VSFTPD Secure and fast FTP server

If you ask which FTP server is the safest? Then in Unix and Linux, the most important thing is VSFTPD (Very secure FTP Daemon, very secure FTP server). As the name suggests, VSFTPD is a very secure File Transfer Protocol service. VSFTPD design is based on security, such as Redhat, Debian, GNU, GNOME, KDE and other large sites are using VSFTPD as their FTP server.

Install VSFTPD

路径: /usr/ports/ftp/vsftpd
命令: make install ; make clean
语法：
vsftpd [设定文件路径]Parameter introduction

Only one argument is that you can specify the location of the settings file.

预设: /usr/local/etc/vsftpd.confConfiguration file

The configuration file for the VSFTPD server is/etc/vsftpd.conf and there are more configuration options, and here I'll just select a few common configuration options.

(1) Allow native users to log in

设定: local_enable=YES(2) Allow anonymous users to login to upload modify files

设定: anonymous_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YESAlso with the system's permissions, the directory must be able to allow (FTP) account to write.

(3) Restrict anonymous users from being completely unable to log in:

设定: anonymous_enable=NO(4) Limit the number of users who cannot log in:

Object is an anonymous user:

deny_email_enable=YES
bannned_email_file=/usr/local/etc/vsftpd.banned_emails

Place email address in one line and add the specified file

object is a native user:

Method 1:

check_shell=YESRemove the shell used by the user from the/etc/shells.

Method 2:

userlist_enable=YES
userlist_deny=YES
userlist_file=/usr/local/etc/vsftpd.user_listWrite the restricted login account to the file, one line.

(5) Limit the user's ability to only be active in their own root directory

设定:chroot_list_enable=YES
chroot_list_file=/usr/local/etc/vsftpd.chroot_list(in the file to limit the account to write, one account line)

Activate VSFTPD

(1) Modification completes/usr/local/etc/vsftpd.conf.

(2) Modify/etc/inetd.conf to add vsftpd related information.

(3) Check whether there is FTP anonymous login account exists in the system, whether or not to use anonymous, you must add this FTP user account. Otherwise, an error will occur after activating vsftpd.

(4) If anonymous login is used, check that the ownership of the anonymous user's root directory (such as:/home/ftp) belongs to an FTP user, and if so, change the permissions.

It is usually possible to change the/HOME/FTP permission to another user for administrative convenience, and the user carries out the relevant FTP management.

If no changes are made, an error occurs.

(5) activating vsftpd via inetd

kill -1 `cat /var/run/inetd.pid`If you want to activate directly, you will receive an error.

My configuration file

Only want to log in to registered native accounts (restrict anonymous login) and restrict these accounts from switching directories freely. So for the default configuration file, only the following sections are modified.

nonymous_enable=NO
local_enable=YES
chroot_list_enable=YES
write_enable=YES
chroot_list_file=/usr/local/etc/vsftpd.chroot_list

Above is the vsftpd.conf run the configuration file, for everybody reference.