CentOS Server Configuration (ii) FTP configuration

CentOS Configuration VSFTPD Server

1. Install vsftpd via Yum

[Email protected] ~]# yum-y install VSFTPD

Plus-y is prompted by default to press Y directly. The VSFTPD version of Yum installed here should be 2.2.2.

[[Email protected] ~]# service VSFTPD status  //view state, default is off [[email protected] ~]# service VSFTPD start< c5/>//Open VSFTPD Service

2. Set to boot

[Email protected] ~]# chkconfig vsftpd on

3. Configure the configuration and modify the/etc/vsftpd/vsftpd.conf inside;

[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf

It is easier to modify code coloring with VIM. than VI to be clear. To set yourself according to your needs, see the vsftpd.conf configuration instructions below.

4. Set the VSFTP account number.

Normal add account, you can use this account to log on to the server, using Nologin prohibit FTP account login server.

You only need to execute the command:

Add the root directory of the FTP account specified on the account. For example, the following code creates an FTP account Ftpuser under the root directory of the Web site Htdocs.

[Email protected] ~]# useradd-d/usr/local/apache/htdocs-s/sbin/nologin ftpuser

The account is set up, but no password has been added to the account. Use passwd to set a password for your account.

[email protected] ~]# passwd ftpuser New Password: //Enter password Retype new Password: //Enter your password again

You can access the VSFTPD by using your account password when you enter it.

vsftpd.conf Configuration Instructions: (The following excerpt from the network.) ）

1) connection of Anonymous server

Anonymous_enable=yes (Allow anonymous login)

Dirmessage_enable=yes (when switching directories, display the contents of the. Message in the directory)

local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (data connection with FTP data port enabled) *

Xferlog_enable=yes (Activation of upload and download logs)

Xferlog_std_format=yes (using the standard log format)

FTPD_BANNER=XXXXX (Welcome information)

PAM_SERVICE_NAME=VSFTPD (Verification method) *

Listen=yes (Standalone VSFTPD server) *

Function: can only connect FTP server, can't upload and download

Note: All of them and the log welcome information related to is optional, hit the asterisk no matter what account to add, is the basic FTP option

2) Open anonymous FTP server upload permission (see, generally do not turn on anonymous upload permissions)

Anon_upload_enable=yes (open upload permission) Anon_mkdir_write_enable=yes (you can also upload files in this directory while creating a directory)

Write_enable=yes (open Local user write permission)

Anon_other_write_enable=yes (anonymous account can have delete permission)

3) permission to open anonymous server download

Add the following information to the configuration file:

Anon_world_readable_only=no

Note: To note the properties of the folder, the anonymous account is the other user's permission to open its read and write execution

(R) Read, download (W) write, upload (X) execute. If you don't open the FTP directory, you can't get in.

4) connection of normal user FTP server

Local_enble=yes (local account can log in)

Write_enable=no (no permission to delete and modify files after local account login)

Function: Can login VSFTPD server with local account, have permission to download and upload

Note: Anonymous server can still log in after the anonymous login is forbidden, but can not upload the download

5) User login restricted to other directories, only into its home directory

Set all local users to execute chroot

Chroot_local_user=yes (all local accounts are only available in your home directory)

Sets the specified user execution Chrootchroot_list_enable=yes (the list in the file can be called)

chroot_list_file=/any specified path/vsftpd.chroot_list

Note: Vsftpd.chroot_list is not created need to add their own, want to control the account directly in the file add account can

6) Restrict local user access to FTP

Userlist_enable=yes (use UserList to restrict user access)

Userlist_deny=no (the list of people is not allowed to visit)

userlist_file=/specify the path of the file to be stored/(path of file placement)

Note: Open userlist_enable=yes Anonymous account cannot login

7) Security Options

idle_session_timeout=600 (seconds) (10 minutes after user session is idle)

data_connection_timeout=120 (seconds) (data connection is idle for 2 minutes)

accept_timeout=60 (seconds) (Break the client after 1 minutes of inactivity)

connect_timeout=60 (seconds) (Interrupt 1 minutes and reconnect)

local_max_rate=50000 (bite) (Local user transfer rate 50K)

anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)

pasv_min_port=50000 (change the client's data connection port to

Between pasv_max_port=60000 50000-60000)

MAX_CLIENTS=200 (maximum number of FTP connections)

Max_per_ip=4 (maximum number of connections per IP)

listen_port=5555 (data connection from Port 5555)

8) See who logged in FTP and kill the process

PS–XF |grep FTP

Kill Process Number

CentOS Server Configuration (ii) FTP configuration