Environment: CentOS6.3
Three user modes for FTP
Anonymous User: vsftp default on anonymous user, but only allow download not allowed upload, anonymous user anonymous or FTP, anonymous user directory/var/ftp, but actually vsftp to anonymous user chroot
Local User: Vsftp default on local user login, local user login directory is its home directory, you can switch directories at will (can be specified by local_root= login directory); Generally control user access through system permissions
Virtual User: Requires manual configuration, mapping FTP virtual users to a system user through local files or databases, and achieving greater security through control of this system user
Installation
Yum Install vsftpd
VSFTP's main configuration file:/etc/vsftpd/vsftpd.conf
Start vsftp
Service VSFTPD Start
Turn on the firewall
Vi/etc/sysconfig/iptables
-A input-m state--state new-m tcp-p TCP--dport 21-j ACCEPT
Service Iptables Restart
500 error occurred while modifying SELinux//resolving local User login (unable to access user home directory)
Setsebool–p Ftp_home_dir 1
Setsebool–p allow_ftpd_full_access 1
or turn off SELinux
Vi/etc/sysconfig/selinux
Selinux=enforcing Change to disable
Enable self-booting
Chkconfig--level vsftpd on
Common configuration
Anonymous_enable=yes//The anonymous user is turned on by default, note that if you want to turn off anonymous users, you do not simply comment out this option (because the default anonymous user is turned on), but instead specify the option value to NO (Anonymous_enable=no)
ftpd_banner=//Login banner, default not open
Xferlog_enable=yes//Turn on the log and turn it on by default
Xferlog_file=/var/log/xferlog//log path, default not open
Xferlog_std_format=yes//log format, enabled by default
anon_max_rate=100000//anonymous user maximum transfer rate, default does not exist
local_max_rate=1000000//local user maximum transfer rate, default does not exist
MAX_CLIENTS=XX//server maximum number of concurrent connections
Max_per_ip=x//Maximum connections per IP
Pasv_enable=no//Turn off passive mode to solve the FTP tool and Windows connection cannot list problem (I do not want to open too many ports on the firewall to provide passive connection to the client, if you must adopt passive mode, please refer to the Small monk's blog article. It is important to note that when using passive mode, the Windows connection requires Internet option---advaneced--use passive mode to uncheck, or Windows default to passive mode connection, the General Client tool can automatically determine when connected , no need to configure too much)
Cmds_allowed=abor,cwd,list,mkd,nlst,pass,pasv,port,pwd,quit,retr,rnfr,rnto,site,size,stor,type,user,cdup,appe, MDTM//This option is used to specify the FTP interactive command that can be used, I removed the dele (delete) to restrict the user to delete remote files, the specific command parameters please refer to http://www.nsftools.com/tips/RawFTP.htm
User Access Control
1. Specify user forbidden Access, other users allow access
Userlist_enable=yes
Userlist_file=/etc/vsftpd/vsftpd.userlist
Userlist_deny=yes
2. The specified user is allowed access, other users are forbidden to access
Userlist_file=/etc/vsftpd/vsftpd.userlist
Userlist_deny=no
Local User Chroot
1. Users are not restricted, other users are restricted
Chroot_local_user=yes//enable local user chroot, enable local user login to be restricted to their login directory (default to their home directory) Chroot_list_enable=yes//Enable exception list Chroot_list_f Ile=/etc/vsftpd/chroot_list//Exception list path
2. Restricted users, other users are not restricted
Chroot_local_user=no Chroot_list_enable=yes Chroot_list_file=/etc/vsftpd/chroot_list
FTP Common commands
Open x.x.x.x//Opening a connection to the FTP server
User XXX//Login users
CD//Change remote login directory (server side)
LCD//Change local directory (client)
bin//In binary mode (usually for programs, etc.)
ASCII//ASC code mode transmission (default, commonly used to transfer text class files)
hash//Show transfer progress
Bell//ring after transmission complete
Prompt//interactive mode switch (multiple for mget,mput close interaction)
Status//Display current state (transfer mode, whether to show transmission progress, whether to ring, whether to interact, etc.)
Get//download
Mget//Bulk Download
Put//Upload
Mput//Bulk Upload
This article is from the Linux commune website (www.linuxidc.com) Source Link: http://www.linuxidc.com/Linux/2013-05/84947.htm
CentOS 6.3 under Vsftp construction