Initial add from Dockers repo

Dockerfile

@@ -0,0 +1,24 @@
+FROM debian:jessie
+
+RUN groupadd -g 48 ftp && \
+    useradd --no-create-home --home-dir /srv -s /bin/false --uid 48 --gid 48 -c 'ftp daemon' ftp
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends vsftpd db5.3-util whois \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /var/run/vsftpd/empty /etc/vsftpd/user_conf /var/ftp /srv && \
+    touch /var/log/vsftpd.log && \
+    rm -rf /srv/ftp
+
+COPY vsftpd*.conf /etc/
+COPY vsftpd_virtual /etc/pam.d/
+COPY *.sh /
+
+VOLUME ["/etc/vsftpd", "/srv"]
+
+EXPOSE 21 4559 4560 4561 4562 4563 4564
+
+ENTRYPOINT ["/entry.sh"]
+CMD ["vsftpd"]

Makefile

@@ -0,0 +1,22 @@
+docker_tag 	= panubo/vsftpd
+
+UNAME_S        := $(shell uname -s)
+ifeq ($(UNAME_S),Linux)
+    APP_HOST   := localhost
+endif
+ifeq ($(UNAME_S),Darwin)
+    APP_HOST   := $(shell docker-machine ip default)
+endif
+
+build:
+	docker build -t $(docker_tag) .
+
+bash:
+	docker run --rm -it $(docker_tag) bash
+
+run:
+	$(eval ID := $(shell docker run -d ${docker_tag}))
+	$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
+	@echo "Running ${ID} @ ftp://${IP}"
+	@docker attach ${ID}
+	@docker kill ${ID}

README.md

@@ -0,0 +1,42 @@
+# VSFTPD Docker Image
+
+This is a micro-service image for VSFTPD.
+
+There are a few limitations but it will work if you are using host networking
+`--net host` or have a direct/routed network between the Docker container and
+the client.
+
+## Virtual User
+
+The FTP user has been set to uid 48 and gid 48.
+
+## Options
+
+The following environment variables are accepted.
+
+- `FTP_USER`: Sets the default FTP user 
+
+- `FTP_PASSWORD`: Plain text password, or
+
+- `FTP_PASSWORD_HASH`: Sets the password for the user specified above. This
+requires a hashed password such as the ones created with `mkpasswd -m sha-512`
+which is in the _whois_ debian package.
+
+## Usage Example
+
+```
+docker run --rm -it -p 21:21 -p 4559:4559 -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 -p 4564:4564 -e FTP_USER=panubo -e FTP_PASSWORD=panubo panubo/vsftpd
+```
+
+## SSL Usage
+
+SSL can be configured (non-SSL by default). Firstly the SSL certificate and key
+need to be added to the image, either using volumes or baking it into an image.
+Then specify the `vsftpd_ssl.conf` config file as the config vsftpd should use.
+
+This example assumes the ssl cert and key are in the same file and are mounted
+into the container read-only.
+
+```
+docker run --rm -it -e FTP_USER=panubo -e FTP_PASSWORD_HASH='$6$XWpu...DwK1' -v `pwd`/server.pem:/etc/ssl/certs/vsftpd.crt:ro -v `pwd`/server.pem:/etc/ssl/private/vsftpd.key:ro panubo/vsftpd vsftpd /etc/vsftpd_ssl.conf
+```

add-virtual-user.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -e
+
+[ "$DEBUG" == 'true' ] && set -x
+
+DB=/etc/vsftpd/virtual-users.db
+
+if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then
+    echo "Usage: $0 [-d] <user> <password>" >&2
+    echo >&2
+    echo "[ -d ] Delete the database first" >&2
+    exit 1
+fi
+
+if [ "$1" == "-d" ]; then
+    if [ -f $DB ]; then
+        rm $DB
+    fi
+    shift
+fi
+
+echo -e "$1\n$2" | db5.3_load -T -t hash $DB

entry.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -e
+
+[ "$DEBUG" == 'true' ] && set -x
+
+# Generate password if hash not set
+if [ ! -z "$FTP_PASSWORD" -a -z "$FTP_PASSWORD_HASH" ]; then
+  FTP_PASSWORD_HASH=$(echo "$FTP_PASSWORD" | mkpasswd -s -m sha-512)
+fi
+
+if [ ! -z "$FTP_USER" -a ! -z "$FTP_PASSWORD_HASH" ]; then
+    /add-virtual-user.sh -d "$FTP_USER" "$FTP_PASSWORD_HASH"
+fi
+
+function vsftpd_stop {
+  echo "Received SIGINT or SIGTERM. Shutting down vsftpd"
+  # Get PID
+  pid=$(cat /var/run/vsftpd/vsftpd.pid)
+  # Set TERM
+  kill -SIGTERM "${pid}"
+  # Wait for exit
+  wait "${pid}"
+  # All done.
+  echo "Done"
+}
+
+if [ "$1" == "vsftpd" ]; then
+  trap vsftpd_stop SIGINT SIGTERM
+  echo "Running $@"
+  $@ &
+  pid="$!"
+  echo "${pid}" > /var/run/vsftpd/vsftpd.pid
+  wait "${pid}" && exit $?
+else
+  exec "$@"
+fi

vsftpd.conf

@@ -0,0 +1,37 @@
+# Server Config
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+dirmessage_enable=YES
+
+# Security and User auth
+chroot_local_user=YES
+pam_service_name=vsftpd_virtual
+virtual_use_local_privs=YES
+chmod_enable=NO
+user_config_dir=/etc/vsftpd/user_conf
+user_sub_token=$USER
+#local_root=/srv/$USER
+local_root=/srv/
+userlist_enable=NO
+
+# Logging
+log_ftp_protocol=YES
+xferlog_enable=YES
+xferlog_std_format=YES
+#xferlog_file=/dev/stdout
+syslog_enable=NO
+dual_log_enable=YES
+
+# Remap all login users to this username
+guest_enable=YES
+guest_username=ftp
+hide_ids=YES
+
+# Networking
+connect_from_port_20=YES
+listen=YES
+tcp_wrappers=YES
+pasv_min_port=4559
+pasv_max_port=4564

vsftpd_ssl.conf

@@ -0,0 +1,46 @@
+# Server Config
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+dirmessage_enable=YES
+
+# Security and User auth
+chroot_local_user=YES
+pam_service_name=vsftpd_virtual
+virtual_use_local_privs=YES
+chmod_enable=NO
+user_config_dir=/etc/vsftpd/user_conf
+user_sub_token=$USER
+#local_root=/srv/$USER
+local_root=/srv/
+userlist_enable=NO
+
+# Logging
+log_ftp_protocol=YES
+xferlog_enable=YES
+xferlog_std_format=YES
+#xferlog_file=/dev/stdout
+syslog_enable=NO
+dual_log_enable=YES
+
+# Remap all login users to this username
+guest_enable=YES
+guest_username=ftp
+hide_ids=YES
+
+# Networking
+connect_from_port_20=YES
+listen=YES
+tcp_wrappers=YES
+pasv_min_port=4559
+pasv_max_port=4564
+
+# SSL
+ssl_enable=Yes
+rsa_cert_file=/etc/ssl/certs/vsftpd.crt
+rsa_private_key_file=/etc/ssl/private/vsftpd.key
+require_ssl_reuse=NO
+force_local_data_ssl=YES
+force_local_logins_ssl=YES
+ssl_ciphers=HIGH

vsftpd_virtual

@@ -0,0 +1,3 @@
+auth     required 	pam_userdb.so    db=/etc/vsftpd/virtual-users crypt=crypt
+account  required 	pam_userdb.so    db=/etc/vsftpd/virtual-users crypt=crypt
+session  required 	pam_loginuid.so