VSFTPD configuration in Debian

1. Installation: apt-getinstallvsftpd2, etcvsftpd. conf configuration: # Exampleconfigfileetcvsftpd. conf # examples. Thissamplefile # loosensthingsupabit, tomaketheftpdaemonmoreusable .#

1. Installation: apt-get install vsftpd 2,/etc/vsftpd. conf configuration: # Example config file/etc/vsftpd. conf # The default compiled in settings are fairly paranoid. this sample file # loosens things up a bit, to make the ftp daemon more usable. #

1. installation:

Apt-get install vsftpd

2./etc/vsftpd. confConfiguration:

# Example config file/etc/vsftpd. conf
#
# The default compiled in settings are fairly paranoid. This sample file
# Loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd. conf.5 for all compiled in defaults.
#
# Read this: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd. conf.5 manual page to get a full idea of vsftpd's
# Capabilities.
#
#
# Run standalone? Vsftpd can run either from an inetd or as a standalone
# Daemon started from an initscript.
Listen = YES
#
# Run standalone with IPv6?
# Like the listen parameter, parameter t vsftpd will listen on an IPv6 socket
# Instead of an IPv4 one. This parameter and the listen parameter are mutually
# Exclusive.
# Listen_ipv6 = YES
#
# Allow anonymous FTP? (Beware-allowed by default if you comment this out ).
Anonymous_enable = NO
#
# Uncomment this to allow local users to log in.
Local_enable = YES
#
# Uncomment this to enable any form of FTP write command.
Write_enable = YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# If your users CT that (022 is used by most other ftpd's)
Local_umask = 022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# Has an effect if the above global write enable is activated. Also, you will
# Obviously need to create a directory writable by the FTP user.
# Anon_upload_enable = YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# New directories.
# Anon_mkdir_write_enable = YES
#
# Activate directory messages-messages given to remote users when they
# Go into a certain directory.
Dirmessage_enable = YES
#
# Activate logging of uploads/downloads.
Xferlog_enable = YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data ).
Connect_from_port_20 = YES
#
# If you want, you can arrange for uploaded anonymous files to be owned
# A different user. Note! Using "root" for uploaded files is not
# Recommended!
# Chown_uploads = YES
# Chown_username = whoever
#
# You may override where the log file goes if you like. The default is shown
# Below.
# Xferlog_file =/var/log/vsftpd. log
#
# If you want, you can have your log file in standard ftpd xferlog format
Xferlog_std_format = YES
#
# You may change the default value for timing out an idle session.
Idle_session_timeout = 600
#
# You may change the default value for timing out a data connection.
Data _ connection_timeout = 120
#
# It is recommended that you define on your system a unique user which
# Ftp server can use as a totally isolated and unprivileged user.
# Nopriv_user = ft1_cure
#
# Enable this and the server will recognize asynchronous ABOR requests. Not
# Recommended for security (the code is non-trivial). Not enabling it,
# However, may confuse older FTP clients.
# Async_abor_enable = YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# The request. Turn on the below options to have the server actually do ASCII
# Mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# Attack (DoS) via the command "SIZE/big/file" in ASCII mode. vsftpd
# Predicted this attack and has always been safe, reporting the size of
# Raw file.
# ASCII mangling is a horrible feature of the protocol.
# Ascii_upload_enable = YES
# Ascii_download_enable = YES
#
# You may fully customise the login banner string:
Ftpd_banner = Welcome to ddlcn ftp service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# Useful for combatting certain DoS attacks.
# Deny_email_enable = YES
# (Default follows)
# Banned_email_file =/etc/vsftpd. banned_emails
#
# You may restrict local users to their home directories. See the FAQ
# The possible risks in this before using chroot_local_user or
# Chroot_list_enable below.
# Chroot_local_user = YES
#
# You may specify an explicit list of local users to chroot () to their home
# Directory. If chroot_local_user is YES, then this list becomes a list
# Users to NOT chroot ().
Chroot_list_enable = YES
# (Default follows)
Chroot_list_file =/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled
# Default to avoid remote users being able to cause excessive I/O on large
# Sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# The presence of the "-R" option, so there is a strong case for enabling it.
# Ls_recurse_enable = YES
#
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout
# Default. These settings are more Debian-friendly.
#
# This option shoshould be the name of a directory which is empty. Also,
# Directory shocould not be writable by the ftp user. This directory is used
# As a secure chroot () jail at times vsftpd does not require filesystem
# Access.
# Secure_chroot_dir =/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
Pam_service_name = vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# Encrypted connections.
Rsa_cert_file =/etc/ssl/certs/vsftpd. pem

3. in/etc/pam. d/vsftpd

# Auth required pam_shells.so

Comment out

4. ModifiedConfigurationRestart the vsftpd service.

/Etc/init. d/vsftpd stop/etc/init. d/vsftpd start

5. Add a system user

Useradd-d {home directory}-s/bin/false {user}

Add the vsftpd user name to/etc/vsftpd/chroot_list.

　

File structure of VSFTPD

The file structure of VSFTPD is concise, including:
/Usr/sbin/vsftpd ---- main program of VSFTPD
/Etc/rc. d/init. d/vsftpd ---- start the script
/Etc/vsftpd. conf ---- masterConfigurationFile
/Etc/pam. d/vsftpd ---- PAM Authentication File
/Etc/vsftpd. ftpusers ---- disable VSFTPD User List Files
/Etc/vsftpd. user_list ---- prohibit or allow VSFTPD User List Files
/Var/ftp ---- anonymous user home directory
/Var/ftp/pub ---- download directory of Anonymous Users
In addition, there are some instruction documents and manual documents.

In addition, the VSFTPD log file is located at/etc/logrotate. d/vsftpd. log.