Chkconfig vsftpd on
Configuration Ask Price under/etc/vsftpd/
Chroot_list default does not have to establish itself vi/etc/vsftpd/chroot_list casually write something or do not write, directly save
Ftpusers users who refuse to log on
User_list is also a user who refuses to log on
VSFTPD.CONF Master configuration file
User_list list does not take effect when userlist_enable=no, users within and outside the list can log in
Users in the User_list list are not allowed to log on when Userlist_enable=yes,userlist_deny=yes, outside the list user can log in
When Userlist_enable=yes, Userlist_deny=no user_list only allow users outside the list to log on, and must be in the command-line manner
Groupadd yhftp
Useradd-r-G yhftp yhftp-s/sbin/nologin
Chown-r yhftp.yhftp FTP directory web site root directory
chmod 755 FTP directory web site root directory
VI vsftpd.conf
#Example config file/etc/vsftpd/vsftpd.conf##The default compiled in Settings is fairly paranoid. This sample file#loosens things up a bit, to make the FTP daemon more usable.#Please see VSFTPD.CONF.5 for all compiled in defaults.##READ This:this Example file is a exhaustive list of vsftpd options.#Please read the VSFTPD.CONF.5 manual page to get a full idea of vsftpd ' s#capabilities.##Allow anonymous FTP? (beware-allowed by default if you comment this out).anonymous_enable=NO##Uncomment this to allow Local users to log in.local_enable=YES##uncomment this to enable any form of FTP write command.write_enable=YES##Default umask for Local Users is 077. wish to 022,#If your users expect that (022 was used by the most other ftpd ' s)local_umask=022##Uncomment the anonymous FTP user to upload files. this only#effect if the above global write enable is activated. Also, you'll#obviously need to create a directory writable by the FTP user.#Anon_upload_enable=yes##Uncomment this if you want the anonymous FTP user to being able to create#new directories.#Anon_mkdir_write_enable=yes##Activate directory messages-messages given to remote users when they#go into a certain directory.dirmessage_enable=YES##The target log file can be Vsftpd_log_file or xferlog_file.#This depends on setting Xferlog_std_format parameterxferlog_enable=YES##Make sure port transfer connections originate from port (ftp-data).connect_from_port_20=YES##If you want, you can arrange for uploaded anonymous files to being owned by#a different user. note! Using "root" for uploaded files are not#recommended!#Chown_uploads=yes#Chown_username=whoever##The name of the log file when Xferlog_enable=yes and Xferlog_std_format=yes#warning-changing this filename affects/etc/logrotate.d/vsftpd.log#Xferlog_file=/var/log/xferlog##switches between logging into Vsftpd_log_file and xferlog_file files.#NO writes to Vsftpd_log_file, YES to Xferlog_filexferlog_std_format=YES##You could change the default value of timing out of an idle session.#idle_session_timeout=600##The default value for timing out a data connection.#data_connection_timeout=120##It is recommended this define on your system a unique user which the#FTP server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure##Enable this and the server would recognise asynchronous ABOR requests. not#Recommended for security (the code is non-trivial). Not enabling it,#However, may confuse older FTP clients.#Async_abor_enable=yes##By default the server would pretend to allow ASCII mode but in fact ignore#The request. Turn on the below options to has the server actually do ASCII#mangling on files while in ASCII mode.#beware, some FTP servers, ASCII support allows a denial of service#Attack (DoS) via the command "Size/big/file" in ASCII mode. VSFTPD#predicted this attack and have always been safe, reporting the size of the#raw file.#ASCII mangling is a horrible feature of the protocol.#Ascii_upload_enable=yes#Ascii_download_enable=yes##fully customise the login banner string:#ftpd_banner=welcome to Blah FTP service.##You may specify a file of disallowed anonymous e-mail addresses. Apparently#useful for combatting certain DoS attacks.#Deny_email_enable=yes#(default follows)#banned_email_file=/etc/vsftpd/banned_emails##Specify an explicit list of the Local users to Chroot () to their home#directory. If Chroot_local_user is YES and then this list becomes a list of#users to Not chroot ().Chroot_local_user=yeschroot_list_enable=YES#(default follows)chroot_list_file=/etc/vsftpd/chroot_list##You may activate the "-r" option to the builtin LS. this was disabled by#default to avoid remote users being able to cause excessive I/O on large#sites. However, some broken FTP clients such as "ncftp" and "mirror" assume#The presence of the "-r" option, so there was a strong case for enabling it.#Ls_recurse_enable=yes##When "Listen" directive are enabled, VSFTPD runs in standalone mode and#listens on IPV4 sockets. This directive cannot is used in conjunction#With the listen_ipv6 directive.listen=YES##This directive enables listening on IPV6 sockets. To listen on IPv4 and IPv6#sockets, you must run the copies of vsftpd with the configuration files.#Make sure, which one of the listen options is commented !#Listen_ipv6=yesPam_service_name=vsftpduserlist_enable=yestcp_wrappers=yes
Above is the configuration file I have modified
anonymous_enable=no change to No
chroot_local_user=yeschroot_list_enable=Yes specify chroot_list path, before write chroot_root even for this, it will appear
Not copying any file from the Skel directory into it. Creating Mailbox File:fil
chroot_list_file=/etc/vsftpd/chroot_list
CentOS Installation Vsftp