Configuring an FTP server in Linux

Source: Internet
Author: User
Tags ftp connection ftp site parent directory ftp client

1. Use rpm-qa| First grep vsftpd Command Check whether it is installed, if FTP is not installed, use yum-y install VSFTPD installation, (Ubuntu use Apt-get install vsftpd)

2. Service vsftpd start/service vsftpd Restart

Start to let FTP start automatically every time you boot, run command: Chkconfig--level vsftpd on

3. Set FTP Permissions

Vi/etc/vsftpd/vsftpd.conf

Change Anonymous_enable=yes to Anonymous_enable=no
ESC back, enter ": Wq" to save and launch

Refresh Firewall

#iptables-F

The main configuration files for vsftpd are:

/etc/vsftpd/vsftpd.conf

Experiment One:

If I do not allow FTP anonymous login, we can modify the VSFTPD master configuration file to implement

#vi/etc/vsftpd/vsftpd.conf changed anonymous_enable=yes to Anonymous_enable=no

Experiment Two:

The FTP server in Windows can set the welcome word, the maximum number of connections, then we set in the Linux FTP server? I would like to answer: Also, we can also vsftpd the main configuration file to implement the # vi/etc/vsftpd/vsftpd.conf

Add Ftpd_banner=welcome to here! at the end This is the welcome word max_clients=100 This means that up to 100 users can access the restart VSFTPD at the same time!

Experiment Three:

If I want to lend my money to a colleague (Lilei), do not want him to login to our FTP site, then I can add user Lilei to Vi/etc/vsftpd.ftpusers

Experiment Four:

Morning general manager said to promote the company a small number of people, heard the news, hurriedly action, I only allow the general manager of a person can log on the FTP server, other people do not want to shoot the manager of horses, limit other people. I can do this: # vi/etc/vsftpd/vsftpd.conf

Add 2 to the end,

Userlist_deny=no/The person in this list does not refuse, others refuse (including anonymity)

USERLIST_FILE=/ETC/MP/Indicates the path of the list

The VSFTPD configuration file takes "#" as an annotation, and lines and blank lines beginning with "#" are ignored at parse time, and the remaining rows are treated as configuration command lines, with no spaces left on each of the "=" commands for each configuration command. For each configuration command, the configuration file also lists the relevant configuration instructions, using the VI editor to make edits to the configuration file. Here's how:
#vi/etc/vsftpd/vsftpd.conf

1. Sign-in and settings for anonymous users


Write_enable=yes//Whether write permission is turned on for the logged on user. is a global setting. Default No
Local_enable=yes//Whether Local users are allowed to log on to the FTP server. Default is No
Anonymous_enable=yes//Sets whether anonymous users are allowed to log on to the FTP server. The default is Yes
FTP_USERNAME=FTP//define the account name of the anonymous user, the default value is FTP.
No_anon_password=yes//anonymous user asks for password when logged in. Set to Yes, you do not ask. Implied
Recognition No
Anon_world_readable_only=yes//Whether anonymous users are allowed to download readable documents, the default is YES.
Anon_upload_enable=yes//Whether anonymous users are allowed to upload files. Only if the write_enable is set to
Yes, the configuration item is valid. And anonymous users must have write access to the corresponding directory. The default is No.
Anon_mkdir_write_enable=yes//Whether anonymous users are allowed to create directories. Valid only if the write_enable is set to Yes. and anonymous users have permission to write to the upper directory. The default is No.
Anon_other_write_enable=no//If set to Yes, anonymous users will be allowed to have more than
Permissions to upload and create directories, as well as delete and rename permissions. The default value is No.

2. Set Welcome info

After the user logs on to the FTP server successfully, the server can output the pre-set welcome message to the logged-on user.
Ftpd_banner=welcome to my FTP server.
This configuration item is used to set a shorter welcome message. If you have more welcome information, you can use the Banner_file configuration item.
Banner_file=/etc/vsftpd/banner
Sets the output file to be displayed when the user logs on. This setting overrides the settings for Ftpd_banner.
Dirmessage_enable=yes
Sets whether to display directory messages. When set to Yes, when a user enters a specific directory (such as/var/ftp/linux), the contents of the file (. message) specified by the Message_file configuration item in that directory are displayed.
Message_file=.message//Set directory message file. The display information can be stored in the file. The file needs to be placed in the appropriate directory (e.g./var/ftp/linux)

3. Set the directory where the user is logged in
Local_root=/var/ftp
Sets the directory where the local user is logged on. The entry is not set in the default profile, when the user logs on to the FTP server and the directory is the user's home directory, or the/root directory for the root user.
Anon_root=/var/ftp
Sets the directory where anonymous users are logged on. If not specified, the default is the/var/ftp directory.

4. Controls whether the user is allowed to switch to the parent directory
In the default configuration, users can use the CD. The name switches to the parent directory. For example, if the directory where the user is logged in is/var/ftp, then the "ftp>" Under command line, execute "CD.." command, the user will switch to their parent directory/VAR, and if you continue with the command, you can go to the root of the Linux system to operate the entire Linux file system.

If the Write_enable=yes is set, then the user can also overwrite the files in the root directory, which will bring a great security risk to the system, therefore, the user must be prevented from switching to the root directory of Linux, the related configuration items are as follows:
Chroot_list_enable=yes
Sets whether the user list file specified by the Chroot_list_file configuration item is enabled. Set to Yes in addition to the accounts listed in the J/etc/vsftpd/chroot_list file, all logged-in users can enter a directory other than the FTP root directory. Default No
Chroot_list_file=/etc/vsftpd/chroot_list
Lets you specify a user list file that controls which users can switch to the ancestor directory of the FTP site root.
Chroot_local_user=yes
Lets you specify whether users in the user list file are allowed to switch to the parent directory. Default No
Note: To view the effect on a local user, you need to first set the LOCAL_ROOT=/VAR/FTP

Here are some of the following:
1) When Chroot_list_enable=yes,chroot_local_user=yes, the users listed in the/etc/vsftpd/chroot_list file can switch to the parent directory, the user who is not listed in the file, You cannot switch to the parent directory of the site root directory.
2) When Chroot_list_enable=yes,chroot_local_user=no, the users listed in the/etc/vsftpd/chroot_list file cannot switch to the parent directory of the site root, and users who are not listed in the file You can switch to the parent directory.
3) When Chroot_list_enable=no,chroot_local_user=yes, all users cannot switch to the parent directory.
4) When Chroot_list_enable=no,chroot_local_user=no, all users can switch to the parent directory.
5) When the user is not allowed to switch to the parent directory, the root directory "/" of the FTP site after login is the home directory of the FTP account, the/VAR/FTP directory of the file's system.

5. Set access Control
(1) Set the host to allow or disallow access (see TBP14)
The Tcp_wrappers=yes is used to set the VSFTPD server to be combined with the TCP wrapper for host access control. The default setting for the YES,VSFTPD server checks the settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection will allow access to the FTP server. These two files can play a simple firewall function.
For example, to allow only 192.168.168.1~192.168.168.254 users to access the connected VSFTPD server, you can add the following to the/etc/hosts.allow file:
Vsftpd:192.168.168.0/255.255.255.0:allow
All:all:deny

(2) Set the user who is allowed or not allowed to access
Access control for users is controlled by the/etc/vsftpd/user_list and/etc/vsftpd/ftpusers files. The relevant configuration commands are as follows:
Userlist_enable=yes
Determines whether the/etc/vsftpd/user_list file is active. Yes is effective and no does not take effect.
Userlist_deny=yes
Determines whether the user in the/etc/vsftpd/user_list file is allowed access or not allowed. If set to Yes, users in the/etc/vsftpd/user_list file will not be allowed access to the FTP server, and if set to No, only users in the Vsftpd.user_list file can access the FTP server.

6. Set access speed
Anon_max_rate=0
Set the maximum transfer speed that can be used by anonymous users in B/S. If set to 0, the speed limit is not limited, this is the default value.
Local_max_rate=0
Sets the maximum transfer speed that can be used by local users. The default is 0, unrestricted.

7. Defining User Profiles
In the VSFTPD server, different users can also use different configurations, which are implemented through user profiles.
user_config_dir=/etc/vsftpd/userconf//used to set the directory where the user profile resides.
When the configuration item is set, when the user logs on to the FTP server, the system reads the same file as the current user name in the/etc/vsftpd/userconf directory and further configures the current user based on the configuration commands in the file. For example, with user profiles, you can control the speed of access to different users, and in each user profile, define the Local_max_rate configuration to determine how fast the user is allowed to access.

8. Connection-Related Settings
Listen=yes
Sets whether the VSFTPD server runs in standalone mode. Running in standalone mode is a good way, at which point the listen must be set to Yes, which is the default value and is not recommended. Many configuration commands that are related to the server run require this run mode to be valid. If set to No, the VSFTPD is not run as a standalone service, and is subject to the administrative control of the XINETD service and is limited in functionality.

Max_clients=0
Sets the maximum number of connections allowed for VSFTPD, which defaults to 0, which means unrestricted. When set to 150, 150 connections are allowed at the same time, and the connection will be rejected if it is exceeded. Only valid when running in standalone mode.

Max_per_ip=0
Set each IP address to allow the number of simultaneous connections to the FTP server. The default is 0, unrestricted. This configuration can usually be set up to prevent too many connections from being established by the same user. Only valid when running in standalone mode.

Listen_address=ip Address
Sets the FTP request to listen for the user on the specified IP address. If not set, all IP addresses that are bound by the server are listened to. Only valid when running in standalone mode. For a server that is bound to only one IP address, you do not need to configure the item, and the configuration file does not have it by default. If the server is bound to multiple IP addresses at the same time, the configuration entry should be used to specify the IP address on which to provide the FTP service, which specifies the IP address that the FTP server uses.
Note: Before and after setting this value, you can compare the listening condition of the port by NETSTAT-TNL

Accept_timeout=60
Sets the time-out period for establishing a passive (PASV) data connection in seconds, and the default value is 60.
Connect_timeout=60
The time-out period in seconds for establishing a data connection in port mode.
data_connection_timeout=300
Sets the time-out period for establishing an FTP data connection, which defaults to 300 seconds.

idle_session_timeout=600
Set how long to do nothing for the FTP server, disconnect the FTP connection in seconds and the default is 600 seconds. That is to set a daze over time, in this time, if there is no data transfer or instruction input, it will forcibly disconnect.
Pam_service_name=vsftpd
Set the name used in Pam, the default value is VSFTPD.

setproctitle_enable=no| YES
Set each connection to the FTP server, whether it is displayed in a different process, the default value is no, and there is only one process named VSFTPD. If set to Yes, each connection will have a VSFTPD process, using the Ps-ef|grep FTP command to see the detailed FTP connection information. For security reasons, it is recommended to close.

9. FTP working mode and port settings
(1) Introduction of FTP working mode
FTP works in two ways, one is port FTP, the other is PASV ftp. The following describes how it works.
The difference is that port FTP data transfer ports are specified by the FTP server, while PASV FTP is specified by the FTP client, and each data connection uses a different port number. Because of this, in the CuteFTP and other FTP client software, its connection type setting item has port and PASV two kinds of choice.

When the FTP server is set to PASV mode of operation, the client must also be set to the PASV connection type. If the client connection type is set to port, an FTP connection can be established, but when a command that requires data requests such as LS or get is executed, there will be no response and the final report cannot establish a data connection.

(2) Port-related configuration
Listen_port=21
Sets the port that the FTP server listens on to establish a connection, with a default value of 21.
Example of connecting non-standard ports: FTP www.sunflower.org 7000
Connect_from_port_20=yes
The default value is Yes, which specifies that the FTP data transfer connection uses port 20. If set to No, the port used for data connection is specified by Ftp_data_port.

Ftp_data_port=20
Sets the port used by the FTP data connection under Port mode, with the default value of 20.
Pasv_enable=yes|no
If set to Yes, the PASV operation mode is used, and if set to No, port mode is used. The default is yes, which uses the PASV mode.
Pasv_max_port=0
Sets the upper bound of the range of ports that the data connection can use in PASV mode of operation. The default value is 0, which indicates any port.
Pasv_mim_port=0
Sets the lower bound of the range of ports that a data connection can use in PASV mode of operation. The default value is 0, which indicates any port.

10. Set Transfer Mode
FTP can use binary (binary) mode when transferring data, or it can use ASCII to upload or download data.
Ascii_download_enable=yes//Sets whether ASCII mode is enabled to download data. The default is No.
Ascii_upload_enable=yes//Sets whether ASCII mode is enabled for uploading data. The default is No.

11. Set the owning relationship and permissions for the uploaded document
(1) To set the owner of the anonymous upload document
Chown_uploads=yes
Used to set whether to change the owner of documents uploaded by anonymous users. The default is No. If set to Yes, the owner of the document uploaded by the anonymous user is set to the user name set by the Chown_username configuration item.
Chown_username=whoever
Sets the owner name of the document that is uploaded by anonymous users. Only valid when Chown_uploads=yes. It is not recommended to set as root user. But the system defaults to root

(2) Permission settings for new documents
local_umask=022
Set the umask of new documents for local users, default to 022, and the corresponding permissions to 755. Umask is 022, the corresponding binary number is 000 010 010, it is reversed to 111 101 101, converted to a decimal number, that is, the permission value of 755, representing the owner of the document (master) has read and write execution rights, the group has the reading and execution rights, other users have read and execute rights. 022 is suitable for most situations and generally does not need to be changed. If set to 077, the corresponding permission is 700.
anon_umask=022//Set Umask of new documents for anonymous users. Default 077
file_open_mode=0755//Set permissions to upload documents. Permissions are in number format. Default 0666

12. Log file
Xferlog_enable=yes//Whether upload/download logging is enabled. Default is No
Xferlog_file=var/log/vsftpd.log//Set log file name and path. You need to enable the xferlog_enable option
Whether the Xferlog_std_format=yes//log files use the standard xferlog log file format (the same format used by WU-FTPD). Default is No

13. Other Settings
Text_userdb_names=no
Sets whether the UID, GID, or specific user name or group name is displayed when the LS command is executed. Default is no, displayed as UID and GID, set to Yes if you want to display the user name and group name.
Ls_recurse_enable=yes
If set to Yes, the "ls–r" command is allowed and the default value is No. In the configuration file, the configuration item is commented out, similar to some configuration, need to be enabled, remove the comment and make a yes or no settings

Configuring an FTP server in Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.