1) install vsftpd
It is not difficult to install software in Ubuntu. Enter:
Sudo apt-Get install vsftpd
You may be prompted to use the CD and press Enter.
After installation, an FTP directory is created under/home. At this time, you can try to access the ftp: // ip address. You can see an FTP space with blank content.
By default, anonymous users can download files, but cannot write or upload files.
2) set the vsftpd. conf file
Now, we need to make anonymous users inaccessible and enter the user password on Linux before they can access the contents in their own directories.
First, find the file for setting vsftpd, which is located in/etc/vsftpd. conf.
Back up this file before modification:
Sudo CP/etc/vsftpd. CONF/etc/vsftpd. conf. Old
Then you can change the settings:
# Do not allow anonymous users to use it # anonymous_enable = yes # local users can use local_enable = Yes
# Write_enable = yes for write operations # file information in a directory does not need to be displayed # dirmessage_enable = Yes
# Add the banner prompt ftpd_banner = Hello ~~ # Max_clients = 100
# Restrict the process of each IP address max_per_ip = 5 # maximum transmission rate (B/S) local_max_rate = 256000
# Hiding account hide_ids = Yes
Okay. Restart the FTP server to check the effect.
Is it the same after restart as before? Haha, This is the default FTP directory. Let's delete it and check again. How is it? Enter the user name and password.
New Problems
1. After Entering the username and password, the user's root directory is displayed, and our web content is in the public_html directory.
2. You can jump to any other directory (very dangerous ..)
To solve these problems, we have to set vsftpd. conf.
# Start the chroot list (Change root) chroot_list_enable = yes # specify the list location (which is the default address) chroot_list_file =/etc/vsftpd. chroot_list
Next, we need to write it in vsftpd. chroot_list. We want to restrict users so that they will not "drift "..
Currently, linyupark is a user, so you only need to write sudo nano to it.
In this way, we have solved 2nd problems. login users can only activity in their user folders. Below we want to be more aggressive, so that they can only activity in public_html.
Still find vsftpd. conf
# This is not in the default setting. Add user_config_dir =/etc/to define a folder address for setting individual users.
Create a folder Based on the address you set, and then create a file with the same username as the folder. Nano:
# The root address of the local user. Assume that the user is linyuparklocal_root =/home/linyupark/public_html.
Okay. Restart the server. Let's see the effect.
6.5. Virtual User Configuration
6.5.1 introduction to vsftpd virtual users
Vsftpd virtual users are dedicated users of the FTP service. Virtual users can only access FTP Server resources.
Vsftpd virtual users use a separate user name/Password Storage Method, and are separated from the system account (passwd/shadow), which greatly increases
Enhanced system security. Because the user name/password of a virtual user is separate
Therefore, during verification, vsftpd needs to use the identity of a system user to read database files or database servers for verification,
This is the guest user, just as anonymous users also need a system user FTP. Of course, Guest users can also be considered
Used to map virtual users. In the following example, assume that there are virtual users xiaotong and Xiaowang.
6.5.2 User Creation and directory settings
Add a vsftpdguest user to the system as a virtual user representative in the system.
Useradd vsftpdguest
Create a virtual user
Useradd-D/home/vsftpd-S/sbin/nologin vsftpd
After a virtual user logs on, the user is located in the/home/vsftpdguest directory of vsftpdguest. If you want a virtual user to log on
To other directories such as/var/FTP, modify the Home Directory of vsftpdguest.
Install the db4.2-util package
Sudo apt-Get install db4
.
2
-Util
Create a login file that contains virtual user information, such
------------------------------------------
Test1 User Name
Passwd1 Password
Test2 Username
Passwd2
Password
Enter the last line.
-------------------------------------------
Create Database Files
Sudo db4
.
2_load-T-t hash-F Login
/
Etc
/
Vsftpd
/
Vsftpd_login
.
DB
Change Database File Permissions
Sudo chmod
600
/
Etc
/
Vsftpd_login
.
DB
Generate a new Pam file and create/etc/PAM. d/vsftpd. vu as follows:
Auth required
/
Lib
/
Security
/
Pam_userdb
.
So DB
=/
Etc
/
Vsftpd
/
Vsftpd_login
Account required
/
Lib
/
Security
/
Pam_userdb
.
So DB
=/
Etc
/
Vsftpd
/
Vsftpd_login
6.5.3 Configuration File Settings
6.5.3.1. Basic settings.
In the vsftpd. conf configuration file, add the following parameters:
Guest_enable = Yes
Guest_username = vsftpdguest
6.5.3.2. Virtual user permission configuration.
In the VSFTPD-1.2.0 when virtual_use_local_privs = Yes, you only need write_enable = Yes, the virtual user can
Write Permission.
6.5.3.3 other configurations of virtual users
① Restrict virtual users to their own directories.
Chroot_local_user = No
Chroot_list_enable = Yes
Chroot_list_file =/etc/vsftpd. chroot_list
Add xiaotong and Xiaowang to the/etc/vsftpd. chroot_list file.
Or, chroot_local_user = Yes
② Personal configurations of virtual users.
If you want individual virtual users to have their own special configurations, you can also create a virtual user's personal configuration file. In the main configuration file
Add:
User_config_dir =/etc/vsftpd/vsftpd_user_conf
Note: When user_config_dir is invalid during configuration, it is invalid if it is set to/etc/vsftpd/userconf,
The/etc/vsftpd/userconf does exist, and the following user files also exist. Later, create a directory named randomly under the etc directory and copy the two files.
Set user_config_dir to any Created directory. It may be because the name of guest_username is vsftpd.
Generate the/etc/vsftpd/vsftpd_user_conf directory to create a file with the same name as a specific virtual user:
[Root @ hpe45 vsftpd] # mkdir vsftpd_user_conf
[Root @ hpe45 vsftpd] # cd vsftpd_user_conf
[Root @ hpe45 vsftpd_user_conf] # Touch Xiaowang
Then, you can add the option settings for Xiaowang to the Xiaowang file.
NOTE: If chroot_local_user = yes is added to the personal configuration file, it is invalid.
6.5.3.4 virtual user personal directory settings
You can find that no matter which virtual user is, the directory in which the user logs on is/home/vsftpdguest, that is
The Home Directory of the guest_username user. The following describes how to create a directory for each virtual user.
One way is to use the local_root option in the virtual user's personal configuration file to specify the virtual user's own directory. Take Xiaowang
For example, based on step 1, add the following to the/etc/vsftpd/vsftpd_user_conf/Xiaowang file:
Local_root =/home/Xiaowang
Create the Xiaowang directory and set the permission to vsftpdguest:
[Root @ hpe45 Home] # mkdir Xiaowang
[Root @ hpe45 Home] # chown vsftpdguest. vsftpdguest./Xiaowang
Okay. Restart the FTP server:
/etc/init.d/vsftpd restart
Note that when using CuteFTP, You must select the standard ftp mode instead of SFTP for logon.