Vsftpd configuration details, vsftpd details

Vsftpd configuration details, vsftpd details

1.Default Configuration:

1> allow anonymous users and local users to log on.

Anonymous_enable = YES

Local_enable = YES

2> the logon name used by anonymous users is ftp or anonymous, and the password is blank. anonymous Users cannot leave the anonymous user's home directory/var/ftp, and can only download but cannot upload.

3> the login name of the local user is the local user name, And the password is the password of the local user. The local user can perform read and write operations in his/her home directory; local users can switch from their own directories to other directories with access permissions, and upload/download files with permission.

Write_enable = YES

4> the local user in the/etc/vsftpd. ftpusers file cannot log on.

2.Configuration File Format:

The content of vsftpd. conf is very simple, and each line is set. If it is a blank line or a line starting with #, it will be ignored. There is only one content format, as shown below

Option = value

Note that the equal signs cannot be blank on both sides.

3.Anonymous user (anonymous) settings

Anonymous_enable = YES/NO(YES)

Checks whether anonymous users are allowed to log on. YES indicates that anonymous users are allowed to log on, and NO indicates that anonymous users are not allowed. The default value is YES.

Write_enable = YES/NO(YES)

Whether logon users are permitted to write data. It is a global setting. The default value is YES.

No_anon_password = YES/NO(NO)

If this function is enabled, no password is asked when anonymous logon is used. The default value is NO.

Ftp_username = ftp

Defines the name of the anonymous login user. The default value is ftp.

Anon_root =/var/ftp

The directory used for anonymous logon. The default value is/var/ftp. Note that the ftp directory cannot be a 777 permission attribute, that is, the anonymous user's home directory cannot have 777 permissions.

Anon_upload_enable = YES/NO(NO)

If set to YES, anonymous logon users are allowed to upload files (non-Directories). This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.

Anon_world_readable_only = YES/NO(YES)

If it is set to YES, anonymous login users are allowed to download readable files (which can be downloaded to the Local Machine for reading and cannot be opened directly on the FTP server ). The default value is YES.

Anon_mkdir_write_enable = YES/NO(NO)

If it is set to YES, anonymous logon users are permitted to add directories. This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.

Anon_other_write_enable = YES/NO(NO)

If it is set to YES, anonymous login users are allowed to upload or create permissions outside the directory, such as deleting or renaming. (If anon_upload_enable = NO, anonymous users cannot upload files, but can delete or rename existing files. If anon_mkdir_write_enable = NO, anonymous users cannot upload or create folders, however, you can delete or rename an existing folder .) The default value is NO.

Chown_uploads = YES/NO(NO)

Set whether to change the owner of the File Uploaded by anonymous users (non-directory. The default value is NO.

Chown_username = username

Set the owner name of the File Uploaded by an anonymous user (non-directory. We recommend that you do not set it to root.

Anon_umask = 077

Set the umask value when the anonymous login adds or uploads files. The default value is 077, and the corresponding permission for creating a new file is 700.

Deny_email_enable = YES/NO(NO)

If this function is enabled, a file/etc/vsftpd/banner_emails must be provided with the email address. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter. The default value is NO.

Banned_email_file =/etc/vsftpd/banner_emails

This file is used to enter the email address. This file is used only when deny_email_enable = YES. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter.

4.Local user settings

Local_enable = YES/NO(YES)

Check whether local users are allowed to log on. YES indicates that local users are allowed to log on, and NO indicates that local users are not allowed. The default value is YES.

Local_root =/home/username

When a local user logs on, it is replaced with a defined directory. The default value is the home directory of each user.

Write_enable = YES/NO(YES)

Whether logon users are permitted to write data. It is a global setting. The default value is YES.

Local_umask = 022

Umask value when a local user adds a file. The default value is 077.

File_open_mode = 0755

The permission of the local user to upload files is the same as that used by chmod. The default value is 0666.

5.Welcome Speech settings

Dirmessage_enable = YES/NO(YES)

If this option is enabled, the first time the user enters a directory, the user will check whether there is any. message, if any, the contents of this file will appear. Usually, this file contains welcome words or descriptions of this directory. The default value is enable.

Message_file =. message

Sets the directory message file to write the information to be displayed to this file. The default value is. message.

Banner_file =/etc/vsftpd/banner

When a user logs in, the file content of this setting is displayed, which is usually a welcome word or description. The default value is none. Use this configuration item if you have more welcome information.

Ftpd_banner = Welcome to BOB's FTP server

Here is the string used to define the welcome discourse. banner_file is the file format, while ftpd_banner is the string format. Default Value: none.

6.Controls whether users are allowed to switch to the parent directory

By default, after logging on to FTP, a local user can use the cd command to switch to another directory, which brings security risks to the system. You can use the following three configuration files to control user directory switching.

Chroot_list_enable = YES/NO(NO)

Sets whether to enable the user list file specified by the chroot_list_file configuration item. The default value is NO.

Chroot_list_file =/etc/vsftpd. chroot_list

Specifies the user list file, which is used to control which users can switch to the parent directory of the user's home directory.

Chroot_local_user = YES/NO(NO)

Specifies whether the user in the user list file can switch to the upper-level directory. The default value is NO.

The following effects can be achieved through combination:

①When chroot_list_enable = YES, chroot_local_user = YES, in/etc/vsftpd. users listed in the chroot_list file can switch to other directories. Users not listed in the file cannot switch to other directories.

②When chroot_list_enable = YES, chroot_local_user = NO, in/etc/vsftpd. users listed in the chroot_list file cannot switch to other directories. Users not listed in the file can switch to other directories.

③When chroot_list_enable = NO, chroot_local_user = YES, all users cannot switch to other directories.

④When chroot_list_enable = NO, chroot_local_user = NO, all users can switch to other directories.

7.Data Transmission Mode settings

You can use the binary mode or the ASCII mode to upload or download data during FTP data transmission.

Ascii_upload_enable = YES/NO(NO)

Set whether to enable the ASCII mode to upload data. The default value is NO.

Ascii_download_enable = YES/NO(NO)

Set whether to enable ASCII mode to download data. The default value is NO.

8.Access control settings

Two control modes: one is to control host access and the other is to control user access.

① Control host access:

Tcp_wrappers = YES/NO(YES)

Set whether vsftpd is combined with tcp wrapper to control access to the host. The default value is YES. If it is enabled, the vsftpd server checks the settings in/etc/hosts. allow and/etc/hosts. deny to determine whether to allow access to the FTP server. These two files can provide simple firewall functions.

For example, to allow only users with 192.168.0.1-192.168.0.254 to connect to the FTP server, add the following content to the/etc/hosts. allow file:

Vsftpd: 192.168.0.: allow

All: deny

② Control user access:

You can use the vsftpd. user_list and ftpusers Files in the/etc directory to control user access.

Userlist_file =/etc/vsftpd. user_list

Controls the user's access to the FTP file, which contains the user name. A row of user names.

Userlist_enable = YES/NO(NO)

Whether to enable the vsftpd. user_list file.

Userlist_deny = YES/NO(YES)

Determines whether users in the vsftpd. user_list file can access the FTP server. If YES, users in the vsftpd. user_list file are not allowed to access FTP. If NO, only users in the vsftpd. user_list file can access FTP.

/Etc/vsftpd/ftpusersFile is used to define a list of users that are not allowed to access the FTP server (Note:: If userlist_enable = YES, userlist_deny = NO, if it is in vsftpd. if a user exists in both user_list and ftpusers, the user cannot access FTP, that is, the ftpusers has a higher priority ). By default, vsftpd. user_list and ftpusers Files are pre-configured with system internal accounts that do not allow access to the FTP server. If the system does not have these two files, create these two files and add them to the system.

9.Access Rate Settings

Anon_max_rate = 0

Sets the maximum transmission speed used by anonymous logon users. The unit is B/s. 0 indicates no speed limit. The default value is 0.

Local_max_rate = 0

The maximum transmission speed used by local users. The unit is B/s. 0 indicates no speed limit. The default value is 0.

10.Timeout settings

Accept_timeout = 60

Set the timeout time for establishing an FTP connection, in seconds. The default value is 60.

Connect_timeout = 60

The timeout time for establishing a data connection in the PORT mode, measured in seconds. The default value is 60.

Data _ connection_timeout = 120

Set the timeout time for establishing an FTP data connection, in seconds. The default value is 120.

Idle_session_timeout = 300

If you do not perform any operation on the FTP server for a specified period of time, the FTP connection is disconnected, in seconds. The default value is 300.

11.Log File Settings

Xferlog_enable = YES/NO(YES)

Whether to enable upload/download logging. If enabled, the upload and download information is recorded in the file defined by xferlog_file. It is enabled by default.

Xferlog_file =/var/log/vsftpd. log

Set the log file name and path. The default value is/var/log/vsftpd. log.

Xferlog_std_format = YES/NO(NO)

If enabled, the log file will be written as the standard format of xferlog, just like wu-ftpd. The default value is disabled.

Log_ftp_protocol = YES | NO(NO)
If this option is enabled, all FTP requests and responses are recorded in the log. The default log file is/var/log/vsftpd. log. When this option is enabled, xferlog_std_format cannot be activated. This option is helpful for debugging. The default value is NO.

12.Define User Configuration File

In vsftpd, you can define a user configuration file to implement different configurations for different users.

User_config_dir =/etc/vsftpd/userconf

Set the directory where the user configuration file is located. After this configuration item is set, after you log on to the server, the system will go to the/etc/vsftpd/userconf directory to read the file with the same user name as the current one, and according to the configuration commands in the file, further configure the current user.

For example, to define user_config_dir =/etc/vsftpd/userconf and use test1 and test2 on the host, we will add two files named test1 and test2 in the user_config_dir directory. If you log on to test1, the settings in the file test1 under user_config_dir will be read. The default value is none. The user configuration file can be used to control the access speed of different users. You can define local_max_rate = XX in each user configuration file.

13. FTPWorking Method and port settings

FTP can work in two ways: port ftp (active mode) and pasv ftp (passive mode)

Listen_port = 21

Set the port on which the FTP server establishes a connection. The default value is 21.

Connect_from_port_20 = YES/NO

Specify FTP port 20 for data transmission. The default value is YES.

Ftp_data_port = 20

Set the PORT used for FTP data connection in PORT mode. The default value is 20.

Pasv_enable = YES/NO(YES)

If it is set to YES, PASV working mode is used; if it is set to NO, PORT mode is used. The default value is YES, that is, PASV mode is used.

Pasv_max_port = 0

In PASV mode, the maximum port in the port range that data connections can use. 0 indicates any port. The default value is 0.

Pasv_min_port = 0

In PASV mode, the minimum port in the port range that data connections can use. 0 indicates any port. The default value is 0.

14.Connection-related settings

Listen = YES/NO(YES)

Set whether the vsftpd server runs in standalone mode. Running in standalone mode is a good method. In this case, the listen must be set to YES, which is the default value. We recommend that you do not change the configuration. There are many configuration commands related to server running, which must be effective in this mode. If it is set to NO, vsftpd does not run independently. It is subject to the control of the xinetd service and has limited functions.

Max_clients = 0

Set the maximum number of connections allowed by vsftpd. The default value is 0, indicating that no limit is imposed. If this parameter is set to 100, 100 connections are allowed at the same time. Otherwise, the connection is rejected. It is valid only when running in standalone mode.

Max_per_ip = 0

Set the number of connections allowed between each IP address and the FTP server. The default value is 0, indicating no restriction. It is valid only when running in standalone mode.

Listen_address = IPAddress

Set the FTP server to listen for user FTP requests on the specified IP address. If this parameter is not set, all IP addresses bound to the server are listened. It is valid only when running in standalone mode.

Setproctitle_enable = YES/NO(NO)

Set whether each connection to the FTP server is expressed by a different process. The default value is NO. In this case, only one vsftpd process is available using ps aux | grep ftp. If it is set to YES, each connection will have a vsftpd process.

15.Virtual user settings

The virtual user uses the PAM Authentication Method.

Pam_service_name = vsftpd

Set the name used by PAM. The default value is/etc/pam. d/vsftpd.

Guest_enable = YES/NO(NO)

Enable virtual users. The default value is NO.

Guest_username = ftp

This is used to map virtual users. The default value is ftp.

Virtual_use_local_privs = YES/NO(NO)

When this parameter is activated (YES), the virtual user uses the same permissions as the local user. When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ).

16.Other settings

Text_userdb_names = YES/NO(NO)

Set whether to display UID, GID, or specific user name and group name when executing commands such as ls-la. The default value is NO, which is displayed as UID and GID. If you want to display the user name and group name, set it to YES.

Ls_recurse_enable = YES/NO(NO)

If this function is enabled, the user is allowed to use the ls-R command (you can view files in subdirectories in the current directory. The default value is NO.

Hide_ids = YES/NO(NO)

If this function is enabled, the owner and group of all archives are ftp, that is, the user logs on to commands such as ls-al, and the owner and group of all archives are ftp. The default value is disabled.

Download_enable = YES/NO(YES)

If it is set to NO, all files cannot be downloaded to the local device, and folders are not affected. The default value is YES.