Configure vsftp for non-virtual users in debian

In debian, configure vsftp non-virtual users-Linux Release Technology-Debian information. The following is a detailed description. FTP is also used in apache. It is always modified in windows, and transferred to the web server. It is more convenient to use vsftp!

It is also because it is only used by myself, so there is no difficult action.

Install vsftp
Apt-get install update
Apt-get install vsftpd

Check if ftp is started
Netstat-a | grep ftp *
Ftp-localhost

Determines whether vsftp is started with the system.
You can use rcconf.
Apt-get install update
Then enter rcconf to manage it on the GUI!
This is indeed much easier than update-rc.d.

First, let's see how to exclude users who are not allowed to log on to the FTP server.
This is very important. Some dangerous accounts such as root must be excluded!
In/etc/ftpusers, the user name list that does not allow access to the FTP server is recorded. By default, root is excluded during Debian installation to ensure vsftp security.
The following is my ftpusers. If you feel the trouble of using a virtual account for Management (because the best way to use it is through MYSQL ). you can write all users under/etc/passwd to it and add them one by one! :)
In this way, only accounts manually added later can log on to FTP.
Cat/etc/ftpusers
#/Etc/ftpusers: list of users disallowed FTP access. See ftpusers (5)
Root
Daemon
Bin
Sys
Sync
Games
Man
Lp
Mail
News
Uucp
Nobody

Vsftp logs are very important.
Vsftp logs are stored in/var/log
You can check whether there are any illegal actions. For example, an account without the FTP logon permission has logged on to the FTP server.

Manage vsftp system services
Start Service/etc/init. d/./vsftpd start
Restart/etc/init. d/./vsftpd restart)
Stop Service/etc/init. d/./vsftpd stop

Configure anonymous login to allow download only
This part only occupies some space. In fact, I don't think I can use it !!!
It may take a few minutes to complete the modification.
After Debian is installed, a vsftpd. conf template is provided.
Only a few letters can be changed manually.
Modify/etc/vsftpd. conf
Listen = yes (independent VSFTPD server )*
Max_clients = 200 (200 clients are allowed to be connected at the same time)
Max_per_ip = 4 (each IP allows up to four processes)
Anonymous_enable = yes (anonymous login allowed)
Local_enable = NO (prohibit local system users)
Write_enable = NO (do not grant write permission to Local Users)
Anon_upload_enable = NO (anonymous user upload permission)
Anon_mkdir_write_enable = NO (disable upload directory and disable upload permission in this directory)
Anon_other_write_enable = NO (disable the permission to delete anonymous accounts)
Anon_world_readable _ (prohibit anonymous support for downloading files with global read permission)
Hide_ids = YES (the user and group information columns in the directory are displayed as ftp)
Ls_recurse_enable = NO (ls-R recursive query forbidden)
Dirmessage_enable = yes (The. message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on FTP, default: 077)
Connect_form_port_20 = yes (enable data connection on the FTP data port )*
Xferlog_enable = yes (enable upload and download logs)
Xferlog_std_format = yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsftpd (Verification Method)
Just installed vsftp anonymous user path/home/ftp

Configure local users to use FTP server
I think this part is quite useful. If you are too lazy to use a virtual account to manage FTP uploads, downloads, modifications, and so on, this is a simple and clean method.
Modify/etc/vsftpd. conf
Local_enable = YES (the local account can log on)
Write_enable = NO (the local account does not have the permission to modify or delete files. I just want to use ftp to manage the web server. So this is changed to YES. Otherwise, files cannot be uploaded)
Set all local users to execute chroot
Chroot_local_user = YES (all local accounts can only be in their home directory)
Set the specified user to execute chroot
Chroot_list_enable = YES (the list in the file can be called)
Chroot_list_file =/any specified path/vsftpd. chroot_list
Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, you can directly add the account in the file.
Restrict access to FTP by local users
Userlist_enable = yes (use userlistlai to restrict user access)
Userlist_deny = no (users in the list are not allowed to access)
Userlist_file =/Specify the path for storing the file/(File placement path)
Note: Enabling userlist_enable = yes for anonymous accounts cannot log on
Modify pam_service_name =/etc/pam. d/vsftpd (it seems that only vsftp In debian is a bad idea. It is very important that you change it to an absolute path .)

Security Options
Data_connection_timeout = 120 (seconds) (data is idle for two minutes)
Accept_timeout = 60 (seconds) (the client is disconnected after being idle for 1 minute)

Configure the Local Group to access FTP
First, create the directory of the user group test and FTP
Groupadd ftpadmin)
Mkdir/tmp/test (I directly allocate the/var/www file to the user to manage the apache web directory)
Then create a user
Useradd-G ftpadmin-d/tmp/test-M user1
Note: G: the user's Group d: Specify to create the user's own directory M: do not create a default home directory, that is, there is no own directory under/home

I just made an account to transfer files to my web server.
Useradd-G ftp-d/var/www-M webadmin

Then, change the group and user of the folder.
Chown webadmin. ftpadmin/var/www change/var/www to webadmin
Chmod 711/var/www
The read permission set here is 711, that is, the full permission of the folder owner. The same group, that is, the above FTP group and all users are executable permissions.
At first, I habitually changed www to 750 and told me that I had no permission to read the results when I tested apache server in IE. after that, I checked the www permission and found that the permissions of all users are 0. oh!

Check who is logged on to FTP and stops the process.
Ps-xf | grep ftp
Kill process number