Deep resolution vsftpd service

Detailed documentation requirements for Vsftpd installation:. anonymous users cannot log on to or access the ftp server (because it is an ftp server within the O & M Department, only colleagues in the O & M Department can log on), that is, only local users can log on. B. by default, the ftp server is logged on to the home directory of the user...

Vsftpd installation documentation
Requirements:
A. anonymous users cannot log on to or access the ftp server (because it is an ftp server within the O & M Department, only colleagues in the O & M Department can log on), that is, only local users can log on.
B. by default, the ftp server is used to log on to the home directory of the user, requiring that all users log on to a shared directory and the user has his/her own folder, use the name of the O & M Department's colleague to name the command folder and distinguish it! The requirement is that the user can upload, create, delete, download, and other permissions to his/her own folder, and can download but cannot delete other folders. For public folders, users can download, upload, or delete their own files, but cannot delete files uploaded by other users, as shown in:
 
 
Use weijunping to log on to the ftp server. This user has the root permission (that is, all permissions) on the weijunping file ), however, other folders such as jiaobin and panweibo can be viewed, downloaded, but not created or deleted; shared Folders, such as the Shared_information/Work_material folder, can be uploaded, browsed, downloaded, and deleted from the uploaded objects.
Use chenyanhua to log on to the shared folder Shared_information and upload the file system vulnerability patch.

 
Log out and log in with weijunping to the directory and try to delete the file.
 

Vsftpd is a secure, fast, and stable FTP server.
II. install and start the vsftpd service
Vsftpd is easy to install
[Root @ localhost webserver] # rpm-qa | grep vsftpd
Vsftpd-2.0.1-6.el4
If not
# Yum-y install vsftpd
After the installation is complete, use service vsftpd start to start vsftpd, so that the ftp server is set up.
However, you cannot access the ftp server because the firewall is disabled by default. in this case, you need to use the service iptables stop command to disable the firewall so that the client can access the ftp server.
III. · default vsftp functions
1> allow anonymous users and local users to log on.
2> The logon name used by anonymous users is ftp or anonymous. the password is blank. anonymous users cannot leave the server.
The server has no directory/var/ftp, and can only be downloaded and cannot be uploaded.
3> the login name of the local user is the local user name, and the password is the password of the local user. the local user can switch from his/her own directory to another directory with access permissions, download/upload files with the permission
4> the local user in the/etc/vsftpd. ftpusers file cannot log on.
Configuration file details:
Anon_uplood_enable = YES indicates that an anonymous account can upload files.
Anon_mkdir_write_enable = YES indicates that anonymous accounts can create directories.
Anon_other_write_enable = YES indicates that the anonymous account can rename and delete files and folders.
Anon_world_readeable_only = NO indicates that you can browse the FTP directory and download files.
· Permission settings
 
1> control the host that is allowed/not allowed to access
In the last line of the vsftpd. conf file, there is a command: TCP_wrappers = YES, indicating that the vsftpd server is combined with TCP wrappers to control access to the host. In this way, when the client accesses the vsftpd server, the server checks the settings in/etc/hosts. allow and/etc/hosts. deny to determine whether the host to be connected is allowed to connect to the server. These two files can provide simple firewall functions.
The specific settings are as follows:
To deny access to this server from an IP address, you can add vsftpd: 192.168.0.18: deny to the/etc/hosts. deny file.
All: allow
To allow an IP segment to access this server, you can add it to the/etc/hosts. allow file.
Vsftpd: 192.168.0: allow
All: deny
2> access speed restrictions
Add anon_max_rate = (Unit B) to the last line of the vsftpd. conf file, so that the maximum speed for anonymous users to download or upload files is set. To limit the speed of a local user, add local_max_rate = (Unit B.
3> Number of threads
Adding max_per_ip = (0 indicates no restriction) to the vsftpd. conf file can prevent some users from using multiple threads to download resources and occupying server loans and resources. In this way, when the number of threads used by the client exceeds the maximum limit of the server, the following error occurs: There are too threads connections from your internet address.
4> maximum client connection restrictions
Adding max_clients = (0 indicates no limit) to the vsftpd. conf file can prevent the server from occupying the full memory due to the excessive number of customer connections and killing the server. When the number of clients exceeds the maximum value set by the server, the client displays: There are too connected users, please try later.
The settings are as follows:
Listen = YES
Tcp_wappers = YES
Anon_max_rate = 64000
Local_max_rate = 100000
Max_per_ip = 3
Max_clients = 10
5> set the main directory for user logon
By default, anonymous users log on to the FTP server and enter the/var/ftp directory. local users log on to the server and enter the user's home directory under/home. You can add local_root =/home/website to the vsftpd. conf file, so that the local user will automatically enter the/home/website directory after logging on to the FTP server.
1. set users that are allowed or not allowed to access
User access control is implemented by the vsftpd. user_list and vsftpd. ftpuser files in the/etc directory. Related configuration commands are as follows:
· Userlist _ enable = YES determines whether the vsftpd. user_list file is enabled or not. YES indicates that the vsftpd. user_list file takes effect, and NO indicates that the vsftpd. user_list file takes effect.
Userlist_deny = NO determines whether the user in the vsftpd. user_list file is allowed or not. If set to YES, vsftpd. users in the user_list file will not be allowed to access the FTP server. if it is set to NO, only vsftpd is allowed. only users in the user_list file can access the FTP server (vsftpd. these users are not in the ftpuser file; otherwise, they are still disabled ).
· The vsftpd. ftpusers file is used to define a list of users who are not allowed to access the FTP server. by default, these two files have set system internal accounts that are not allowed to access the FTP server.
6> control whether the user can switch to the parent directory
By default, you can use the "cd .." command to switch to the parent directory. For example, if the directory where the user logs on is/var/ftp, run "cd .." on the "ftp>" command line .. "Command, the user will switch to its parent directory/var. if you continue to execute this command, you can run the Linux root directory to operate the entire Linux file. If write_enable = YES is set. you can also rewrite the files in the directory, which brings great security risks to the system. Therefore, you must access the Linux root directory. the related configuration items are as follows:
· Chroot _ list_enable = YES sets whether to enable the user list file specified by the chroot_list_file configuration item.
· Chroot _ list_file =/etc/vsftpd. chroot_list is used to specify the user list file, which is used to control which users can switch to the upper-level Directory of the FTP site root directory.
· Chroot _ local_users = YES is used to specify whether the user in the user list file can be switched to the upper-level Directory.
The specific situations include:
When chroot_list_enable = YES, chroot_local_user = YES, in/etc/vsftpd. users listed in the chroot_list file can switch to the parent directory. users not listed in the file cannot switch to the parent directory where the root directory of the site is located.
When chroot_list_enable = YES, chroot_local_user = NO, in/etc/vsftpd. users listed in the chroot_list file cannot switch to the parent directory. users not listed in the file can switch to the parent directory of the root directory of the site.
When chroot_list_enable = NO, chroot_local_user = YES, all users cannot switch to the parent directory.
When chroot_list_enable = NO and chroot_local_user = NO, all users can switch to the parent directory.
Accept_timeout = 60 sets the timeout time for establishing an FTP connection. the unit is seconds. the default value is 60 seconds.
Idle_session_timeout = 600 if you do not perform any operations on the FTP server, the FTP connection is disconnected. the unit is seconds. the default value is 600 seconds.
 
The server settings are as follows:
# Yum-y install vsftpd
# Vi/etc/vsftpd/vsfptd. conf
Anonymous_enable = NO (anonymous users are not allowed to log on)
Local_root =/home/webserver (set the main directory for user logon)
Others are kept by default.
In the/home/webserver directory, create a folder named after each O & M colleague, and change the master and Group of the folder names to the same as the folder names, for example:
Chown chenyanhua. chenyanhua
For shared directories such as Shared_information/Work-material, Grant 777 permissions (755 is acceptable, but I didn't try it) and add the t attribute to the file (even if all its permissions are open to rwxrwxrwx, if it is set to a paste bit, unless the directory owner and root user have the permission to delete it, other users cannot delete this directory. users generally open the permissions of a file and share the file)
# Mkdir Shared_information
# Chmod a + t Shared_information
# Chmod 777 Shared_information
Start vsftpd
# Service vsftpd start
 
 
 
 
This article is from the "rose selected" blog