Build a vsftp server in ubuntu

Build a vsftp server in ubuntu. 1. install vsftpd www.2cto.com and enter sudo apt-get install vsftpd to create an ftp directory under/home, access to a blank ftp space. By default, anonymous users are not allowed to log on. 2. vsftpd is set. you 'd better back up this file before modifying the conf file: sudo cp/etc/vsftpd. conf/etc/vsftpd. conf. the old parameter indicates that Anonymous_enable = yes (anonymous login allowed) Dirmessage_enable = yes (the directory is displayed when the directory is switched. message content) Local_umask = 022 (local file permission on FTP, default: 077) Connect_form_port_20 = yes (enable data connection on FTP data port) * Xferlog_enable = yes (enable upload and download logs) Xferlog_std_format = yes (using the standard log format) Ftpd_banner = XXXXX (welcome information) Pam_service_name = vsftpd (Verification Method) * Listen = yes (independent VSF TPD server) * function: You can only connect to the FTP server, but cannot upload or download. Note: All accesses related to log welcome information are optional, all accounts with asterisks need to be added. This is the basic FTP option. Enable the anonymous FTP Server Upload permission: Anon_upload_enable = yes (the upload permission is enabled for anonymous accounts) anon_mkdir_write_enable = yes) anon_other_write_enable = yes (anonymous accounts can have the permission to delete) Anon_world_readable_only = no (enable the permission for downloading anonymous servers) configuration of FTP server connections (independent servers) for common users: local_enble = yes (the local account can log on) Write_enable = no (the local account does not have the permission to delete or modify files after login) function: you can log on with a local account The land vsftpd server has the permission to download and upload data. Note: After anonymous login information is prohibited, the anonymous server can log on to the server, but cannot upload or download data to other directories, you can only enter its home directory: Set all local users to execute chroot Chroot_local_user = yes (all local accounts can only be in their own directories) set the specified user to execute chroot Chroot_list_enable = yes (the list in the file can be called) Chroot_list_file =/any specified path/vsftpd. chroot_list Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, you can directly add an account in the file to restrict local users to access FTP: Userlist_enable = yes (use userlistlai to restrict user access) userlist_deny = no (users in the list are not allowed to access) Userlist_file =/Specify the path where the file is stored/(put the file NOTE: If userlist_enable = yes is enabled, the security option Idle_session_timeout = 600 (seconds) cannot be logged on to the anonymous account (10 minutes after the user session is idle) Data_connection_timeout = 120 (seconds) (disconnect data connections for 2 minutes) Accept_timeout = 60 (seconds) (disconnect the client after 1 minute) Connect_timeout = 60 (seconds) (disconnect again after 1 minute of interruption) local_max_rate = 50000 (bite) (Local User transfer rate: 50 K) Anon_max_rate = 30000 (bite) (anonymous user transfer rate: 30 K) pasv_min_port = 50000 (change the client data connection port to Pasv_max_port = 60000 between 200 and) Max_clients = (maximum number of FTP connections) Max_per_ip = 4 (maximum number of connections per IP address) Number) Listen_port = 5555 (data connection from port 5555, and kill the process ps-xf | grep ftp kill process Number 3. Configure the FTP accessed by the Local Group. First create the user group test and the FTP main directory groupadd test mkdir/tmp/test and then create the user useradd-G test-d/tmp/test-M usr1 note: g: The user's Group d: Specifies the location where the user's own directory is created. M: The default home directory is not created, in other words, the directory useradd-G test-d/tmp/test-M usr2 does not exist in the/home directory. Then, change the owner and permission of the folder chown usr1.test/tmp/test ---- This indicates that/ the owner of tmp/test is usr1 chmod 750/tmp/test ---- 7. wrx 5 indicates what permissions rx 0 indicates. The purpose of this experiment is that usr1 has the permission to upload, delete, and download, while usr2 only has the permission to download and does not have the permission to upload or delete the master configuration file vsftpd. conf: Make sure that the local_enable = yes, write_enable = yes, And chroot_local_usr = yes options are available! 4. Configure the non-port standard mode of the independent FTP server for data connection. Add Listen_port = 333335 in VSFTPD_CONF, Configure separate virtual FTP, and use virtual FTP users, the created four accounts have different permissions (two accounts have the permission to read directories, one for browsing, uploading, and downloading, A permission for browsing, downloading, deleting, and modifying file names) 1> Configure the first NIC address as 10.2.3.4 mask as 255.255.0.0 ifconfig eth0: 1 211.131.4.253 netmask 255.255.255.0 up 2> write to/etc/sysconfig (in order to restart the IP address will not be lost) cd/etc/sysconfig/network-scripts cp ifcfg-eth0: 1 vi ifcfg-eth0: 1. Modify the following content: DEVICE = eth0: 1 BROADCAST = 211.131.4.255 HWADDR = MAC address of the NETWORK adapter IPADDR = 211.131.4.253 NETMASK = 255.255.255.0 NETWORK = 211.131.4.0 ONBOOT = yes TYPE = Ethernet wq exit 3> enter vsftpd. the conf folder cp vsftpd. conf vsftpd2.conf modify vsftpd. add the following information to the conf file: Listen_address = 10.2.3.4 modify vsftpd2.conf Add the following information: Listen_address = export Ftpd_banner = this is a virtual ftp test. Create logins.txt vi/tmp/logins.txt on this virtual FTP server. entry Information: longlei ------------ username longlei ------------ password zhang Weibo zhangweibo jinhui lxp format: one user name and one password 5> Create a password library file for the visitor, modify the permission db_load-T-t hash-f/tmp/logins.txt/etc/vsftpd_login.db 6> to enter/etc/pam. d/Add the following information in the "auth required/lib/security/pam_userdb.so db =/etc/vsftpd_login account required/lib/security/pam_userdb.so db =/etc/vsftpd_login 7> In/ var/ftp/create a directory and change its attributes and its owner useradd-d/var/ftp/test qiang chmod 700/var/ftp/test Add the test_file test file to the directory 8> enter Modify the information in ftpd2.conf (optional) listen_yes listener = no Local_enable = yes Write_enable = no listener = no Chroot_local_user = yes Guest_enable = yes ---------- use the virtual user Guest_username = qiang ------ to map the virtual user to a local user listen_port = 5555 Max_client = 10 Max_per_ip = 1 Ftpd_banner = this is a virtual server and users Pam_service_name = ftp. vu note: the lower the permissions given in the master configuration file, the lower The space for permission division is larger, because the maximum restriction of the master configuration file is that the Service reads the master configuration file first, and then executes/etc/init when the configuration of the user's configuration file is complete. d/vsftpd restart the ftp server and you will be able to access this virtual USER to create 9> Create the unzip aul file directory in the directory where VSFTPD_CONF is located, create the configuration file Longlei zhangweibo jinhui lxp named after your username in the file directory and add it to longlei: anon_world_readable_only = no add Anon_world_readable_only = no to lxp so that the two users have permission to browse the Directory and add metadata = no Write_enable = yes Anon_upload_enable = yes in jinhui. the upload, download, and browse permissions are added to zhangweibo. Anon_world_readable_only = no Write_enable = yes Anon_upload_enable = yes then this user has the permission to upload, download, delete file directories, modify file names and browse 10> modify vsftpd2.conf and add user_config_dir =/vsftpd. the conf directory/virtual restart server completes all configuration information in VSFTPD_CONF: Anonymous_enable = yes (anonymous login allowed) Dirmessage_enable = yes (the directory is displayed when the directory is switched. message content) Local_umask = 022 (local file permission on FTP, default: 077) Connect_form_port_20 = yes (Enable FTP data port data connection) * Xferlog_enable = yes (enable upload) Xferlog_std_format = yes (using the standard log format) Ftpd_banner = XXXXX (welcome information) Pam_service_name = vsftpd (Verification Method) * Listen = yes (independent VSFTPD server) * Anon_upload_enable = yes (Open upload permission) Anon_mkdir_write_enable = yes (you can upload files in this directory when creating a directory) Write_enable = yes (Open permission for local users to write) anon_other_write_enable = yes (the anonymous account can have the permission to delete) Anon_world_readable_only = no (open the anonymous user's browsing permission) Ascii_upload_enable = yes (enable the upload ASCII Transmission Mode) ascii_download_enable = yes (enable the downloaded ASCI I transmission mode) Banner_file =/var/vsftpd_banner_file (the information in this file is welcome after the user connects) Idle_session_timeout = 600 (seconds) (10 minutes after the user session is idle) data_connection_timeout = 120 (seconds) (idle data connection for 2 minutes) Accept_timeout = 60 (seconds) (idle client for 1 minute) Connect_timeout = 60 (seconds) (connect again after 1 minute of interruption) Local_max_rate = 50000 (bite) (Local User transfer rate: 50 K) Anon_max_rate = 30000 (bite) (anonymous user transfer rate: 30 K) pasv_min_port = 50000 (change the client's data connection port to Pasv_max_port = 60000 between 50000-60000) Max_clients = 200 (maximum FTP connection Count) Max_per_ip = 4 (maximum number of connections per IP) Listen_port = 5555 (data connection from port 5555) Local_enble = yes (local account can log on) write_enable = no (the local account does not have the permission to delete or modify files after login) This is a set of Chroot_local_user = yes (all local accounts can only be in their own directories) Chroot_list_enable = yes (the list in the file can be called) chroot_list_file =/any specified path/vsftpd. chroot_list (prerequisite: chroot_local_user = no) This is a group of Userlist_enable = yes (users in the specified file cannot access) Userlist_deny = yes Userlist_file =/the specified path/vsftpd. user_list has started the ticket again. Banner_fail =/path/file name (The file content is displayed when the connection fails) Ls_recurse_enable = no Async_abor_enable = yes One_process_model = yes Listen_address = 10.2.2.2 (bind the virtual service to a port) Guest_enable = yes) guest_username = User Name (ing virtual users to local users) User_config_dir =/any specified path/folder created by the user policy (specify the path of different virtual user configuration files) another group of Chown_uploads = yes (change the owner of the uploaded file to root) Chown_username = root is another group of Deny_email_enable = yes (whether anonymous users are allowed to use certain email addresses) banned_email_file = // any specified path/xx/is a single Pasv_enable = Yes (server passive mode) User_config_dir =/any specified path // any file directory (specify the path where the virtual user stores the configuration file) if you need to use a local user to log in and close the Guest user, you must set the following command: anonymous_enable = no guest_enable = no local_enable = yes write_enable = yes local_umask = 022 chroot_list_enable = yes chroot_list_file =/etc/vsftpd. chroot_list (if not, create it by yourself) (in etc/vsftpd. chroot_list: Enter the local user name to be logged in. 6. Solve the vsftpd Chinese garbled problem. First install vsfpd in the source, and then configure all the functions, solve the Chinese Garbled text problem because the/init of the source vsftpd is deleted. d/vsftpd and/vsftpd. conf will not be deleted. Think we can lay the groundwork, or you will find it helpless! If you compile and install the SDK directly, the attachment will show my init. d/vsftpd and vsftpd. conf files. overwrite them to/etc! Start the compilation preparation and prepare the sudo apt-get build-dep vsftpd library package required by the compiling environment. Here we will first install vsftpd in the source, then uninstall sudo apt-get install vsftpd apt-get remove vsftpd Download Attachment and unzip package tar-zxvf vsftpd-2.0.6 cd vsftpd-2.0.6 sudo su: Use the root user to start compiling make # compile command, if no error occurs, make install # installation is successful. If no directory is found during installation, after creating the missing directory, the system will basically prompt that the/man8 and/man5 directories are missing. After the directory is created, Run "make install" again to test the effect of modifying the configuration file, add charset_filter_enable = YES # enable character filtering charset_client = GB2312 # Set the client character to simplified Chinese. Now, enable the Service and test sudo/etc/init. d/vsftpd restart upload a Chinese file under win to see the effect. Then, close the characters in the configuration file and restart the service.