CentOS 6.3 under Vsftp construction

Environment: CentOS6.3

Three user modes for FTP

Anonymous User: vsftp default on anonymous user, but only allow download not allowed upload, anonymous user anonymous or FTP, anonymous user directory/var/ftp, but actually vsftp to anonymous user chroot

Local User: Vsftp default on local user login, local user login directory is its home directory, you can switch directories at will (can be specified by local_root= login directory); Generally control user access through system permissions

Virtual User: Requires manual configuration, mapping FTP virtual users to a system user through local files or databases, and achieving greater security through control of this system user

Installation

Yum Install vsftpd

VSFTP's main configuration file:/etc/vsftpd/vsftpd.conf

Start vsftp

Service VSFTPD Start

Turn on the firewall

Vi/etc/sysconfig/iptables

-A input-m state--state new-m tcp-p TCP--dport 21-j ACCEPT

Service Iptables Restart

500 error occurred while modifying SELinux//resolving local User login (unable to access user home directory)

Setsebool–p Ftp_home_dir 1

Setsebool–p allow_ftpd_full_access 1

or turn off SELinux

Vi/etc/sysconfig/selinux

Selinux=enforcing Change to disable

Enable self-booting

Chkconfig--level vsftpd on

Common configuration

Anonymous_enable=yes//The anonymous user is turned on by default, note that if you want to turn off anonymous users, you do not simply comment out this option (because the default anonymous user is turned on), but instead specify the option value to NO (Anonymous_enable=no)

ftpd_banner=//Login banner, default not open

Xferlog_enable=yes//Turn on the log and turn it on by default

Xferlog_file=/var/log/xferlog//log path, default not open

Xferlog_std_format=yes//log format, enabled by default

anon_max_rate=100000//anonymous user maximum transfer rate, default does not exist

local_max_rate=1000000//local user maximum transfer rate, default does not exist

MAX_CLIENTS=XX//server maximum number of concurrent connections

Max_per_ip=x//Maximum connections per IP

Pasv_enable=no//Turn off passive mode to solve the FTP tool and Windows connection cannot list problem (I do not want to open too many ports on the firewall to provide passive connection to the client, if you must adopt passive mode, please refer to the Small monk's blog article. It is important to note that when using passive mode, the Windows connection requires Internet option---advaneced--use passive mode to uncheck, or Windows default to passive mode connection, the General Client tool can automatically determine when connected , no need to configure too much)

Cmds_allowed=abor,cwd,list,mkd,nlst,pass,pasv,port,pwd,quit,retr,rnfr,rnto,site,size,stor,type,user,cdup,appe, MDTM//This option is used to specify the FTP interactive command that can be used, I removed the dele (delete) to restrict the user to delete remote files, the specific command parameters please refer to http://www.nsftools.com/tips/RawFTP.htm

User Access Control

1. Specify user forbidden Access, other users allow access

Userlist_enable=yes

Userlist_file=/etc/vsftpd/vsftpd.userlist

Userlist_deny=yes

2. The specified user is allowed access, other users are forbidden to access

Userlist_file=/etc/vsftpd/vsftpd.userlist

Userlist_deny=no

Local User Chroot

1. Users are not restricted, other users are restricted

Chroot_local_user=yes//enable local user chroot, enable local user login to be restricted to their login directory (default to their home directory) Chroot_list_enable=yes//Enable exception list Chroot_list_f Ile=/etc/vsftpd/chroot_list//Exception list path

2. Restricted users, other users are not restricted

Chroot_local_user=no Chroot_list_enable=yes Chroot_list_file=/etc/vsftpd/chroot_list

FTP Common commands

Open x.x.x.x//Opening a connection to the FTP server

User XXX//Login users

CD//Change remote login directory (server side)

LCD//Change local directory (client)

bin//In binary mode (usually for programs, etc.)

ASCII//ASC code mode transmission (default, commonly used to transfer text class files)

hash//Show transfer progress

Bell//ring after transmission complete

Prompt//interactive mode switch (multiple for mget,mput close interaction)

Status//Display current state (transfer mode, whether to show transmission progress, whether to ring, whether to interact, etc.)

Get//download

Mget//Bulk Download

Put//Upload

Mput//Bulk Upload

This article is from the Linux commune website (www.linuxidc.com) Source Link: http://www.linuxidc.com/Linux/2013-05/84947.htm

CentOS 6.3 under Vsftp construction