A simple tutorial on the use of vsftpd under CentOS 6.3
1, the basic knowledge about VSFTPD
(1) what is vsftpd. Reference Baidu Encyclopedia, http://baike.baidu.com/view/1806035.htm
(2) 3 Identities of FTP Users: Entity users (real user), visitors (guest), and anonymous logins (anonymous)
A. Entity users (real user): Usually on the Linux system users, but also FTP users, login FTP requires a password
B. Guest (guest): Not Linux system users, but FTP users, login FTP requires a password
C. Anonymous login (anonymous): Not the Linux system users, but FTP users, logon FTP does not require a password
2. Install VSFTPD
[Root@localhost ~]# Yum Install vsftpd
3. Start VSFTPD Service
[root@localhost ~]# Service vsftpd start
starting vsftpd for vsftpd: [ OK ]
[root@localhost ~]# Service VSFTPD status
vsftpd (PID 30196) is running ...
Open ftp://host IP in Chrome, the network address defaults to the/VAR/FTP directory, as follows
4, VSFTPD software organization
/etc/vsftpd/vsftpd.conf |
Primary configuration file |
/usr/sbin/vsftpd |
VSFTPD executable file |
/etc/rc.d/init.d/vsftpd |
Startup script |
/etc/pam.d/vsftpd |
Pam Certified Files |
/etc/vsftpd/ftpusers |
Prohibit the use of VSFTPD user list files |
/etc/vsftpd/user_list |
Prohibit or allow use of VSFTPD list of users |
/var/ftp |
Anonymous user home Directory |
/var/ftp/pub |
Download directory for anonymous users |
5, analysis and modification of/etc/vsftpd/vsftpd.conf documents
(1) Backup vsftpd.conf files First
[Root@localhost ~]# Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.backup
(2) View the configuration instructions for the VSFTPD version and vsftpd.conf file
[Root@localhost ~]# vsftpd-v
vsftpd:version 2.2.2
[root@localhost ~]# man vsftpd.conf
(3) configuration of default vsftpd.conf files (extra annotations removed)
[Root@localhost ~]# cat-n/etc/vsftpd/vsftpd.conf
1 anonymous_enable=yes
2 local_enable=yes
3 write_enable=yes
4 local_umask=022
5 dirmessage_enable=yes
6 xferlog_enable= YES
7 connect_from_port_20=yes
8 xferlog_std_format=yes
9 listen=yes
10 pam_service_name=vsftpd userlist_enable=yes tcp_wrappers=yes
[ Root@localhost ~]#
The above default configuration implements the following features:
A. You can log in using this anonymous account or other entity account (/ETC/PASSWD) anonymous
B. Anonymous's default directory is/var/ftp, and no upload permission has been chroot.
C. default directory reference/etc/passwd for entity users, not chroot, to any directory that has permission to enter
D. Any account that exists within/etc/vsftpd/ftpusers cannot be used VSFTPD
E. Available/etc/host. {Allow|deny} as the underlying firewall
F. When the client has any upload/download information, the information is recorded in the/var/log/vsftpd.log
G. Active connection Port is 20
H. Use GMT (GMT)
(Refer to Brother Bird's private dish ^_^)
(4) My personal modifications (on the default basis), as follows
[Root@localhost ~]# vi/etc/vsftpd/vsftpd.conf # The default settings created by VSFTPD Anonymous_enable=yes local_enable =yes write_enable=yes local_umask=002 dirmessage_enable=yes xferlog_enable=yes connect_from_port_20=yes Format=yes listen=yes pam_service_name=vsftpd userlist_enable=yes tcp_wrappers=yes #---Added by Wesley---# with local t IME Use_localtime=yes # Welcome Information Banner_file=/etc/vsftpd/welcome.txt # Enable chroot and locate chroot_list F Ile Chroot_list_enable=yes Chroot_list_file=/etc/vsftpd/chroot_list # make all real users chroot and let users in Chroot_ List not is chroot # If comment, the users in Chroot_list'll be chroot (It's tricky!) Chroot_local_user=yes # Defeine maximum clients to use FTP max_clients=10 # Define Maximum connections per IP address max_per_ip=5 # relocate RE Al users ' FTP homes to specific folders # By default, real users ' ftp homes is/home/<username> user_config_dir=/etc /vsftpd/userhomes #---End---
(a) Use_localtime=yes: Use local time.
(b) Chroot_list_enable=yes: Enable chroot, user login will lock its FTP home directory, cannot switch to another directory.
(c) Chroot_list_file=/etc/vsftpd/chroot_list: When there is only chroot_local_user=no (or no such line), the user in the Chroot_list file (which needs to be created manually), is chroot, user login will lock its FTP home directory, while Chroot_local_user=yes, in Chroot_list file users, is not chroot, users can switch to any directory after login.
(d) When Chroot_local_user=yes:yes or no, triggers the user in chroot_list to allow or disallow chroot.
(e) max_clients=10: Limit the maximum number of FTP connections to 10
(f) Max_per_ip=5: Limit the use of up to 5 FTP connections per IP
(g) User_config_dir=/etc/vsftpd/userhomes, a custom user configuration directory that holds files named after the user name of each entity user (real users), such as/etc/vsftpd/ Userhomes directory to create a test file, of course, the test user is there, in the test file to write a row of local_root=/var/ftp/pub, then test user logon to FTP, the FTP home directory automatically positioned to/var/ftp/pub , rather than the original/home/test.
(h) local_umask=002: The Umask value is used when the FTP user creates a file or folder. This is more than the default configuration, which increases the group user write permissions.
Resources:
1, http://blog.csdn.net/kofterry/article/details/4277267
2, http://os.51cto.com/art/201004/192447.htm
3, http://tanjunjie.blog.51cto.com/6988/774256
4, http://desert3.iteye.com/blog/1685734
5, http://www.cnblogs.com/redhatlinux/archive/2012/04/18/2455737.html
6, http://crazyidea.iteye.com/blog/1207952
7, Http://book.51cto.com/art/201005/199774.htm
8, "Brother Bird's Linux private dish: Server Erection Chapter (second edition)", P631