Debian vsftp server with simple configuration

FTP is also used in Apache. It is always modified in windows, and transferred to the Web server. It is more convenient to use vsftp!

It is also because it is only used by myself, so there is no difficult action...

 

Install vsftp

Apt-Get Install update

Apt-Get install vsftpd

 

Check if FTP is started

Netstat-A | grep FTP *

FTP-localhost

 

Determines whether vsftp is started with the system.

You can use rcconf.

Apt-Get Install update

Then enter rcconf to manage it on the GUI!

This is indeed much easier than update-rc.d.

 

First, let's see how to exclude users who are not allowed to log on to the FTP server.

This is very important. Some dangerous accounts such as root must be excluded!

In/etc/ftpusers, the user name list that does not allow access to the FTP server is recorded. By default, root is excluded during Debian installation to ensure vsftp security.

The following is my ftpusers. If you feel the trouble of using a virtual account for Management (because the best way to use it is through MySQL ). you can write all users under/etc/passwd to it and add them one by one! :)

In this way, only accounts manually added later can log on to FTP.

CAT/etc/ftpusers

#/Etc/ftpusers: list of users disallowed ftp access. See ftpusers (5)

Root

Daemon

Bin

Sys

Sync

Games

Man

Lp

Mail

News

Uucp

Nobody

 

Vsftp logs are very important.

Vsftp logs are stored in/var/log

You can check whether there are any illegal actions. For example, an account without the FTP logon permission has logged on to the FTP server.

 

Manage vsftp system services

Start Service/etc/init. d/./vsftpd start

Restart/etc/init. d/./vsftpd restart)

Stop Service/etc/init. d/./vsftpd stop

 

Configure anonymous login to allow download only

This part only occupies some space. In fact, I don't think I can use it !!!

It may take a few minutes to complete the modification.

After Debian is installed, a vsftpd. conf template is provided.

Only a few letters can be changed manually.

Modify/etc/vsftpd. conf

Listen = Yes (independent vsftpd server )*

Max_clients = 200 (200 clients are allowed to be connected at the same time)

Max_per_ip = 4 (each IP allows up to four processes)

Anonymous_enable = Yes (anonymous login allowed)

Local_enable = No (prohibit local system users)

Write_enable = No (do not grant write permission to Local Users)

Anon_upload_enable = No (anonymous user upload permission)

Anon_mkdir_write_enable = No (disable upload directory and disable upload permission in this directory)

Anon_other_write_enable = No (disable the permission to delete anonymous accounts)

Anon_world_readable_only = Yes (prohibit anonymous support for downloading files with global read permission)

Hide_ids = Yes (the user and group information columns in the directory are displayed as FTP)

Ls_recurse_enable = No (LS-r recursive query forbidden)
Dirmessage_enable = Yes (The. Message content under the directory is displayed when the directory is switched)

Local_umask = 022 (local file permission on FTP, default: 077)

Connect_form_port_20 = Yes (enable data connection on the FTP data port )*

Xferlog_enable = Yes (enable upload and download logs)

Xferlog_std_format = Yes (use the standard log format)

Ftpd_banner = XXXXX (welcome information)

Pam_service_name = vsftpd (Verification Method)

Just installed vsftp anonymous user path/home/ftp

 

 

Configure local users to use FTP Server

I think this part is quite useful. If you are too lazy to use a virtual account to manage FTP uploads, downloads, modifications, and so on, this is a simple and clean method.

Modify/etc/vsftpd. conf

Local_enable = Yes (the local account can log on)

Write_enable = No (the local account does not have the permission to modify or delete files. I just want to use ftp to manage the Web server. So this is changed to yes. Otherwise, files cannot be uploaded)

Set all local users to execute chroot

Chroot_local_user = Yes (all local accounts can only be in their home directory)

Set the specified user to execute chroot

Chroot_list_enable = Yes (the list in the file can be called)

Chroot_list_file =/any specified path/vsftpd. chroot_list

Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, you can directly add the account in the file.

Restrict access to FTP by local users

Userlist_enable = Yes (use userlistlai to restrict user access)

Userlist_deny = No (users in the list are not allowed to access)

Userlist_file =/Specify the path for storing the file/(File placement path)

Note: Enabling userlist_enable = yes for anonymous accounts cannot log on

Modify pam_service_name =/etc/PAM. d/vsftpd (it seems that only vsftp In Debian is a bad idea. It is very important that you change it to an absolute path .)

 

Security Options

Data_connection_timeout = 120 (seconds) (data is idle for two minutes)

Accept_timeout = 60 (seconds) (the client is disconnected after being idle for 1 minute)

 

Configure the Local Group to access FTP

First, create the directory of the user group test and FTP

Groupadd ftpadmin)

Mkdir/tmp/test (I directly allocate the/var/WWW file to the user to manage the Apache web directory)

Then create a user

Useradd-G ftpadmin-D/tmp/test-M user1

Note: G: the user's Group D: Specify to create the user's own directory M: do not create a default home directory, that is, there is no own directory under/home

 

I just made an account to transfer files to my web server.

Useradd-g ftp-D/var/www-M Webadmin

 

Then, change the group and user of the folder.

Chown webadmin. ftpadmin/var/WWW change/var/WWW to WebAdmin

Chmod 711/var/WWW

The read permission set here is 711, that is, the full permission of the folder owner. The same group, that is, the above ftp group and all users are executable permissions.

At first, I habitually changed WWW to 750 and told me that I had no permission to read the results when I tested Apache server in IE. after that, I checked the WWW permission and found that the permissions of all users are 0. oh!

 

 

Check who is logged on to FTP and stops the process.

PS-XF | grep FTP

Kill process number

 

Vsftp virtual account application