panubo / docker-vsftpd Goto Github PK

View Code? Open in Web Editor NEW

47.0 5.0 37.0 18 KB

vsftpd Docker Image

Home Page: https://hub.docker.com/r/panubo/vsftpd/

License: MIT License

Makefile 37.09% Shell 46.42% Dockerfile 16.49%

docker-image ftp vsftpd

docker-vsftpd's Introduction

VSFTPD Docker Image

This is a micro-service image for VSFTPD.

There are a few limitations but it will work if you are using host networking --net host or have a direct/routed network between the Docker container and the client.

Virtual Users

This VSFTPD container uses virtual users. Each user that logs in will have the same system UID and GID. The real users has UID and GID of 48:48 by default, however using build-args this can be changed when building the container.

For example use --build-arg FTP_UID=1000 --build-arg FTP_GID=1000 to set the UID and GID to 1000:1000.

Options

The following environment variables are accepted.

FTP_USER: Sets the default FTP user
FTP_PASSWORD: Plain text password (not recommended), or
FTP_PASSWORD_HASH: Sets the password for the user specified by FTP_USER. This requires a hashed password such as the ones created with mkpasswd -m sha-512 which is in the whois debian package.
FTP_USER_*: Adds multiple users. Value must be in the form of username:hash. Should not be used in conjunction with FTP_USER and FTP_PASSWORD(_HASH).
FTP_USERS_ROOT: if set the vsftpd local_root will be set to /srv/$USER so each user is chrooted to their own directory instead of a shared one.
FTP_CHOWN_ROOT: if set chown will be run against /srv setting the FTP user and group as owner and group of the directory. Note: chown is run non-recursively ie. will only chown the root`
FTP_PASV_ADDRESS: override the IP address that vsftpd will advertise in response to the PASV command

Usage Example

docker run --rm -it -p 21:21 -p 4559-4564:4559-4564 -e FTP_USER=ftp -e FTP_PASSWORD=ftp docker.io/panubo/vsftpd:latest

SSL Usage

SSL can be configured (non-SSL by default). Firstly the SSL certificate and key need to be added to the image, either using volumes or baking it into an image. Then specify the vsftpd_ssl.conf config file as the config vsftpd should use.

This example assumes the ssl cert and key are in the same file and are mounted into the container read-only.

docker run --rm -it \
-e FTP_USER=panubo -e FTP_PASSWORD_HASH='$6$XWpu...DwK1' \
-v `pwd`/server.pem:/etc/ssl/certs/vsftpd.crt:ro \
-v `pwd`/server.pem:/etc/ssl/private/vsftpd.key:ro \
docker.io/panubo/vsftpd vsftpd /etc/vsftpd_ssl.conf

Security

Currently allow_writeable_chroot is turned ON, however this isn't recommended as a security precaution. We might look at making this configurable in the future. The main consequence of turning this off is that the local_root can not be writable by the FTP user.

See serverfault: vsftp: whu is allow_writable_chroot=YES a bad idea?

Logs

To get the FTP logs mount /var/log outside of the container. For example add -v /var/log/ftp:/var/log to your docker run ... command.

docker-vsftpd's People

Contributors

Stargazers

Watchers

docker-vsftpd's Issues

arm64 support

Hi,
Can you add linux/arm64 docker image?

Add id gid variable

Hello,

Can you add the following lines to the entry.sh file to be able to change the ID and GID of the ftp user?

groupmod -g ${FTP_GID} ftp
usermod -u ${FTP_UID} -g ${FTP_GID} ftp

With kind regards.

Julien.

Cant write on subdirectories

In need of a pre-created structure i.e:

/srv/downloads
/srv/uploads

I tried to generate a image:

FROM panubo/vsftpd

VOLUME /srv/downloads
VOLUME /srv/uploads

But on entry.sh the ownership is only aplied to srv, blocking access of ftp user on subdirectories.

time is missing

Ftp connect: time is missing

sftp connect: Time is present

How to set the default permissions 777 for uploaded files.

How on uploaded files via FTP are set to 644 permissions and user:group 48:48

FTP_USER_* not working because of unquoted Here String

In line 18 https://github.com/panubo/docker-vsftpd/blob/master/entry.sh#L18 ${!user} is unquoted.

IFS=: read name pass <<< ${!user}

I was unable to add multiple users until I changed it to

IFS=: read name pass <<< "${!user}"

Consider this simple demo

$ export FTP_USER_UNO='one:111'

$ export FTP_USER_DOS='two:222'

$ while read user; do
>     IFS=':' read name pass <<< ${!user}
>     echo "Adding user $name"
>     echo "($pass)"
> done < <(env | grep "FTP_USER_" | sed 's/^\(FTP_USER_[a-zA-Z0-9]*\)=.*/\1/')
Adding user two 222
()
Adding user one 111
()

$ while read user; do
>     IFS=':' read name pass <<< "${!user}"
>     echo "Adding user $name"
>     echo "($pass)"
> done < <(env | grep "FTP_USER_" | sed 's/^\(FTP_USER_[a-zA-Z0-9]*\)=.*/\1/')
Adding user two
(222)
Adding user one
(111)

Make virtual ftp user uid and gid configurable

Currently the virtual ftp user gid and uid is hard coded in the Dockerfile to 48:48.

This should be configurable so you can use what ever uid or gid you like (except maybe root 0:0).

I see two options

Make the uid and gid configurable via build args
Make the uid and gid configurable at run time by creating the ftp user in the entry.sh file

How configurate FTP_USER_* ?

Hi,
I have an error when use FTP_USER_*

enviroment:
  - FTP_USER_*="miuser:$5$qz.bnOSeN0vMmAHv$Byhznun5H4bHTGCoeYwQWFX6Lov6iYL3Ft26fkhLFaSYbTFFEfdgEH7NjA53MVhZlIzrtK8a66cX94ixyx683/"

ERROR: Invalid interpolation format for "environment" option in service "ftpd": "FTP_USER_*="miuser:$5$qz.bnOSeN0vMmAHv$Byhznun5H4bHTGCoeYwQWFX6Lov6iYL3Ft26fkhLFaSYbTFFEfdgEH7NjA53MVhZlIzrtK8a66cX94ixyx683/""

curl: (25) Failed FTP upload: 553

I'm running you container and try to send files using curl but it fails.

Running the container

export FTP_USER="test"
export FTP_PASSWORD="test"

docker run \
    --name mock_ftp_server \
    --publish 21:21 \
    --publish 4559-4564:4559-4564 \
    --env FTP_USER="$FTP_USER" \
    --env FTP_PASSWORD="$FTP_PASSWORD" \
    --detach \
  panubo/vsftpd

Sending file

$ curl --upload-file /tmp/mock.data-2017-03-28.tar.gz ftp://localhost --user $FTP_USER:$FTP_PASSWORD
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (25) Failed FTP upload: 553

Question

What's the matter here? Do I need to add something?

Default serving directory permissions prevent writing.

The default /src directory has the owner root with group root, and permisson 755, thus preventing vsftpd to write to the directory.
The issue could be resolved by the following solution: the directory should be owned by the user of the vsftpd, named 'ftp'.

What do you think, is there any problem with this solution?

multiple users

Can not understand how variables look to multiple users?
For one
-e FTP_USER=user1
-e FTP_PASSWORD=password1
-v '/backups:/srv/'

FTP_USER_* ?
FTP_USER_user1= ? what?