Detailed analysis of Vsftp configuration in Linux

Article Title: detailed analysis of Vsftp configuration in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The meaning of Vsftp is Very Security Ftp. The configuration and usage of Vsftp are briefly described below. We hope you can understand the basic process of configuring a network service in Linux.

1. Related configuration files

Vsftpd. conf, vsftpd. ftpuser, vsftpd. user_list,/etc/xinetd. d/vsftpd In The/etc directory

2. Configure vsftp

You can modify/etc/vsftpd. conf as follows:

Anonymous_enable = YES: whether anonymous ftp is allowed. Otherwise, select NO.

Local_enable = YES whether local user logon is allowed

Local_umask = 022 default umask code

Anon_upload_enable = YES whether anonymous ftp users are allowed to access

Anon_upload_enable = YES: whether to allow anonymous File Upload

Anon_mkdir_write_enable = YES whether anonymous users are allowed to create directories

Dirmessage_enable = YES: whether to display the directory description file. The default value is YES, but you need to close the work to create the. message file.

Xferlog_enable = YES whether to record the ftp Transfer Process

Connect_from_port_20 = YES Are you sure the port is transmitted from 20 (ftp-data)

Chown_upload = YES

Chown_username = username: whether to change the owner of the uploaded file. If you need to enter a system user name, you can change all uploaded files to the root owner.

Xferlog_file =/var/log/vsftpd. log the default path and name of the ftp transfer log is/var/log/vsftpd. log.

Xferlog_std_format = YES whether the standard ftp xferlog mode is used

Idle_session_timeout = 600 sets the default time for disconnecting inactive sessions.

Data_connection_timeout = 120 set the data transmission timeout

Nopriv_user = ftbench cure the non-privileged system user required to run vsftpd is nobody by default.

Async_abor_enable = YES whether or not to run the special ftp command async ABOR. I am not familiar with the translation here. The original Article is as follows:

When enabled, a special FTP command known as "async ABOR" will be enabled. only ill advised FTP clients will use this feature. addtionally, this feature is awkward to handle, so it is dis-abled by default. unfortunately, some FTP clients will hang when canceling a transfer unless this feature is available, so you may wish to enable it.

Ascii_upload_enable = YES

Ascii_download_enable = YES whether to use ascii code to upload and download files

Ftpd_banner = Welcome to chenlf FTP service. Custom Welcome information

Deny_email_enable = YES

Banned_email_file =/etc/vsftpd. banned_emails: whether anonymous users are allowed to use certain email addresses. If the path and file name of the prohibited email address are entered

Chroot_list_enable = YES

Chroot_list_file =/etc/vsftpd. chroot_list: whether to restrict system users to their home directories. If yes is selected, chroot_list_file =/etc/vsftpd. chroot_list lists non-chroot users.

Max_clients = Number if it is started in standalone mode, only $ Number users can connect. Other users will receive an error message. The default value is 0.

Message_file sets the file name of the directory information file obtained when accessing a directory. The default value is. message.

No bandwidth limit is found. If anyone knows, please let me know. For more information, see man vsftpd. conf.

　3. Configure an instance

The following is my configuration file. Anonymous FTP is allowed, upload is allowed, and the chroot user directory is changed to root.

anonymous_enable=YES 　　local_enable=YES 　　write_enable=YES 　　local_umask=022 　　anon_upload_enable=YES 　　anon_mkdir_write_enable=YES 　　dirmessage_enable=YES 　　xferlog_enable=YES 　　connect_from_port_20=YES 　　chown_uploads=YES 　　chown_username=root 　　xferlog_file=/var/log/vsftpd.log 　　xferlog_std_format=YES 　　pam_service_name=vsftpd 　　chroot_local_user=YES

　　

4. Start the service

Vsftpd and wu-ftpd cannot be started at the same time, So modify/etc/xinetd. d/wu-ftpd to set disable to yes, and then modify/etc/vsftpd to set disable to NO

Run/etc/initd. d/xinetd restart

You can. Now we have built a very secure ftp server. Let's try it.