Build an FTP server with VSFTPD

Article Title: Use VSFTPD to build an FTP server. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

There are many optional software for building an FTP server. Here we will introduce a Very Secure FTP daemon (VSFTPD ).

1. Install

$ Sudo apt-get install vsftpd

2. Start

$ Sudo/etc/init. d/vsftpd start

Close

$ Sudo/etc/init. d/vsfptd stop

Restart

$ Sudo/etc/init. d/vsfptd. restart

3. Configuration

The configuration file is in/etc/vsftpd. conf. The configuration explanation is reproduced in the article: Using vsftp to create an ftp site.

The first is the most basic configuration. Please check my/etc/vsftpd. conf

######################################## ########################
# Accepting Anonymous Users
Anonymous_enable = YES
# Do not ask for a password when an anonymous user logs in
No_anon_password = YES
# Accept local users
Local_enable = YES

# Upload allowed (global control ). if you want anonymous users to upload files, set anon_upload_enable = YES. If you want anonymous users to create directories, set anon_mkdir_write_enable = YES. upload by anonymous users is prohibited, so these two items are not set.
Write_enable = YES
# Umask for local user to upload files
Local_umask = 022

# Use upload/download logs. The default log file is/var/log/vsftpd. log, which can be modified using the xferlog_file option.
Xferlog_enable = YES
# Use standard xferlog format for logs
Xferlog_std_format = YES

# Welcome information for login
Ftpd_banner = Welcome to KingArthur's FTP service.
# If this parameter is set, the above ftpd_banner setting will be overwritten, And the content in/etc/vsftpd/banner will be displayed in login.
Banner_file =/etc/vsftpd/banner
# If YES, the text file (. message by default) specified by message_file in this directory is displayed when you enter the directory.
Dirmessage_enable = YES
# The directory where the local user login is located. If this item is not set, the local user login will be in his home directory (the sixth field of/etc/passwd. the option for anonymous users is anon_root.
Local_root =/var/ftp

# If YES, the following controls are valid:
Chroot_list_enable = YES
# If NO, the file specified by the chroot_list_file option is recorded (/etc/vsftpd by default. the user in chroot_list will be in the directory where the chroot is logged on and cannot leave. if YES, the logged user will not be chroot. select YES here.
Chroot_local_user = YES

# If it is set to YES, the login cannot be logged in the user specified file (default:/etc/vsftpd. user_list) recorded in the userlist_file option, and the following userlist_deny options will be checked.
Userlist_enable = YES
# If NO, only login requests of users recorded in the file specified by userlist_file (/etc/vsftpd. user_list by default) are accepted. If YES, requests of these users are not accepted.
Userlist_deny = NO
# Note !!! Vsftpd also checks the/etc/vsftpd. ftpusers file. Users recorded in this file will not be able to log in !!

# The server runs in standalong mode, so that the following control can be performed
Listen = YES
# Transfer ratio of anonymous users (B/s)
Anon_max_rate = 51200
# Local user transmission rate (B/s)
Local_max_rate = 512000
# Maximum number of acceptable clients
Max_clients = 100
# Maximum number of clients for each ip Address
Max_per_ip = 5

Connect_from_port_20 = YES
Tcp_wrappers = YES
Pam_service_name = vsftpd

######################################## #####################

Below is my/etc/vsftpd. user_list
######################################## #########################

Ftpuser
Anonymous

######################################## ##########################
/Etc/vsftpd. ftpusers can use the files that come with the system.
/Etc/vsftpd. chroot_list content is empty
Create a system user ftpuser, add him to the ftp group, and change the last field of his record in/etc/passwd to/sbin/nologin (disable local login ).
Set the/var/ftp owner and all groups as root, and set the permission to 755.
Set the owner of/var/ftp/pub to root, set all groups to ftp, and set the permission to 775.

Now the basic configuration of vsftpd is complete. here, we accept requests from anonymous users anonymous and local users ftpuser. anonymous can only download and ftpuser can download and upload. after they log on, they are all under the/var/ftp directory and cannot leave the directory (chroot ). ftpuser can create directories and upload files in the/var/ftp/pub directory. the permission to upload files is 755 (local_umask = 022 is set ). the transfer rate of anonymous users is 50kb/s, and that of ftpuser is 500kb/s. the maximum number of customers that can be connected is 100, and the maximum number of customers that can be connected per ip address is 5.
To enable the local user ftpput to support login, you only need to add it to/etc/vsftpd. user_list. To enable the upload, you only need to add it to the ftp group.
Then we can create a directory under/var/ftp (including/var/ftp. message file, so that vsftpd will be displayed when the user enters this directory. message content. You can write the welcome information or precautions here. in addition, you can edit/etc/vsftpd/banner to set up the welcome information for login to make ftp more personalized.

Next we use quota to add the ftpuser to the disk quota to prevent malicious users from filling your hard disk with junk data.
Assume that/var/ftp is in the root partition/(/dev/hda5), change the 4th fields of the records in the root partition in/etc/fstab to ults and usrquota, this record looks like this:
LABEL = // ext3 defaults, usrquota 1 1
Restart the system and enter the following command:
Quotacheck-acu # Check the file system with quotas enabled and create a table for each file system for the current Disk
Quotacheck-avu # generate the current disk usage table for each file system with the quota enabled
Edquota ftpuser # Set Disk Quota for user ftpuser
At this time, the system will open the quota file in the default text editor (vi), and the display is similar to this:
Disk quotas for user ftpuser (uid 501 ):
Filesystem blocks soft hard inodes soft hard
/Dev/hda5 0 0 0 0 0 0
The first column is the name of the file system with the quota enabled. The second column shows the number of blocks currently used by the user. The next two columns are used to set the hardware and software block limits of the user on the file system. The inodes column displays the number of I nodes currently used by the user. The last two columns are used to set the limits of the hard and soft I nodes on the file system. The hard limit is the absolute maximum disk space that users or groups can use. After this limit is reached, the disk space cannot be used by users or groups. The maximum disk space that can be used. Unlike Hard Limits, soft limits can be exceeded within a period of time. This period is called grace period ). The transition period can be expressed in seconds, minutes, hours, days, weeks, or months. If any of the above values is set to 0, the limit will not be set. After modification as needed, the disk will be released.
To verify whether a user's quota is set, run the following command:
Quota testuser
Then, use edquota-t to set the grace period)
Similar to another edquota command, this command also opens the current file system quota in the Text Editor:
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
Filesystem Block grace period Inode grace period
/Dev/hda5 7 days 7 days
Modify as needed and then save the disk and exit.