Configure ftp in Red Hat 9

　　1. Install the vsftpd Server

Vsftpd is currently one of the best FTP server tools in Linux. Among them, VS is short for "very secure" (very secure). It can be seen that its biggest advantage is security. In addition, it also has the advantages of small size, customizable, and high efficiency.

If you choose to fully install red hat linux 9.0, the system will install the vsftpd server by default. In the terminal command window, enter the following command for verification:

[Root @ ahpeng root] rpm-Q agrep vsftpd

If the result shows as a vsftpd-1.1.3-8, it indicates that the vsftpd server is installed. If you do not select a vsftpd server when installing red hat linux 9.0, you can click the "Main Menu> system Settings> add or delete application" menu in the graphic environment, in the "software package management" dialog box that appears, make sure that the "FTP server" option is selected, and then click the "Update" button. Follow the on-screen prompts to insert 3rd installation discs to start installation.

Alternatively, you can insert 3rd installation discs, locate the vsftpd-1.1.3-8.i386.rpm installation package under/RedHat/rpms, and then run the following command in the terminal command window to start the installation process:

[Root @ ahpeng RPMs] rpm-IVH vsftpd-1.1.3-8.i386.rpm

　　2. Start/restart/stop the vsftpd service

From Red Hat Linux 9.0, vsftpd starts the vsftpd service in standalone mode by default by running the following command in the terminal command window:

[Root @ ahpeng root]/etc/rc. d/init. d/vsftpd start

Restart the vsftpd service:

[Root @ ahpeng root]/etc/rc. d/init. d/vsftpd restart

Disable the vsftpd service:

[Root @ ahpeng root]/etc/rc. d/init. d/vsftpd stop

After confirming that the vsftpd service has been started, we can enter "FTP ftpaddres" in the DOS command window of any Windows host (replace ftpaddres with the actual FTP Server IP address or domain name ), note that the username and password are all FTP (FTP is the ing of anonymous users to user accounts), as described below:

Microsoft Windows XP [version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

F:/Peter> FTP ftpaddress

Connected to ftpaddress

220 (vsftpd 1.1.3) // vsftpd Response Request

User (ftpaddress :( none): ftp // enter the user account FTP

331 please specify the password.

Password: // enter the FTP Password

230 login successful. Have fun.

Ftp>

　　3. vsftpd Configuration

In red hat linux 9.0, vsftpd has three configuration files:

Vsftpd. ftpusers: located in the/etc directory. It specifies which user accounts cannot access the FTP server, such as root.

Vsftpd. user_list: located in the/etc directory. The user account in this file cannot access the FTP server by default. Access is allowed only when the userlist_enable = no option is enabled in the vsftpd. conf configuration file.

Vsftpd. conf: located in the/etc/vsftpd directory. It is a text file. We can use text editing tools such as Kate and VI to modify it, to customize FTP server configurations, such as user logon control, user permission control, timeout settings, server function options, server performance options, and server response messages.

(1) User Logon Control

Anonymous_enable = Yes, allows anonymous users to log on.

No_anon_password = yes. You do not need to enter a password when logging on as an anonymous user.

Local_enable = Yes, allow local users to log on.

Deny_email_enable = yes, you can create a file to save the blacklist of some anonymous emails to prevent these people from using DoS attacks.

Banned_email_file =/etc/vsftpd. banned_emails. When the deny_email_enable function is enabled, the required path for saving the email blacklist is/etc/vsftpd. banned_emails by default ).

(2) user permission Control

Write_enable = yes. enable the global upload permission.

Local_umask = 022. The umask of the local user's uploaded file is set to 022 (the default value is 077. Generally, it can be changed to 022 ).

Anon_upload_enable = Yes, which allows anonymous users to have the upload permission. Obviously, you must enable write_enable = yes to use this option. At the same time, we must create a directory that allows ftp users to read and write data (as mentioned earlier, FTP is mapped to user accounts by anonymous users ).

Anon_mkdir_write_enable = yes. Anonymous Users are allowed to create directories.

Chown_uploads = yes. If this option is enabled, the owner of the file to be uploaded anonymously will be changed to another user account. Note that you are advised not to specify the root account as the owner of the file to be uploaded anonymously!

Chown_username = whoever. When chown_uploads = yes is enabled, the specified owner account must be replaced by an appropriate user account.

Chroot_list_enable = yes. You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = Yes, the specified users in this list are unrestricted.

Chroot_list_file =/etc/vsftpd. chroot_list. If chroot_local_user = Yes, specify the Save path for the List (chroot_local_user) (/etc/vsftpd. chroot_list by default ).

Nopriv_user = ft1_cure: Specifies a secure User Account to allow the FTP server to be used as an independent user with full isolation and no privileges. This is a recommended option For vsftpd systems.

Async_abor_enable = yes. We strongly recommend that you do not enable this option, otherwise it may cause errors!

Ascii_upload_enable = yes; ascii_download_enable = yes. By default, the server will pretend to accept requests in asc ii mode but ignore such requests, enabling these two options enables the server to implement transmission in asc ii mode.

Note: enabling the ascii_download_enable option will enable malicious remote users to use commands such as size/big/file in asc ii mode to consume a large amount of FTP server I/O resources.

The configuration options in asc ii mode are divided into upload and download, so that we can allow upload in asc ii mode (this can prevent the upload of malicious files such as scripts from crashing ), this vulnerability does not cause DoS attacks.

(3) User connection and timeout options

Idle_session_timeout = 600. You can set the default idle time-out period. If you do not wait for this period, the server will be kicked out.

Data_connection_timeout = 120, set the default data connection timeout time.

(4) server logs and welcome information

Dirmessage_enable = Yes, which allows you to display information for directory configuration and the content of the message_file file under each directory.

Ftpd_banner = welcome to blah FTP service. You can customize the welcome information that ftp users can see when they log on to the server.

Xferlog_enable = Yes, enabling the function of recording upload/Download activity logs.

Xferlog_file =/var/log/vsftpd. log. You can customize the log file storage path and file name. The default value is/var/log/vsftpd. log.