Hi, I am trying to start the container on RHEL7 using the default

docker run -d \
    -p 21:21 \
    -p 21000-21010:21000-21010 \
    -e USERS="one|1234" \
    -e ADDRESS=ftp.site.domain \
    delfer/alpine-ftp-server

But the container exits instantly and outputs:

Changing password for one
New password:
Bad password: too short
Retype password:
passwd: password for one changed by root
seems like pidfd_open syscall does not work, falling back to polling
failed to watch for direct child exit (pidfd_open error): Operation not permitted
process has died, quitting

I also tried the same on a Windows machine and it works there just fine. Maybe someone has come across this before or have an idea why this might be happening?

Hi,
I am getting the following logs and the container is not starting

Changing password for one
New password:
Bad password: too short
Retype password:
passwd: password for one changed by root

Thanks

i see
VOLUME /ftp/ftp
in dockerfile, is it required??

It would be nice to have tags for versions, so that we can reference them, keeping the setup reproduceable.

Somehow passive port is not listening inside the docker.

I looked through the .conf file and cannot see where there or the docker ENV supports mapping a volume on the server to the container as a mount point?

How do I specify the root mount point for users?

Is this correct? (using '/ftp/') instead of using just 'ftp'
#Remove all ftp users
grep '/ftp/' /etc/passwd | cut -d':' -f1 | xargs -n1 deluser

returns error and container stops
if you just replace '/ftp/' by 'ftp' works and delete "ftp" user
but triggers error...
deluser: can't find ftp in /etc/group
deluser: 'vsftp' still has 'ftp' as their primary group!

Hi.
As an effect of adding them in the start_vsftpd.sh script, passwords from users defined in the USERS var get reset when stopping then restarting the container.
It could be avoided by checking if the user is already there before adding it.
I will fix it and try and submit a PR as soon as I find the time.

Hi,

We are running docker image on either firewall side to perform FXP transfer. We also use "normal" FTP transfer client -> server through the same firewall. To achieve those tasks, we are using Python (3.X) ftplib, and so returned error is ftplib.error_perm('500 OOPS: failed to open vsftpd log file:/proc/1/fd/1').

Before enabling FXP, everything worked fine, but after FXP enabled, sometimes, and randomly, this error about vsftpd_log_file occurs.
To perform FXP, pasv_promiscuous=YES has been added to vsftpd.conf on one firewall side, and port_promiscuous=YES has been added to vsftpd.conf to the other firewall side. Everything is ok on our sandbox, but not in prod environment.

Do you have any idea?

Thanks for your help!

--

EDIT:
After a big multiple files transfer session:

• ftplib.error_perm('500 OOPS: failed to open vsftpd log file:/proc/1/fd/1') occurs on "normal" FTP transfer : client -> serveur through firewall.
• While we face of ftplib.error_proto on FXP transfer.

I confirm that both errors randomly occur.
Both of them seem to occur on FTP connection step, as you can see on following errors details:

ftplib.error_perm details: (FTP transfer client -> serveur)

  File "/opt/director/workflows/drivers/ftp.py", line 25, in ftp_upload
    with FTP(host, user, password) as ftp, open(src, "rb") as file:
         ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ftplib.py", line 121, in __init__
    self.connect(host)
  File "/usr/local/lib/python3.11/ftplib.py", line 162, in connect
    self.welcome = self.getresp()
                   ^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ftplib.py", line 254, in getresp
    raise error_perm(resp)
ftplib.error_perm: 500 OOPS: failed to open vsftpd log file:/proc/1/fd/1

ftplib.error_proto details: (FXP transfer)

  File "/opt/director/workflows/tasks/fxp_transfer_t1_t2.py", line 46, in fxp_transfer_t1_t2
    with FXP(src_host, src_username, src_password, dst_host, dst_username, dst_password) as fxp:
  File "/opt/director/workflows/drivers/fxp.py", line 30, in __enter__
    print(f"FTP src login: {self.src_ftp.login(self.src_username, self.src_password)}")
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ftplib.py", line 412, in login
    resp = self.sendcmd('USER ' + user)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ftplib.py", line 281, in sendcmd
    return self.getresp()
           ^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ftplib.py", line 255, in getresp
    raise error_proto(resp)
ftplib.error_proto

My docker-compose.yml file

version: "3.7"
services:
  ftp:
    image: delfer/alpine-ftp-server:latest
    container_name: ftp
    env_file:
      - ~/docker/ftp.env
    volumes:
      - ftp-alpine:/home
    ports:
      - "21:21"
      - "21000-21010:21000-21010"
    networks:
      - hub
    restart: unless-stopped

volumes:
  ftp-alpine:
    driver_opts:
      type: none
      device: /home/server/docker/ftp
      o: bind
    name: ftp-alpine

networks:
  hub:
    driver: bridge

Environment file:

TLS_CERT="~/docker/ftp.crt"
TLS_KEY="~/docker/ftp.key"
USERS="client|mypassword|/home/client"

Error:

Attaching to ftp
ftp    | adduser: illegal character with code 34 at position 0
ftp    | chown: unknown user/group "client:"client

[client]

[server.console]

On the Ubuntu I've installed as Virtual Machine as soon as I login and I run ls i get this error:

500 Bad EPRT protocol.
ftp: bind: Address already in use

When I try to activate passive mode with pass and next i run ls I get this error:

522 Bad network protocol.
Passive mode refused.

The OS Linux Alpine version 3.15.10 has been End-of-Life since 2023-11-01.
Please change base image in Dockerfile
ARG BASE_IMG=alpine:3.16.9

How can i set read-only permission to volume specified in docker file?
i don't understand how to set it in ENVIRONMENT line:
USERS=one|1234|/ftp/one| two|1234|/ftp/two

If you act according to the documentation, the certificate files remain outside the container.

After last merge #22 I started getting error 553 when writing into the server:

Environment Variables: USERS=test|Abc123|/test/cf

Trying to write to /test/cf/file.zip

Error:
java.io.IOException: Failed to write to '/test/cf/file.zip'. Server replied with: 553 Could not create file.

I was also looking for the image with the previous version in Docker Hub and couldn't find it, only "latest" is available. Would it be possible to tag the versions as well?

Thank you

I set the UID to 82 in USERS variable, but the container outputs adduser: uid '82' in use and the user was not created.
I have set UID=82 in other containers(Nginx, PHP), so I prefer 82 to sharing the file permissions.

How can I know the UID 82 was taken by which user?
grep '82' /etc/passwd returns nothing.

If I do the following steps in the container, everything worked as except whthout any errors or warnings.

1. add user without define the UID
2. add shadow package
3. change the UID to 82 by usermod command

I am looking at a quite strange issue.

I am running with the default config (PASV ports 21000-21010). My firewall configuration matches docker and daemon configuration.

Passive mode is not working; connections are timing out.
I realized that the passive ports communicated by the control connection do not match the daemon configuration:

227 Entering Passive Mode (<my,public,ip,address>,141,112).
ftp: connect: Connection timed out

n.b. the port is broken up in two 8 bit integers, so the above means port 36208
(141 * 256 + 112 = 36208)

Funny thing is the daemon configuration looks OK; the server actually starts listening to a port in the correct range:

/ # netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 172.17.0.2:21006        0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     

This is happening on different clients.

Only thing I can think of is a bug in the software...

/ # vsftpd -v
vsftpd: version 3.0.3

I noticed that when I connect to the ftp-server I am able to go to the parent directory and even to other directories in the root.
How can I prevent the ftp user to go other directories?

Hi,
Can you configure and release a Multi-architecture build? I would like to use this image on my raspberry pi.
To do that, you can automate everything using the GitHub actions and a plugin that I did:
https://github.com/ilteoood/docker_buildx

Thank you so much,
Matteo

docker run -d
-p 21:21
-p 21000-21010:21000-21010
--name=FTP-Server
-e one|password1|one|1001] two|password2|two|1002
-e ADDRESS=ftp.site.domain
delfer/alpine-ftp-server

This format below is not working for me or I'm doing something wrong
name1|password1|[folder1][|uid1] name2|password2|[folder2][|uid2]

My goal is too add multiple users when deploying from command line.
If anyone can point me in the correct way please do.

When Docker tries to terminate my services, docker-alpine-ftp-server doesn't die when first asked to terminate, it only stops after Docker sends it a kill signal. One simple workaround is to add this line to the Dockerfile:

STOPSIGNAL SIGKILL

I cant connect to the server when I have certs in the start command.

-e TLS_CERT="/storage/ssl/xxx.de.crt" -e TLS_KEY="/storage/ssl/xxx.de.key"

docker run -d --name vsftpd -p 21:21 -p 21000-21010:21000-21010 -e USERS="user|!password" -e ADDRESS=subdomain.xxx.de -e TLS_CERT="/storage/ssl/subdomain.xxx..de.crt" -e TLS_KEY="/storage/ssl/subdomain.xxx.de.key" -v "/var/media/fooBar/ftp:/ftp" user/branch-arm:vsftpd

docker logs -f vsftpd
Changing password for user
New password:
Retype password:
passwd: password for user changed by root

seems normal, but no connection.

when I use the same command without ssl, I can connect

I had to add this to /etc/vsftpd/vsftpd.conf
pasv_addr_resolve=YES

in order to avoid the "invalid pasv_address" disconnection when using filezilla

Set -ossl_tlsv1=YES to -ossl_tlsv1=NO for security reasons.

0ec2032a4227 2023-03-15T10:05:40.417054Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
0ec2032a4227 2023-03-15T10:05:40.417055Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.

failed

alpine-ftp-server:
  image: delfer/alpine-ftp-server
  environment:
    - USERS="one|1234"

success

alpine-ftp-server:
  image: delfer/alpine-ftp-server
  environment:
    USERS: "one|1234"

Connected to localhost.
220 Welcome Alpine ftp server https://hub.docker.com/r/delfer/alpine-ftp-server/
Name (localhost:root): user
331 Please specify the password.
Password:
230 Login successful.
ftp> ls
229 Entering Extended Passive Mode (|||40000|)
425 Security: Bad IP connecting.

what is the cause?

I noticed, that when using the default configuration, the NLST command does not return filenames starting with a dot character. It is as such not possible to delete directories which have dot files inside. IMHO NLST should in a default configuration return all filenames.

how can i do for change or add the username and password?

Just chased an unusual problem where Port 21 was not forwarding to the host, but accessing the docker 172.x.x.x image directly would answer back.

Turns out, the reason is I was using docker-compose and "When mapping ports in the HOST:CONTAINER format, you may experience erroneous results when using a container port lower than 60, because YAML parses numbers in the format xx:yy as a base-60 value. For this reason, we recommend always explicitly specifying your port mappings as strings."

While not a specific problem with this image, it may be wise to add a note or to show the port mapping in quotes in the example.

I'm using it in docker-compose.yml as follows:

    ftp:
        image: 'delfer/alpine-ftp-server'
        volumes:
            - ./ftp_dir:/home/ftp_user/dir
        ports:
            - '21:21'
            - '21000-21010:21000-21010'
        environment:
            - USERS=ftp_user|ftp_user|/home/ftp_user/dir
            - ADDRESS=localhost

After first run docker-compose up it's OK, but the second run always complains about user already existing, and container dies.
This should check if the user ftp_user already exists if container is not destroyed.

ftp_1: adduser: user 'ftp_user' in use
.....
project_ftp_1 exited with code 0

Hi, i use this server in testcontainer and everythig works good when it on my local pc , but if i run build on gitlab test fails with this logs

i tried to add this evn pasv_promiscuous=yes to code, but it does not help

ftp = new FixedHostPortGenericContainer<>(
"delfer/alpine-ftp-server:latest")
.withExposedPorts(PORT)
.withFixedExposedPort(freePort, freePort)
.withEnv("USERS", USER + "|" + PASSWORD)
.withEnv("MIN_PORT", String.valueOf(freePort))
.withEnv("MAX_PORT", String.valueOf(freePort))
.withEnv("CONF_SET_PARMS","pasv_promiscuous=yes");

Hello,

I have tried to use your image with docker-compose

version: '3'
services:
  sftp:
    image: delfer/alpine-ftp-server
    environment:
      - USERS="usertest|password0123456789"
    volumes:
      - ./www:/var/www:delegated
    ports:
      - "21:21"
      - "21000-21010:21000-21010"

But i have this error during up, Get env USERS not working "illegal character with code 34 at position 0"

$ docker-compose up
Recreating sftp_sftp_1 ... done
Attaching to sftp_sftp_1
sftp_1  | BusyBox v1.30.1 (2019-10-26 11:23:07 UTC) multi-call binary.
sftp_1  |
sftp_1  | Usage: deluser [--remove-home] USER
sftp_1  |
sftp_1  | Delete USER from the system
sftp_1  | adduser: illegal character with code 34 at position 0
sftp_1  | chown: unknown user/group "usertest:"usertest

I have tried without environment: - USERS="usertest|password0123456789"
But the defaut user ftp, not working alose.

I dont know with user are not created with docker-compose.

Do anybody know to set the timezone for the ftp server? I have a time shift with all my clients of 1 hour. I think the server uses UTC.
I’d tried with TZ=Europe/Berlin, but not working. Thank you

Is it possible to set/modify the group-id of the Users? Would be nice to be able set this with env variable. And maybe also the default permission of created files.

I have the problem, that the docker container sometimes! exits right after startup with exit code 0 showing only ftp-server_1 | process has died, quitting in the output but nothing else, no error message or anything. Restarting the container sometimes fixes the problem, very weird. Here is the configuration using docker-compose

ftp-server:
  environment:
    - USERS=user|pass|/home/user|${uid}
    - ADDRESS=localhost
  image: delfer/alpine-ftp-server
  ports:
    - '21:21/tcp'
    - '21000-21010:21000-21010/tcp'
  volumes:
    - './static_server/data:/home/user'

where ${uid} is an environment variable.

hello, i found error

Timeout detected. (data connection)
Could not retrieve directory listing
Error listing directory '/home/myUser'.