-ils pas avec chroot_local_user=YES ?
 !!! C'est une conséquence du fonctionnement de la sécurité de chroot() . !!! C'est une conséquence du fonctionnement de la sécurité de chroot() .
-Comme alternative, voir les liens en dur, ou le puissant <cli prompt='$ '>...@...:~$ mount --bind</cli>  ;?? vsftpd peut-il limiter le nombre d'utilisateurs connectés ?+Comme alternative, voir les liens en dur, ou le puissant <cli prompt='$ '>...@...:~$ mount --bind</cli> 
 +  ??? vsftpd peut-il limiter le nombre d'utilisateurs connectés ?
 !!! Oui, indirectement. vsftpd est un service basé sur inetd. !!! Oui, indirectement. vsftpd est un service basé sur inetd.
 Si vous utilisez le populaire "xinetd" la "xinetd" populaire comme inetd, il supporte les limites de connexion par service ou par IP. Si vous utilisez le populaire "xinetd" la "xinetd" populaire comme inetd, il supporte les limites de connexion par service ou par IP.
 Il y a un exemple dans le répertoire "EXAMPLE". Il y a un exemple dans le répertoire "EXAMPLE".
  
-Si vous exécutez vsftpd en mode "standalone" avec le réglage <code>listen=YES</code>, alors vous disposez du réglage (par ex.) :<code>max_clients=10</code>  ;?? message d'erreur "refusing to run with writable root"+Si vous exécutez vsftpd en mode "standalone" avec le réglage <code>listen=YES</code>, alors vous disposez du réglage (par ex.) :<code>max_clients=10</code> 
-!!! vsftpd se protège contre les configurations dangereuses. La cause de ce message est généralement une appartenance douteuse du répertoire home du ftp. Le répertoire home ne doit PAS être possédé par l'utilisateur ftp lui-même. Il ne doit pas non plus être accessible en écriture par l'utilisateur ftp. Une façon de résoudre ce problème est :<cli prompt='$ '>...@...:~$ chown root ~ftp; chmod -w ~ftp</cli>Une autre cause pourrait être un essai d'utiliser chroot_local_user sans avoir réglé correctement le propriétaire du répertoire.  ;?? Help! I'm getting the error message "str_getpwnam"+  ??? message d'erreur "refusing to run with writable root"
-!!! The most likely cause of this is that the user that is configured as the 'nopriv_user' setting (often 'nobody') does not exist on your system. vsftpd needs this user to run bits of itself with no privilege.  ;?? Help! Local users cannot log in.+!!! vsftpd se protège contre les configurations dangereuses. La cause de ce message est généralement une appartenance douteuse du répertoire home du ftp. Le répertoire home ne doit PAS être possédé par l'utilisateur ftp lui-même. Il ne doit pas non plus être accessible en écriture par l'utilisateur ftp. Une façon de résoudre ce problème est :<cli prompt='$ '>...@...:~$ chown root ~ftp; chmod -w ~ftp</cli>Une autre cause pourrait être un essai d'utiliser chroot_local_user sans avoir réglé correctement le propriétaire du répertoire. 
 +  ??? Help! I'm getting the error message "str_getpwnam"
 +!!! The most likely cause of this is that the user that is configured as the 'nopriv_user' setting (often 'nobody') does not exist on your system. vsftpd needs this user to run bits of itself with no privilege. 
 +  ??? Help! Local users cannot log in.
 !!! There are various possible problems. !!! There are various possible problems.
 !!! By default, vsftpd disables any logins other than anonymous logins. Put local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. !!! By default, vsftpd disables any logins other than anonymous logins. Put local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
 !!! vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is a sample one for RedHat systems included in the "RedHat" directory - put it under /etc/pam.d !!! vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is a sample one for RedHat systems included in the "RedHat" directory - put it under /etc/pam.d
 !!! If vsftpd didn't link with PAM, then there are various possible issues. Is the user's shell in /etc/shells? If you have shadowed passwords, does your system have a "shadow.h" file in the include path? !!! If vsftpd didn't link with PAM, then there are various possible issues. Is the user's shell in /etc/shells? If you have shadowed passwords, does your system have a "shadow.h" file in the include path?
-!!! If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your /etc/vsftpd.conf.  ;?? Help! Uploads or other write commands give me "500 Unknown command."+!!! If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your /etc/vsftpd.conf. 
-!!! By default, write commands, including uploads and new directories, are disabled. This is a security measure. To enable writes, put write_enable=YES in your /etc/vsftpd.conf.  ;?? Help! What are the security implications referred to in the "chroot_local_user" option? +  ??? Help! Uploads or other write commands give me "500 Unknown command."
-!!! Firstly note that other ftp daemons have the same implications. It is a generic problem. The problem isn't too severe, but it is this: Some people have FTP user accounts which are not trusted to have full shell access. If these accounts can also upload files, there is a small risk. A bad user now has control of the filesystem root, which is their home directory. The ftp daemon might cause some config file to be read - e.g. /etc/some_file. With chroot(), this file is now under the control of the user. vsftpd is careful in this area. But, the system's libc might want to open locale config files or other settings...  ;?? Help! Uploaded files are appearing with permissions -rw-------.+!!! By default, write commands, including uploads and new directories, are disabled. This is a security measure. To enable writes, put write_enable=YES in your /etc/vsftpd.conf. 
 +  ??? Help! What are the security implications referred to in the "chroot_local_user" option? 
 +!!! Firstly note that other ftp daemons have the same implications. It is a generic problem. The problem isn't too severe, but it is this: Some people have FTP user accounts which are not trusted to have full shell access. If these accounts can also upload files, there is a small risk. A bad user now has control of the filesystem root, which is their home directory. The ftp daemon might cause some config file to be read - e.g. /etc/some_file. With chroot(), this file is now under the control of the user. vsftpd is careful in this area. But, the system's libc might want to open locale config files or other settings... 
 +  ??? Help! Uploaded files are appearing with permissions -rw-------.
 !!! Depending on if this is an upload by a local user or an anonymous user, use "local_umask" or "anon_umask" to change this. For example, use "anon_umask=022" to give anonymously uploaded files permissions -rw-r--r--. Note that the "0" before the "22" is important. !!! Depending on if this is an upload by a local user or an anonymous user, use "local_umask" or "anon_umask" to change this. For example, use "anon_umask=022" to give anonymously uploaded files permissions -rw-r--r--. Note that the "0" before the "22" is important.
-!!! Also see the vsftpd.conf.5 man page for the new "file_open_mode" parameter.  ;?? Help! How do I integrate with LDAP users and logins? +!!! Also see the vsftpd.conf.5 man page for the new "file_open_mode" parameter. 
-!!! Use vsftpd's PAM integration to do this, and have PAM authenticate against an LDAP repository.  ;?? Help! Does vsftpd do virtual hosting setups?+  ??? Help! How do I integrate with LDAP users and logins? 
 +!!! Use vsftpd's PAM integration to do this, and have PAM authenticate against an LDAP repository. 
 +  ??? Help! Does vsftpd do virtual hosting setups?
 !!! Yes. If you integrate vsftpd with xinetd, you can use xinetd to bind to several different IP addresses. For each IP address, get xinetd to launch vsftpd with a different config file. This way, you can get different behaviour per virtual address. !!! Yes. If you integrate vsftpd with xinetd, you can use xinetd to bind to several different IP addresses. For each IP address, get xinetd to launch vsftpd with a different config file. This way, you can get different behaviour per virtual address.
-!!! Alternatively, run as many copies as vsftpd as necessary, in standalone mode. Use "listen_address=x.x.x.x" to set the virtual IP.  ;?? Help! Does vsftpd support virtual users?+!!! Alternatively, run as many copies as vsftpd as necessary, in standalone mode. Use "listen_address=x.x.x.x" to set the virtual IP. 
 +  ??? Help! Does vsftpd support virtual users?
 !!! Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This has the effect of mapping every non-anonymous successful login to the local username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb module to provide authentication against an external (i.e. non-/etc/passwd) repository of users. !!! Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This has the effect of mapping every non-anonymous successful login to the local username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb module to provide authentication against an external (i.e. non-/etc/passwd) repository of users.
-Note - currently there is a restriction that with guest_enable enabled, local users also get mapped to guest_username. There is an example of virtual users setup in the "EXAMPLE" directory.  ;?? Vsftpd prend-il en charge différents paramètres pour différents utilisateurs ? +Note - currently there is a restriction that with guest_enable enabled, local users also get mapped to guest_username. There is an example of virtual users setup in the "EXAMPLE" directory. 
-!!! Oui - d'une manière très puissante. Regardez le paramètre "user_config_dir" dans la page de manuel.  ;?? Help! Can I restrict vsftpd data connections to a specific range of ports? +  ??? Vsftpd prend-il en charge différents paramètres pour différents utilisateurs ? 
-!!! Yes. See the config settings "pasv_min_port" and "pasv_max_port".  ;?? Je reçois le message "OOPS: chdir"+!!! Oui - d'une manière très puissante. Regardez le paramètre "user_config_dir" dans la page de manuel. 
-!!! S'il s'agit d'une connexion anonyme, vérifiez que le répertoire personnel de l'utilisateur "ftp" est correct. Si vous utilisez le paramètre de configuration "anon_root", vérifiez qu'il est également correct.  ;?? Help! vsftpd is reporting times as GMT times and not local times! +  ??? Help! Can I restrict vsftpd data connections to a specific range of ports? 
-!!! This behaviour can be changed with the setting "use_localtime=YES".  ;?? Help! Can I disable certain FTP commands? +!!! Yes. See the config settings "pasv_min_port" and "pasv_max_port". 
-!!! Yes. There are some individual settings (e.g. dirlist_enable) or you can specify a complete set of allowed commands with "cmds_allowed".  ;?? Help! Can I change the port that vsftpd runs on?+  ??? Je reçois le message "OOPS: chdir"
 +!!! S'il s'agit d'une connexion anonyme, vérifiez que le répertoire personnel de l'utilisateur "ftp" est correct. Si vous utilisez le paramètre de configuration "anon_root", vérifiez qu'il est également correct. 
 +  ??? Help! vsftpd is reporting times as GMT times and not local times! 
 +!!! This behaviour can be changed with the setting "use_localtime=YES". 
 +  ??? Help! Can I disable certain FTP commands? 
 +!!! Yes. There are some individual settings (e.g. dirlist_enable) or you can specify a complete set of allowed commands with "cmds_allowed". 
 +  ??? Help! Can I change the port that vsftpd runs on?
 !!! Yes. If you are running vsftpd in standalone mode, use the "listen_port" directive in vsftpd.conf. !!! Yes. If you are running vsftpd in standalone mode, use the "listen_port" directive in vsftpd.conf.
-!!! Yes. If you are running vsftpd from an inetd or xinetd program, this becomes an inetd or xinetd problem. You must change the inetd or xinetd configuration files (perhaps /etc/inetd.conf or /etc/xinetd.d/vsftpd)  ;?? Help! Will vsftpd authenticate against an LDAP server? What about a MySQL server? +!!! Yes. If you are running vsftpd from an inetd or xinetd program, this becomes an inetd or xinetd problem. You must change the inetd or xinetd configuration files (perhaps /etc/inetd.conf or /etc/xinetd.d/vsftpd) 
-!!! Yes. vsftpd uses PAM for authentication, so you need to configure PAM to use pam_ldap or pam_mysql modules. This may involve installing the PAM modules and then editing the PAM config file (perhaps /etc/pam.d/vsftpd).  ;?? Help! Does vsftpd support per-IP limits?+  ??? Help! Will vsftpd authenticate against an LDAP server? What about a MySQL server? 
 +!!! Yes. vsftpd uses PAM for authentication, so you need to configure PAM to use pam_ldap or pam_mysql modules. This may involve installing the PAM modules and then editing the PAM config file (perhaps /etc/pam.d/vsftpd). 
 +  ??? Help! Does vsftpd support per-IP limits?
 !!! Yes. If you are running vsftpd standalone, there is a "max_per_ip" setting. !!! Yes. If you are running vsftpd standalone, there is a "max_per_ip" setting.
-!!! Yes. If you are running vsftpd via xinetd, there is an xinetd config variable "per_source".  ;?? Help! Does vsftpd support bandwidth limiting? +!!! Yes. If you are running vsftpd via xinetd, there is an xinetd config variable "per_source". 
-!!! Yes. See vsftpd.conf.5 man page and investigate settings such as "anon_max_rate" and "local_max_rate".  ;?? Help! Does vsftpd support IP-based access control?+  ??? Help! Does vsftpd support bandwidth limiting? 
 +!!! Yes. See vsftpd.conf.5 man page and investigate settings such as "anon_max_rate" and "local_max_rate". 
 +  ??? Help! Does vsftpd support IP-based access control?
 !!! Yes. vsftpd can integrate with tcp_wrappers (if built with this support). It is enabled with the setting "tcp_wrappers=YES". !!! Yes. vsftpd can integrate with tcp_wrappers (if built with this support). It is enabled with the setting "tcp_wrappers=YES".
-!!! Yes. vsftpd can be run from xinetd, which supports tcp_wrappers integration.  ;?? Help! Does vsftpd support IPv6? +!!! Yes. vsftpd can be run from xinetd, which supports tcp_wrappers integration. 
-!!! Yes, as of version 1.2.0. Read the vsftpd.conf.5 man page.  ;?? Help! vsftpd doesn't build, it fails with an error about being unable to find -+  ??? Help! Does vsftpd support IPv6? 
 +!!! Yes, as of version 1.2.0. Read the vsftpd.conf.5 man page. 
 +  ??? Help! vsftpd doesn't build, it fails with an error about being unable to find -
 !!! Install the libcap package and retry the build. Seems to affect Debian users a lot. !!! Install the libcap package and retry the build. Seems to affect Debian users a lot.
-!!! Install the libcap-devel. This certainly affects Fedora.  ;?? Help! I've put settings in /etc/vsftpd.conf, but they are not taking effect! +!!! Install the libcap-devel. This certainly affects Fedora. 
-!!! This is affecting some RedHat users - some RedHat versions put the config file in /etc/vsftpd/vsftpd.conf.  ;?? Help! vsftpd doesn't build, it complains about problems with incomplete types in sysutil.c. +  ??? Help! I've put settings in /etc/vsftpd.conf, but they are not taking effect! 
-!!! Your system probably doesn't have IPv6 support. Either use a more modern system, use an older vsftpd (e.g. v1.1.3), or wait for a version of vsftpd without this problem!  ;?? Help! I'm getting messages along the lines of 500 OOPS: vsf_sysutil_bind when trying to do downloads (particularly lots of small files). +!!! This is affecting some RedHat users - some RedHat versions put the config file in /etc/vsftpd/vsftpd.conf. 
-!!! vsftpd-1.2.1 should sort this out.  ;?? Help! Does vsftpd support hiding or denying certain files? +  ??? Help! vsftpd doesn't build, it complains about problems with incomplete types in sysutil.c. 
-!!! Yes. Look at the hide_file and deny_file options in the manual page.  ;?? Help! Does vsftpd support FXP? +!!! Your system probably doesn't have IPv6 support. Either use a more modern system, use an older vsftpd (e.g. v1.1.3), or wait for a version of vsftpd without this problem! 
-!!! Yes. An FTP server does not have to do anything special to support FXP. However, you many get tripped up by vsftpd's security precautions on IP addresses. In order to relax these precautions, have a look in the vsftpd.conf.5 for pasv_promiscuous (and the less advisable port_promiscuous).  ;?? Help! I'm getting the error "426 Failure writing network stream." on downloads. +  ??? Help! I'm getting messages along the lines of 500 OOPS: vsf_sysutil_bind when trying to do downloads (particularly lots of small files). 
-!!! You shouldn't see this with v1.2.1 or newer versions of vsftpd. Older versions of vsftpd can give this error if the user tries to download something from an unusual filesystem (e.g. FAT), which don't support performance features used by vsftpd. With vsftpd-1.1.3 and newer there is a config workaround, use_sendfile=NO.  ;?? Help! I'm using the pam_userdb login module and the login hangs. +!!! vsftpd-1.2.1 should sort this out. 
-!!! This could be a bad interaction with glibc version 2.3 and PAM. A Debian user reported this. The initial report is here: http://lists.debian.org/debian-glibc/2003/debian-glibc-200309/msg00310.html  ;?? Help! Does vsftpd support large files (>2Gb?). +  ??? Help! Does vsftpd support hiding or denying certain files? 
-!!! Yes, it does.  ;?? Help! Well, large file support doesn't seem to be working, then!+!!! Yes. Look at the hide_file and deny_file options in the manual page. 
 +  ??? Help! Does vsftpd support FXP? 
 +!!! Yes. An FTP server does not have to do anything special to support FXP. However, you many get tripped up by vsftpd's security precautions on IP addresses. In order to relax these precautions, have a look in the vsftpd.conf.5 for pasv_promiscuous (and the less advisable port_promiscuous). 
 +  ??? Help! I'm getting the error "426 Failure writing network stream." on downloads. 
 +!!! You shouldn't see this with v1.2.1 or newer versions of vsftpd. Older versions of vsftpd can give this error if the user tries to download something from an unusual filesystem (e.g. FAT), which don't support performance features used by vsftpd. With vsftpd-1.1.3 and newer there is a config workaround, use_sendfile=NO. 
 +  ??? Help! I'm using the pam_userdb login module and the login hangs. 
 +!!! This could be a bad interaction with glibc version 2.3 and PAM. A Debian user reported this. The initial report is here: http://lists.debian.org/debian-glibc/2003/debian-glibc-200309/msg00310.html 
 +  ??? Help! Does vsftpd support large files (>2Gb?). 
 +!!! Yes, it does. 
 +  ??? Help! Well, large file support doesn't seem to be working, then!
 !!! Large file support first appeared in v1.1.0. !!! Large file support first appeared in v1.1.0.
 !!! Solaris large file support wasn't fixed until v1.2.2. !!! Solaris large file support wasn't fixed until v1.2.2.
 !!! FreeBSD large file support wasn't fixed until v1.2.2. !!! FreeBSD large file support wasn't fixed until v1.2.2.
 !!! The early Linux 2.6 kernels had a bug in this area - use v2.6.6 or newer. !!! The early Linux 2.6 kernels had a bug in this area - use v2.6.6 or newer.
-!!! Are you sure your FTP _client_ correctly supports large files?  ;?? Help! The built-in vsftpd listener is hanging or crashing! +!!! Are you sure your FTP _client_ correctly supports large files? 
-!!! A bug in this area is fixed in vsftpd v1.2.2. The problem has always existed but seems to frequently trigger only on certain platforms. For example, Fedora Core 1 - the suspected trigger is a glibc-2.3 platform, possibly in combination with a NPTL-enabled kernel.  ;?? Help! I'm using Solaris / Veritas and vsftpd is hanging! +  ??? Help! The built-in vsftpd listener is hanging or crashing! 
-!!! Suspected bug with the Solaris / Veritas combination. With vsftpd-1.2.3 there is a possible workaround: no_log_lock=YES in your vsftpd.conf.5.  ;?? Does vsftpd support SSL / TLS based encryption? +!!! A bug in this area is fixed in vsftpd v1.2.2. The problem has always existed but seems to frequently trigger only on certain platforms. For example, Fedora Core 1 - the suspected trigger is a glibc-2.3 platform, possibly in combination with a NPTL-enabled kernel. 
-!!! Yes, as of v2.0.0, this is supported for the control and data connections (hurrah). You need a build of vsftpd with this support enabled, and then you need to activate the ssl_enable setting. NOTE there are security considerations with this support. Please make sure to read the ssl_enable section in the vsftpd.conf.5 man page thoroughly before using.  ;?? Help! I'm using FlashFXP and getting truncated files on download. +  ??? Help! I'm using Solaris / Veritas and vsftpd is hanging! 
-!!! FlashFXP is buggy - particularly with SSL transfers. Upgrade to v3.0RC4 or newer, which is reported to be fixed.  ;?? Help! I'm trying to build vsftpd, and I get an error along the lines of "krb5.h: no such file or directory"+!!! Suspected bug with the Solaris / Veritas combination. With vsftpd-1.2.3 there is a possible workaround: no_log_lock=YES in your vsftpd.conf.5. 
-!!! Yes, seems to be a problem with some RedHat setups. See http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111301 for details and suggested workarounds.  ;?? Help! I'm getting the error "OOPS: capset" when I try to connect to vsftpd. +  ??? Does vsftpd support SSL / TLS based encryption? 
-!!! This is an issue with SELinux enabled distributions. The solution is to make sure the capability kernel module is loaded.  ;?? Help! I'm getting the error "ftp: netin: Interrupted system call"+!!! Yes, as of v2.0.0, this is supported for the control and data connections (hurrah). You need a build of vsftpd with this support enabled, and then you need to activate the ssl_enable setting. NOTE there are security considerations with this support. Please make sure to read the ssl_enable section in the vsftpd.conf.5 man page thoroughly before using. 
-!!! Seems to be a bug in ftp-tls, particularly with SSL transfers with bandwidth limiting in effect.  ;?? Help! When trying SSL transfers, users log in and are no longer restricted to their home directory! They can browse the entire filesystem!+  ??? Help! I'm using FlashFXP and getting truncated files on download. 
 +!!! FlashFXP is buggy - particularly with SSL transfers. Upgrade to v3.0RC4 or newer, which is reported to be fixed. 
 +  ??? Help! I'm trying to build vsftpd, and I get an error along the lines of "krb5.h: no such file or directory"
 +!!! Yes, seems to be a problem with some RedHat setups. See http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111301 for details and suggested workarounds. 
 +  ??? Help! I'm getting the error "OOPS: capset" when I try to connect to vsftpd. 
 +!!! This is an issue with SELinux enabled distributions. The solution is to make sure the capability kernel module is loaded. 
 +  ??? Help! I'm getting the error "ftp: netin: Interrupted system call"
 +!!! Seems to be a bug in ftp-tls, particularly with SSL transfers with bandwidth limiting in effect. 
 +  ??? Help! When trying SSL transfers, users log in and are no longer restricted to their home directory! They can browse the entire filesystem!
 !!! Most likely, your FTP client is in fact using the SSH protocol rather than the FTP protocol - so sshd is in control and not vsftpd! !!! Most likely, your FTP client is in fact using the SSH protocol rather than the FTP protocol - so sshd is in control and not vsftpd!
-!!! Of course, make sure you turn on the chroot_local_user option!!  ;?? Help! I'm getting connections dropped whilst using gFTP for an SSL  +!!! Of course, make sure you turn on the chroot_local_user option!! 
-!!! The version of gFTP on my Fedora Core 10 installation appears to send the "SIZE" command plain text during an SSL connection, which obviously breaks the SSL connection.  ;?? Help! SSL data connections are not working. +  ??? Help! I'm getting connections dropped whilst using gFTP for an SSL  
-!!! As of v2.1.0, vsftpd only accepts data connections that are reused sessions of the control connection. This is a security measure. Unfortunately, not all FTP clients reuse sessions (e.g. curl). You can disable this requirement by changing require_ssl_reuse to NO.  ;?? Help! My LDAP / mysql / etc. authentication and / or username lookup are failing!+!!! The version of gFTP on my Fedora Core 10 installation appears to send the "SIZE" command plain text during an SSL connection, which obviously breaks the SSL connection. 
 +  ??? Help! SSL data connections are not working. 
 +!!! As of v2.1.0, vsftpd only accepts data connections that are reused sessions of the control connection. This is a security measure. Unfortunately, not all FTP clients reuse sessions (e.g. curl). You can disable this requirement by changing require_ssl_reuse to NO. 
 +  ??? Help! My LDAP / mysql / etc. authentication and / or username lookup are failing!
 !!! As of v2.2.0, the built-in sandboxing uses network isolation on Linux. This may be interfering with any module that needs to use the network to perform operations or lookups. Try changing isolate_network to NO. !!! As of v2.2.0, the built-in sandboxing uses network isolation on Linux. This may be interfering with any module that needs to use the network to perform operations or lookups. Try changing isolate_network to NO.