VSFTPD Server Setup

What is VSFTPD?

VSFTPD is an FTP server on a UNIX-like operating system, including Linux. VSFTPD full name is very secure FTP daemon (very secure FTP process), as the name implies, security is one of its major features.

For example, VSFTPD is working in chroot mode, and the popular chroot mode is to imprison it in a directory and prohibit it from accessing other directories. If you do not use the chroot mode, using the System user account login FTP, then there is all the power of this user, so it is not very safe?

Understanding the FTP protocol

Before configuring VSFTP, let's say what ftp,ftp (fileTransfer Protocol) is the short name of the file Transfer protocol. Works on the application layer for uploading or downloading files and sharing the files of one host to other hosts.

There are two ways to connect FTP, command connections, and data connections. Command connection is also called control connection, which is always online, 21/tcp, and server to communicate. The data connection is on demand, closed on demand, opened when the download file is requested, and closed when the transfer is complete.

There are two modes of FTP, active FTP and passive FTP.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5D/2C/wKioL1UiKOSCKKTZAAChNGg4jgw140.jpg "title=" Qq20150ddddddddddddd406142829.png "alt=" Wkiol1uikosckktzaachngg4jgw140.jpg "/>

Active FTP has two TCP three handshake and eventually establishes a book connection on port 20th. is initiated by the client one time, and another by the server side. First, the client initiates a connection request to the FTP server-side 21st destination port at a source port greater than 1024. On the other side, the FTP server actively initiates a connection to the client, using port 20th, which initiates a connection request to port 1025th on the client. However, the firewall may be blocked and therefore has passive FTP.

Passive FTP server is only using port 21st, there are two TCP three handshake, but three handshake is initiated by the client. The first time the client initiates a connection request to port 21st on the FTP server with 1024 as the source port, the FTP server tells the client to use 1024--5000 's port for data transfer, which is part of the first three-time handshake. Then the second three handshake starts, the client uses the port number 1025th to actively connect to the server-side port. This is a client-initiated connection request and the firewall does not block.

FTP user

FTP has three types of users, regardless of which users are mapped to a system user.

Anonymous User: Anonymous user

System User: User logged in passwd

Virtual User: Establish a System account, map all accounts to this user access, use not the system user account, improve security

Simple Configuration vsftpd

RPM Package Installation

# yum Install vsftpd

# service VSFTPD on

# Chkconfig VSFTPD on

Vsftp configuration file adjustment and description

Annoymous_enable=yes allow anonymous users to log on

Local_enable=yes whether the system user is turned on

Write_enable=yes whether to allow system users to upload files

Anon_upload_enable=no anonymous users cannot upload files

local_umask=022 permission settings for uploading files

Anon_mkdir_write_enable=no Anonymous user cannot create directory

Anon_other_write_enable=no Anonymous users cannot delete files

        dirmessage_enable=YES                             Displays user welcome information, such as

in the/var/ftp/.message file.

                                                                                        write a ' Welcome ', when the user enters the/var/ftp directory,                                                                                                       displays this information.

Xferlog_enable=yes Turn on log transfer

Xferlog_file=/var/log/vsftpd.log define the log transfer file, if it does not exist, please create it beforehand.

#chown_upload upload a file and change the owner to another user

#chown_username to which user, do not recommend the root user

Connect_from_port_20=yes Port 20th for data connection

Idle_session_timeout =600 Control Connection time-out

Data_connection_timeout =120 Single-Time data connection time

#ascii_upload_enable =yes

#ascii_download_enable =yes in plain text format for uploading and downloading, there are two modes of data transmission, the text This and binary, it is not recommended to open this entry.

Chroot_local_user=yes every user is imprisoned in the My mother record.

#chroot_list_file_enable =yes use a file to lock the user in the home directory

         #chroot_list_file =/etc/vsftpd/chroot_list       Which file creates a list of users, all used in this list                                                                                           families are imprisoned in the home catalogue.

Listen=yes vsftpd whether to work as an independent daemon

PAM_SERVICE_NAME=VSFTPD all written in Ftpuser are forbidden to log on to the FTP server

Userlist_enable=yes deny user login in User_list

        userlist_deny=YES                                        Deny user_list user login, if no then only allow user_list                                                                                           user sign in

#max_clients The maximum number of login FTP server clients

#max_per_ip Each individual IP allows several connection requests to be initiated

MySQL-based virtual users

# yum-y Install Mysql-server Mysql-devel

# service Mysqld Start

# Chkconfig Mysqld on

# Tar XF pam_mysql-0.7rc1.tar.gz

# CD PAM_MYSQL-0.7RC1

#./configure--with-mysql=/usr--with-openssl

# make

# make Install

mysql> CREATE DATABASE vsftpd

Mysql>us E vsftpd

Mysql> CREATE TABLE Users (

-ID INT auto_increment not NULL,

, name CHAR (a) BINARY not NULL,

Password CHAR () BINARY not NULL,

PRIMARY KEY (id));

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';

mysql> FLUSH privileges;

Mysql> INSERT into Users (Name,password) VALUES (' Tom ', ' Xiaoming '), (' Cat ', ' xiaoming ');

#vim/etc/pam.d/vsftpd.mysql

Auth required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0

Account required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0

# useradd-s/sbin/nologin-d/var/ftproot VUser

# chmod Go+rx/var/ftproot

# vim/etc/vsftpd/vsftpd.conf

Guest_enable=yes

Guest_username=vuser

Pam_service_name=vsftpd.mysql

# Service VSFPTD Restart

Can.

This article is from the "on the Road" blog, please be sure to keep this source http://mingxiao.blog.51cto.com/8124243/1629366

VSFTPD Server Setup