Configure VSFTP server in CentOS

CentOS configuration VSFTP server [1] install VSFTP [root @ localhost ~] # Yum-y install vsftpd [2] configure the vsftpd. conf file www.2cto.com [root @ localhost ~] # Vi/etc/vsftpd. conf # Example config file/etc/vsftpd. conf # The default compiled in settings are fairly paranoid. this sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd. conf.5 for all compiled in defaults. # read this: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd. conf.5 manual page to get Full idea of vsftpd's # capabilities. # Allow anonymous FTP? (Beware-allowed by default if you comment this out ). # anonymous_enable = YES # Uncomment this to allow local users to log in. local_enable = YES # Uncomment this to enable any form of FTP write command. write_enable = YES # www.2cto.com # Default umask for local users is 077. you may wish to change this to 022, # if your users Except CT that (022 is used by most other ftpd's) local_umask = 022 # Unco Mment this to allow the anonymous FTP user to upload files. this only # has an effect if the above global write enable is activated. also, you will # obviusly need to create a directory writable by the FTP user. # anon_upload_enable = YES # Uncomment this if you want the anonymous FTP user to be able to create # new directories. # anon_mkdir_write_enable = YES # Activate directory messages-messag Es given to remote users when they # go into a certain directory. dirmessage_enable = YES # The target log file can be vsftpd_log_file or xferlog_file. # This depends on setting xferlog_std_format parameter xferlog_enable = YES # Make sure PORT transfer connections originate from port 20 (ftp-data ). connect_from_port_20 = YES # www.2cto.com # If you want, you can arrange for uploaded anonymous files To be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! # Chown_uploads = YES # chown_username = whoever # The name of log file when xferlog_enable = YES and xferlog_std_format = YES # WARNING-changing this filename affects/etc/logrotate. d/vsftpd. log # xferlog_file =/var/log/xferlog # Switches between logging into vsftpd_log_file and xferlog_file files. # NO writes to vsftpd_log_file, YES to xferlog_file xferlog_std_format = YES # You may change the default Value for timing out an idle session. idle_session_timeout = 600 # You may change the default value for timing out a data connection. data_connection_timeout = 120 # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. # nopriv_user = ft1_cure # www.2cto.com # Enable this and the server will recognize asynchronous ABOR requests. not # recommended for security (the code is non-trivial ). not enabling it, # however, may confuse older FTP clients. # async_abor_enable = YES # By default the server will pretend to allow ASCII mode but in fact ignore # the request. turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support Allows a denial of service # attack (DoS) via the command "SIZE/big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. ascii_upload_enable = YES ascii_download_enable = YES # You may fully customise the login banner string: ftpd_banner = Welcome to lightnear FTP service. # You m Ay specify a file of disallowed anonymous e-mail addresses. apparently # useful for combatting certain DoS attacks. # authorization = YES www.2cto.com # (default follows) # banned_email_file =/etc/vsftpd/banned_emails # You may specify an explicit list of local users to chroot () to their home # directory. if chroot_local_user is YES, then this list becomes a list of # users to NOT chroot (). chroo T_local_user = YES # chroot_list_enable = YES # (default follows) # chroot_list_file =/etc/vsftpd/chroot_list # You may activate the "-R" option to the builtin ls. this is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. however, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for ena Bling it. ls_recurse_enable = YES # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. this directive cannot be used in conjunction # with the listen_ipv6 direve ve. listen = YES # www.2cto.com # This directive enables listening on IPv6 sockets. to listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make Sure, that one of the listen options is commented !! # Listen_ipv6 = YES pam_service_name = vsftpd userlist_enable = YES userlist_deny = NO local_root =/var/public_root tcp_wrappers = YES use_localtime = YES [3] adding FTP accounts [root @ localhost ~] # Useradd cent-s/sbin/nologin [root @ localhost ~] # Passwd cent [4] edit the user_list file to allow cent users to access FTP www.2cto.com [root @ localhost ~] # Vi/etc/vsftpd/user_list # vsftpd userlist # If userlist_deny = NO, only allow users in this file # If userlist_deny = YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks/etc/vsftpd/ftpusers # for users that are denied. rootbindaemonadmlpsyncshutdownhaltmailnewsuucpoperatorgamesnobodycent www.2cto.com [5] create our root directory and set Access permission [root @ localhost ~] # Mkdir/var/public_root [root @ localhost ~] # Chown-R cent/var/public_root [root @ localhost ~] # Chmod-R 755/var/public_root [6] enable the vsftpd service [root @ localhost ~] # Service vsftpd startStarting vsftpd for vsftpd: [OK] [7] vsftp service is enabled by default [root @ localhost var] # chkconfig vsftpd on