3.2.2 example
3.2.1. Directly start the VSFTP Service
This example is a default example of applying RedHat to directly start vsftp.
[Root @ relay vsftpd] #/sbin/service vsftpd start
Starting vsftpd for vsftpd: OK]
3.2.2. Change port to provide service: Replace the default port 21 with 2121
For the sake of security, or to separate different ftp services by port, we may change the ftp port to a port other than 21, so refer to the following steps.
Step 1. Modify/etc/vsftpd. conf
Add the following line
Listen_port= 2121
Step2. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
3.2.3. Specific users peter and john may not change Directories
The user's default directory is/home/username. If we do not want the user
To switch to the directory/home on the previous layer, follow these steps.
Step 1. Modify/etc/vsftpd. conf
Set the following three lines
# Chroot_list_enable = YES
# (Default follows)
# Chroot_list_file =/etc/vsftpd. chroot_list
Change
Chroot_list_enable = YES
# (Default follows)
Chroot_list_file =/etc/vsftpd/chroot_list
Step 2: Add a file:/etc/vsftpd/chroot_list
Add two lines to the content:
Peter
John
Step3. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
If peter wants to switch to a directory other than the root directory, the following warning will appear:
Ftp> cd/home
550 Failed to change directory.
3.2.4. Cancel anonymous Logon
If your host does not require anonymous user login, follow these steps.
Step 1. Modify/etc/vsftpd. conf
Set
Anonymous_enable = YES
Change
Anonymous_enable = NO
Step2. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
3.2.5. Arrange welcome words
If you want to see the welcome message when logging on to the host, it may include descriptions of the host, or descriptions of the Directory, refer to the following steps.
First, check whether this line exists in/etc/vsftpd. conf.
Dirmessage_enable = YES
The default value of RedHat9 includes the above line.
Next, add the name. message file. Assume that there is a user test1, and the root directory of this user has a directory named abc. First, in/home/test1
Add. message, the content is as follows:
Hello ~ Welcome to the home directory
This is for test only...
Next, Add. message in the/home/test1/abc directory. The content is as follows:
Welcome to abc's directory
This is subdir...
When the user logs on to test1, the following message is displayed:
230-Hello ~ Welcome to the home directory
230-
230-This is for test only...
230-
If you switch to the abc directory, the following message is displayed:
250-Welcome to abc's directory
250-
250-This is subdir...
3.2.6. Independent process is used for each online operation.
Generally, when vsftp is started, we only see that a process named vsftpd is running. But if the reader wants to present each online process as an independent process, perform the following steps.
Step 1. Modify/etc/vsftpd. conf
Add the following line
Setproctitle_enable = YES
Step2. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
You can use the ps-ef command to view the online situation of different users, as shown in:
[Root @ home vsftpd] # ps-ef | grep ftp
Root 2090 1 0 00:00:00 pts/0 vsftpd: LISTENER
Nobody 2120 2090 0? 00:00:00 vsftpd: 192.168.10.244:
Connected
Test1 2122 2120 0? 00:00:00 vsftpd: 192.168.10.244/test1:
IDLE
Nobody 2124 2090 0? 00:00:00 vsftpd: 192.168.10.244:
Connected
Test2 2126 2124 0? 00:00:00 vsftpd: 192.168.10.244/test2:
IDLE
Root 2129 1343 0 00:00:00 pts/0 grep ftp
[Root @ home vsftpd] #
3.2.7. Speed Limit of file transfer:
The maximum speed of the local user is 200 KBytes/s, and the maximum speed that anonymous login can use is 50 KBytes/s.
Step 1. Modify/etc/vsftpd. conf
Add the following two lines
Anon_max_rate = 50000
Local_max_rate = 200000
Step2. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
The speed here is measured in Bytes/s, where anon_max_rate is restricted by anonymous login.
User, while local_max_rate limits the user of the local machine. Speed limit of VSFTPD
The maximum speed is 80% KBytes/s,
However, the actual speed may be between 80 KBytes/s and 120 KBytes/s. Of course, if the bandwidth is insufficient
The value is lower than this limit.
3.2.8. Different speed limits for different users:
Suppose test1 can use a maximum speed of 250 KBytes/s, and test2 can use a maximum speed of 500 KBytes/s.
Step 1. Modify/etc/vsftpd. conf
Add the following line
User_config_dir =/etc/vsftpd/userconf
Step2. Add a directory:/etc/vsftpd/userconf
Mkdir/etc/vsftpd/userconf
Step3. Add a file named test1 under/etc/vsftpd/userconf.
Add a line to the content:
Local_max_rate = 250000
Step 4. Add a file named test2 under/etc/vsftpd/userconf
Add a line to the content:
Local_max_rate = 500000
Step 5. Restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
3.2.9-1. Build an ftp server under the firewall and use port ftp mode:
Default ftp port: 21 and ftp data port: 20
After VSFTPD is started, run the following two lines of commands: port 21 and port 20 are allowed, and other commands are disabled.
Iptables-a input-p tcp-m multiport -- dport 21,20-j ACCEPT
Iptables-a input-p tcp-j REJECT -- reject-with tcp-reset
3.2.9-2. Build an ftp server under the firewall and use port ftp mode:
Ftp port: 2121 and ftp data port: 2020
Step 1: execute the following two lines of commands, only port 2121 and port 2020 are allowed to be enabled, and other commands are disabled.
Iptables-a input-p tcp-m multiport -- dport 2121,2020-j ACCEPT
Iptables-a input-p tcp-j REJECT -- reject-with tcp-reset
Step2. Modify/etc/vsftpd. conf
Add the following two lines
Listen_port= 2121
Ftp_data_port = 2020
Step3. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
In the example of 8 and 9, you cannot select passive mode for the ftp client (such as cuteftp) online mode. Otherwise, you cannot establish online data. That is, the reader can connect to ftp
Server, but cannot run when executing commands such as ls and get.
3.2.10. Build an ftp server under the firewall and use pass ftp mode:
Ftp port: 2121 and ftp data port from 9981 to 9986.
Step1. execute the following two lines of commands. Only port 2121 and port 9981-9990 are allowed. Other commands are disabled.
Iptables-a input-p tcp-m multiport -- dport
2121,9981, 9982,9983, 9984,9985, 9986,9987, 9988,9989, 9990-j ACCEPT
Iptables-a input-p tcp-j REJECT -- reject-with tcp-reset
Step2. Modify/etc/vsftpd. conf
Add the following four lines
Listen_port= 2121
Pasv_enable = YES
Pasv_min_port = 9981
Pasvanderbilt max_port = 9986
Step3. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
In this example, You must select passive mode for the ftp client (such as cuteftp) online mode. Otherwise, you cannot establish online data. That is, the reader can connect to the ftp server, but it cannot run when executing commands such as ls and get.
3.2.11. Combining vsftpd with TCP_wrapper
If you want to define the allowed or denied source address in/etc/hosts. allow, perform the following steps. This is a simple firewall setting.
Step1. determine whether the tcp_wrappers in/etc/vsftpd. conf is set to YES, as shown in
Description:
Tcp_wrappers = YES
This is the default value of RedHat9 and does not need to be modified.
Step2. restart vsftpd
[Root @ home vsftpd] #/sbin/service vsftpd restart
Shutting down vsftpd: OK]
Starting vsftpd for vsftpd: OK]
Step3. set/etc/hosts. allow. For example, provide 111.22.33.4 and 10.1.1.1 to 10.1.1.254 connections.
Line, you can set it:
Vsftpd: 111.22.33.4 10.1.1.: allow
ALL: DENY
3.2.12. Merge vsftpd into XINETD
If the reader wants to incorporate vsftpd into XINETD, that is, the preset settings of version 7.x, then
Readers can perform the following steps.
Step 1. Modify/etc/vsftpd. conf
Set
Listen = YES
Change
Listen = NO
Step 2: Add a file:/etc/xinetd. d/vsftpd
The content is as follows:
Service vsftpd
{
Disable = no
Socket_type = stream
Wait = no
User = root
Server =/usr/sbin/vsftpd
Port = 21
Log_on_success + = PID HOST DURATION
Log_on_failure + = HOST
}
Step3. restart xinetd
[Root @ home vsftpd] #/sbin/service xinetd restart
Stopping xinetd: OK]
Starting xinetd: OK]
3.2.3 documentation
In the example, some omitted settings can be found here, such as the total number of connections, the number of connections to the same address, and the name of the owner of the file, you can make the most suitable settings.
Format
The content of vsftpd. conf is very simple, and each line is set. If it is a blank line or a line starting with #, it will be ignored. There is only one content format, as shown below
Option = value
It should be noted that the equal sign cannot be blank on both sides, otherwise it is incorrect.
=== Ascii settings ==============================
Ascii_download_enable
Controls whether ASCII download is available. The default value is NO.
Ascii_upload_enable
Controls whether ASCII upload is available. The default value is NO.
=== Individual user settings ===========================
Chroot_list_enable
If this function is enabled, all local users can log on to the data folder outside the root directory, except the column
In addition to users in/etc/vsftpd. chroot_list. The default value is NO.
Userlist_enable
Usage: YES/NO
If this function is enabled, the user name in/etc/vsftpd. user_list is read. This function can display a failure message before asking for the password, without the need to check the password program. The default value is disabled.
Userlist_deny
Usage: YES/NO
This option is verified only when userlist_enable is started. If this option is set to YES, users in/etc/vsftpd. user_list cannot log on. If it is set to NO
Users in/etc/vsftpd. user_list can log on. In addition, this function can display an error message before asking for the password, without the need to check the password program.
User_config_dir
Defines the directory where individual user sets files are located, for example, user_config_dir =/etc/vsftpd/userconf, and the host has users test1, test2, then we can add the names test1 and test2 in the user_config_dir directory. If you log on to test1, the settings in the file test1 under user_config_dir will be read. The default value is none.
=== Welcome language ===============================
Dirmessage_enable
If this option is enabled, the first time the user enters a directory, the user will check whether there is a directory. message file, if any, the content of this file will appear. Generally, this file will be placed with welcome words or descriptions of this directory. The default value is enable.
Banner_file
When a user logs in, the file content of this setting is displayed, which is usually a welcome word or description. The default value is none.
Ftpd_banner
Here, we can define a string of welcome words. Compared with banner_file, it is in the file format, while ftpd_banner is in the string format. Default Value: none.
=== Special Security Settings ===========================
Chroot_local_user
If YES, all users on the local machine can switch to a folder other than the root directory. The default value is NO.
Hide_ids
If this function is enabled, the owner and group of all archives are ftp, that is, the user logs on to commands such as ls-al, and the owner and group of all archives are ftp. The default value is disabled.
Ls_recurse_enable
If this function is enabled, the user can use the ls-R command. The default value is NO.
Write_enable
Usage: YES/NO
This option can control whether FTP commands allow file system changes, such as STOR, DELE,
RNFR, RNTO, MKD, RMD, APPE, and SITE. Disabled by default.
Setproctitle_enable
Usage: YES/NO
When this function is enabled, vsftpd will display all processes that are online in different ways. In other words, you can use commands such as ps-ef to view the online status. The default value is disabled.
Tcp_wrappers
Usage: YES/NO
If it is enabled, vsftpd is combined with tcp wrapper, that is, the source address that can be online or rejected can be defined in/etc/hosts. allow and/etc/hosts. deny.
Pam_service_name
The name used by PAM is defined here. The default value is vsftpd.
Secure_chroot_dir
This option must specify an empty folder and no logon user can write data. When vsftpd does not require file system permission, users are restricted to this folder. The default value is/usr/share/empty.
=== Record File Settings ===========================
Xferlog_enable
Usage: YES/NO
If the file is started, the upload and download information will be recorded in the file defined by xferlog_file. It is enabled by default.
Xferlog_file
This option sets the location of the record file. The default value is/var/log/vsftpd. log.
Xferlog_std_format
If it is started, the record file will be written into the standard format of xferlog, as in wu-ftpd. The default value is disabled.
====== =
Accept_timeout
This parameter is set when online connections are established. The unit is seconds. The default value is 60.
Connect_timeout
Set the timeout time for data online in the Response PORT mode, in seconds. The default value is 60.
Data_connection_timeout
This parameter is set when you create an online data volume. Default Value: 300 seconds.
Idle_session_timeout
The Unit is seconds. The default value is 300.
======================================
Anon_max_rate
The maximum transmission speed that anonymous logon can use. The unit is the number of bytes per second. 0 indicates unlimited speed. The default value is 0.
Local_max_rate
The maximum transmission speed that the local user can use. The unit is the number of bytes per second. 0 indicates unlimited speed. The default value is 0.
=== New File Permission settings ==========================
Anon_umask
Umask value when an anonymous user adds a file. The default value is 077.
File_open_mode
The permission to upload files, which is the same as the value used by chmod. The default value is 0666.
Local_umask
Umask value when the local login adds a file. The default value is 077.
=== Port settings ===============================
Connect_from_port_20
Usage: YES/NO
If set to YES, the ftp-data is forced to use port 20 for data transmission. The default value is YES.
Ftp_data_port
Set the port used for ftp data connection. The default value is 20.
Listen_port
The port used by the FTP server. The default value is 21.
Pasv_max_port
To establish online data, you can use the upper limit of the port range. 0 indicates any. The default value is 0.
Pasv_min_port
The lower bound of the port range can be used to establish online data. 0 indicates any. The default value is 0.
======================================
Anon_root
The directory used for anonymous logon. The default value is none.
Local_enable
Usage: YES/NO
Enable this function to allow local users to log on. The default value is YES.
Local_root
The local user will be replaced with the defined directory when logging on. The default value is none.
Text_userdb_names
Usage: YES/NO
When a user logs in and uses commands such as ls-al to query the management right of the file, the owner's UID is displayed by default, instead of the owner's name. If you want the owner name to appear, enable this function. The default value is NO.
Pasv_enable
If it is set to NO, PASV mode is not allowed to establish data online. The default value is enable.
=====================================
Chown_uploads
Usage: YES/NO
If it is enabled, all anonymous data upload owners will be replaced with the users set in chown_username. This option is useful for security and management. The default value is NO.
Chown_username
It can be defined here that when an anonymous login uploads a file, the owner of the file will be replaced by the user name. The default value is root.
=== Guest settings =============================
Guest_enable
Usage: YES/NO
If this function is enabled, all non-Anonymous logins are considered as guest. The default value is disabled.
Guest_username
The User Name of guest is defined here. The default value is ftp.
=== Anonymous settings ===========================
Anonymous_enable
Usage: YES/NO
Control: Allow Anonymous logon. YES indicates Allow Anonymous logon. NO indicates Allow Anonymous logon. The default value is YES.
No_anon_password
If this function is enabled, no password is asked when anonymous logon is used. The default value is NO.
Anon_mkdir_write_enable
Usage: YES/NO
If it is set to YES, Anonymous logons are allowed to add directories. Of course, anonymous users must have write permission to the upper-level directories. The default value is NO.
Anon_other_write_enable
Usage: YES/NO
If it is set to YES, anonymous logon users are allowed more permissions than those outside the upload and creation directories, such as deleting or renaming. The default value is NO.
Anon_upload_enable
Usage: YES/NO
If it is set to YES, anonymous logon users are allowed to upload directories. Of course, anonymous users must have the write permission to the upper-level directories. The default value is NO.
Anon_world_readable_only
Usage: YES/NO
If set to YES, anonymous logon users are allowed to download readable files. The default value is YES.
Ftp_username
Defines the name of the anonymous login user. The default value is ftp.
Deny_email_enable
If this function is enabled, you must provide an archive/etc/vsftpd. banner_emails with the content of email
Address. If anonymous login is used, you are required to enter the email address. If the entered email address is in this file, online access is not allowed. The default value is NO.
=== Standalone options ============================
Listen
Usage: YES/NO
If it is enabled, vsftpd will be executed in an independent way. If vsftpd is executed independently, such as the default value of RedHat9, you must disable this function if vsftpd is included in xinetd, for example, RedHat8. The default value in RedHat9 is YES.
Listen_address
If vsftpd uses standalone mode, you can use this parameter to define which IP address is used to provide this service. If only one IP address is defined on the host, this option is not required, if multiple IP addresses exist, you can define which IP address provides the ftp service. If this parameter is not set, all IP addresses provide this service. The default value is none.
Max_clients
If vsftpd uses standalone mode, you can use this parameter to define the maximum total number of connections. If this number is exceeded, the connection will be rejected. 0 indicates no limitation. The default value is 0.
Max_per_ip
If vsftpd uses standalone mode, you can use this parameter to define the number of online ip addresses. If this number is exceeded, the connection will be rejected. 0 indicates no limitation. The default value is 0.
==================================
3.2.4 significance of FTP digital code
110 restart and mark the response.
120 how long is the service ready.
125 data link port is enabled and ready for transmission.
150 the File status is normal and the data connection port is enabled.
200 the command is successfully executed.
202 command execution failed.
211 system status or system help response.
212 directory status.
The status of the 213 file.
214 help message.
215 name system type.
220 new online service ready.
221 the Service's control port is closed and can be canceled.
225 Data Link is enabled, but there is no transmission action.
226 close the data connection port and the requested file operation is successful.
227 enters the passive mode.
230 user login.
250 the requested file operation is complete.
257 display the current path name.
331 the user name is correct and the password is required.
332 account information is required for logon.
350 the requested operation requires a command.
421 unable to provide services. Disable the control link.
425 the data link cannot be enabled.
426 disable online and terminate transmission.
450 the requested operation was not executed.
451 command termination: there is a local error.
452 unexecuted command: the disk space is insufficient.
500 the format is incorrect and the command cannot be identified.
501 parameter syntax error.
502 command execution failed.
503 command order error.
504 the parameters connected to the command are incorrect.
530 not logged in.
532 Account Login is required to store files.
550 the requested operation is not performed.
551 the Request command is terminated and the type is unknown.
552 the requested file is terminated and the storage space overflows.
553 the name of the requested command is incorrect.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
