Detailed analysis of Vsftp configuration in Linux

Source: Internet
Author: User
Tags ftp transfer
Article Title: detailed analysis of Vsftp configuration in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The meaning of Vsftp is Very Security Ftp. The configuration and usage of Vsftp are briefly described below. We hope you can understand the basic process of configuring a network service in Linux.

1. Related configuration files

Vsftpd. conf, vsftpd. ftpuser, vsftpd. user_list,/etc/xinetd. d/vsftpd In The/etc directory

2. Configure vsftp

You can modify/etc/vsftpd. conf as follows:

Anonymous_enable = YES: whether anonymous ftp is allowed. Otherwise, select NO.

Local_enable = YES whether local user logon is allowed

Local_umask = 022 default umask code

Anon_upload_enable = YES whether anonymous ftp users are allowed to access

Anon_upload_enable = YES: whether to allow anonymous File Upload

Anon_mkdir_write_enable = YES whether anonymous users are allowed to create directories

Dirmessage_enable = YES: whether to display the directory description file. The default value is YES, but you need to close the work to create the. message file.

Xferlog_enable = YES whether to record the ftp Transfer Process

Connect_from_port_20 = YES Are you sure the port is transmitted from 20 (ftp-data)

Chown_upload = YES

Chown_username = username: whether to change the owner of the uploaded file. If you need to enter a system user name, you can change all uploaded files to the root owner.

Xferlog_file =/var/log/vsftpd. log the default path and name of the ftp transfer log is/var/log/vsftpd. log.

Xferlog_std_format = YES whether the standard ftp xferlog mode is used

Idle_session_timeout = 600 sets the default time for disconnecting inactive sessions.

Data_connection_timeout = 120 set the data transmission timeout

Nopriv_user = ftbench cure the non-privileged system user required to run vsftpd is nobody by default.

Async_abor_enable = YES whether or not to run the special ftp command async ABOR. I am not familiar with the translation here. The original Article is as follows:

When enabled, a special FTP command known as "async ABOR" will be enabled. only ill advised FTP clients will use this feature. addtionally, this feature is awkward to handle, so it is dis-abled by default. unfortunately, some FTP clients will hang when canceling a transfer unless this feature is available, so you may wish to enable it.

Ascii_upload_enable = YES

Ascii_download_enable = YES whether to use ascii code to upload and download files

Ftpd_banner = Welcome to chenlf FTP service. Custom Welcome information

Deny_email_enable = YES

Banned_email_file =/etc/vsftpd. banned_emails: whether anonymous users are allowed to use certain email addresses. If the path and file name of the prohibited email address are entered

Chroot_list_enable = YES

Chroot_list_file =/etc/vsftpd. chroot_list: whether to restrict system users to their home directories. If yes is selected, chroot_list_file =/etc/vsftpd. chroot_list lists non-chroot users.

Max_clients = Number if it is started in standalone mode, only $ Number users can connect. Other users will receive an error message. The default value is 0.

Message_file sets the file name of the directory information file obtained when accessing a directory. The default value is. message.

No bandwidth limit is found. If anyone knows, please let me know. For more information, see man vsftpd. conf.


 3. Configure an instance

The following is my configuration file. Anonymous FTP is allowed, upload is allowed, and the chroot user directory is changed to root.

anonymous_enable=YES 
  local_enable=YES
  write_enable=YES
  local_umask=022
  anon_upload_enable=YES
  anon_mkdir_write_enable=YES
  dirmessage_enable=YES
  xferlog_enable=YES
  connect_from_port_20=YES
  chown_uploads=YES
  chown_username=root
  xferlog_file=/var/log/vsftpd.log
  xferlog_std_format=YES
  pam_service_name=vsftpd
  chroot_local_user=YES

  

4. Start the service

Vsftpd and wu-ftpd cannot be started at the same time, So modify/etc/xinetd. d/wu-ftpd to set disable to yes, and then modify/etc/vsftpd to set disable to NO

Run/etc/initd. d/xinetd restart

You can. Now we have built a very secure ftp server. Let's try it.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.