First, the Linux FTP server classification:
<1>wu-ftp
<2>proftp=profession FTP
<3>vsftp=very Security FTP
Configuration file:
/etc/vsftpd/vsftpd.conf//Master configuration file
/etc/vsftpd.ftpusers//user files that are forbidden to log in to FTP
/etc/vsftpd.user_list//Allow user files to log in to FTP
Ii. means of access
<1> Anonymous Login
<2> Account Login
To start the FTP server:
#service vsftpd Restart
Third, configure the VSFTP server
1.vsftpd.conf each parameter description:
#vi/etc/vsftpd/vsftpd.conf
<1>anonymous_enable=yes: Controlling anonymous Logins
<2>local_enable=yes: Allow local account Login
<3>write_enable=yes: Controlling Writable permissions
<4>local_umask=022: Controlling permission masks for local files
<5>anon_upload_enable=yes: Controls whether anonymous uploads are allowed (both on and off with Anon_mkdir_write_enable=yes)
<6>anon_mkdir_write_enable=yes: Controls whether permission to write anonymously and create directories is allowed
<7>xferlog_enable=yes: Controlling the upload or download log records
<8>connect_from_port_20=yes: Controlling the connection port
<9>chown_uploads=yes: Whether to allow uploaded file owner (with Chown_username=whoever on or off simultaneously)
<10>chown_username=whoever: Allow uploaded file owner to be whoever
<11>xferlog_file=/var/log/xferlog: Log Record location
<12>xferlog_std_format=yes: Standard format login upload and download record
<13>DATA_CONNECTION_TIMEOUT=120: Transfer time
<14>nopriv_user=ftpsecure: Using a special user ftpsecure
<15>ftpd_banner=welcome to blah FTP service: Login Welcome information
<16>deny_email_enable=yes: Reject Email address
<17>banned_email_file=/etc/vsftpd/banned_emails: List of rejected email addresses
<18>chroot_list_enable=yes: (open or close with chroot_list_file=/etc/vsftpd/chroot_list)
<19>chroot_list_file=/etc/vsftpd/chroot_list: Can only access this directory, cannot access the parent directory
<20>userlist_enable=yes: Enable/etc/vsftpd.user_list file
2. Configure Anonymous Logins
#vi/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes (default value)
To start the VSFTPD server:
#service vsftpd Restart
#service iptables Stop
Default directory for anonymous logins:
/var/ftp/pub
To turn on anonymous uploads and write permissions:
#vi/etc/vsftpd/vsftp.conf
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Ascii_upload_enable=yes
Ascii_download_enable=yes
Chroot_local_user=yes
Chroot_list_file=/etc/vsftpd/chroot_list
Permission to open the default shared directory
#chmod 777/var/ftp/pub
Note: Anonymous can upload the download, but cannot delete;
3. Local account Login
<1> Disable Anonymous Login
Modifying a configuration file
#vi/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
Anon_upload_enable=no
Anon_mkdir_write_enable=no
<2> open those users can log in and those users refuse to log in
#vi/etc/vsftpd/vsftpd.conf
Userlist_deny=no (newly added)
(Note: Set/etc/vsftpd.user_list file user can login FTP) if it is #userlist_deny=no commented out, the default all users can log in to FTP, when to restrict a user can not login: the user name into the file/etc/ Vsftpd.ftpusers, the user name refuses to log in to FTP.
Create a user and add to the appropriate control file
#useradd US1
#useradd US2
#passwd US1
#passwd US2
Users who are allowed to log on to ftp:
#echo us1>>/etc/vsftpd.user_list
#echo us2>>/etc/vsftpd.user_list
To start the FTP server:
#service vsftpd Restart
Note: The account login FTP, the default is to log in at home directory;
Users who are not allowed to log on to ftp: #echo us3>>/etc/vsftpd.ftpusers
<3> restrict logged-in users to the local home directory:
#vi/etc/vsftpd/vsftpd.conf
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd.chroot_list
Create a new restricted user's list file and add a restricted user name
#vi/etc/vsftpd.chroot_list
Us2
Save exit
#service vsftpd Restart
<4> Limit the speed of anonymous uploads:
#vi/etc/vsftpd/vsftpd.conf
anon_max_rate=5000//Default in bytes 5000 for 5K speed
<5> limit the upload speed of your local account:
local_max_rate=5000//In (Bytes/sec) units
<6> limits different speeds for different users (this speed prioritizes all user speeds):
#vi/etc/vsftpd/vsftpd.conf
Add the following line
User_config_dir=/etc/vsftpd/userconf
Create a directory #mkdir/etc/vsftpd/userconf
#vi/etc/vsftpd/userconf/user1 (User1 is the user name to limit the speed)
local_max_rate=25000
<7> Customized Welcome information:
#vi/etc/vsftpd/vsftpd.conf
Ftpd_banner=welcome to Huayu FTP service.
<8> limit the number of server connections and the number of IP connections
1, Max_clients
You can use this parameter to define the maximum total number of online. Exceeding this number will be refused online, 0 means no limit. The default value is 0.
2, Max_per_ip
Use this parameter to define the number of each IP address that can be brought online. Exceeding this number will be refused online, 0 means no limit. The default value is 0.
<9> Virtual FTP user settings
1. Establish the Virtual User Password library file
#vi/etc/vsftpd/logins.txt
Vuser1 123
Vuser2 321
Odd line in Password Vault file set user name, even line set password
2. Generate VSFTPD Certification Documents
#db_load-T-t hash-f/etc/vsftpd/logins.txt/etc/vsftpd/vsftpd_login.db # #生成认证文件
3, set the authentication file only to the root user readable writable
# chmod 600/etc/vsftpd/vsftpd_login.db
4. Set up the PAM profile required by the virtual user, and manually build the Vsftpd.vu file
# CAT/ETC/PAM.D/VSFTPD.VU
Auth required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
5. Establish the System user account used by all FTP virtual user accounts and set the permissions of the account host directory
# useradd-d/home-s/sbin/nologin/ftpsite Virtual
# chmod 700/home/ftpsite
6. Setting vsftpd.conf configuration file
#vi/etc/vsftpd/vsftpd.conf
Add the configuration contents of a virtual user to a configuration file
Guest_enable=yes
Guest_username=virtual
Pam_service_name=vsftpd.vu (corresponds to the Pam file you just built)
User_config_dir=/etc/vsftpd/user_config_dir (Specify each virtual user account configuration directory,)
Local_root=/www (this line does not, virtual user login to/ftpsite)
7, configure the virtual user name settings
#mkdir-P/etc/vsftpd/user_config_dir (master configuration file corresponding)
#mkdir-P/www/vuser1 (Create virtual home directory)
#chmod-R 777/www/vuser1 (set permissions)
#touch/etc/vsftpd/user_config_dir/vuser1 (for vuser1 rights profile)
#echo "Anon_world_readable_only=no
Write_enable=yes
Anon_upload_enable=yes
Anon_other_write_enable=yes
Local_root=/www/feixiang
Anon_mkdir_write_enable=yes ">/etc/vsftpd/user_config_dir/vuser1
8. Restart the VSFTPD service program
# Service VSFTPD Restart
You should be able to log in with your virtual account now.
<9> Virtual FTP user settings
1. Establish the Virtual User Password library file
#vi/etc/vsftpd/logins.txt
Vuser1 123
Vuser2 321
Odd line in Password Vault file set user name, even line set password
2. Generate VSFTPD Certification Documents
#db_load-T-t hash-f/etc/vsftpd/logins.txt/etc/vsftpd/vsftpd_login.db # #生成认证文件
3, set the authentication file only to the root user readable writable
# chmod 600/etc/vsftpd/vsftpd_login.db
4. Set up the PAM profile required by the virtual user, and manually build the Vsftpd.vu file
# CAT/ETC/PAM.D/VSFTPD.VU
Auth required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
5. Establish the System user account used by all FTP virtual user accounts and set the permissions of the account host directory
# useradd-d/home-s/sbin/nologin/ftpsite Virtual
# chmod 700/home/ftpsite
6. Setting vsftpd.conf configuration file
#vi/etc/vsftpd/vsftpd.conf
Add the configuration contents of a virtual user to a configuration file
Guest_enable=yes
Guest_username=virtual
Pam_service_name=vsftpd.vu (corresponds to the Pam file you just built)
User_config_dir=/etc/vsftpd/user_config_dir (Specify each virtual user account configuration directory,)
Local_root=/www (this line does not, virtual user login to/ftpsite)
7, configure the virtual user name settings
#mkdir-P/etc/vsftpd/user_config_dir (master configuration file corresponding)
#mkdir-P/www/vuser1 (Create virtual home directory)
#chmod-R 777/www/vuser1 (set permissions)
#touch/etc/vsftpd/user_config_dir/vuser1 (for vuser1 rights profile)
#echo "Anon_world_readable_only=no
Write_enable=yes
Anon_upload_enable=yes
Anon_other_write_enable=yes
Local_root=/www/feixiang
Anon_mkdir_write_enable=yes ">/etc/vsftpd/user_config_dir/vuser1
8. Restart the VSFTPD service program
# Service VSFTPD Restart
You should be able to log in with your virtual account now.
Configuring the VSFTP Server
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
