What is VSFTPD?
VSFTPD is an FTP server on a UNIX-like operating system, including Linux. VSFTPD full name is very secure FTP daemon (very secure FTP process), as the name implies, security is one of its major features.
For example, VSFTPD is working in chroot mode, and the popular chroot mode is to imprison it in a directory and prohibit it from accessing other directories. If you do not use the chroot mode, using the System user account login FTP, then there is all the power of this user, so it is not very safe?
Understanding the FTP protocol
Before configuring VSFTP, let's say what ftp,ftp (fileTransfer Protocol) is the short name of the file Transfer protocol. Works on the application layer for uploading or downloading files and sharing the files of one host to other hosts.
There are two ways to connect FTP, command connections, and data connections. Command connection is also called control connection, which is always online, 21/tcp, and server to communicate. The data connection is on demand, closed on demand, opened when the download file is requested, and closed when the transfer is complete.
There are two modes of FTP, active FTP and passive FTP.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5D/2C/wKioL1UiKOSCKKTZAAChNGg4jgw140.jpg "title=" Qq20150ddddddddddddd406142829.png "alt=" Wkiol1uikosckktzaachngg4jgw140.jpg "/>
Active FTP has two TCP three handshake and eventually establishes a book connection on port 20th. is initiated by the client one time, and another by the server side. First, the client initiates a connection request to the FTP server-side 21st destination port at a source port greater than 1024. On the other side, the FTP server actively initiates a connection to the client, using port 20th, which initiates a connection request to port 1025th on the client. However, the firewall may be blocked and therefore has passive FTP.
Passive FTP server is only using port 21st, there are two TCP three handshake, but three handshake is initiated by the client. The first time the client initiates a connection request to port 21st on the FTP server with 1024 as the source port, the FTP server tells the client to use 1024--5000 's port for data transfer, which is part of the first three-time handshake. Then the second three handshake starts, the client uses the port number 1025th to actively connect to the server-side port. This is a client-initiated connection request and the firewall does not block.
FTP user
FTP has three types of users, regardless of which users are mapped to a system user.
Anonymous User: Anonymous user
System User: User logged in passwd
Virtual User: Establish a System account, map all accounts to this user access, use not the system user account, improve security
Simple Configuration vsftpd
RPM Package Installation
# yum Install vsftpd
# service VSFTPD on
# Chkconfig VSFTPD on
Vsftp configuration file adjustment and description
Annoymous_enable=yes allow anonymous users to log on
Local_enable=yes whether the system user is turned on
Write_enable=yes whether to allow system users to upload files
Anon_upload_enable=no anonymous users cannot upload files
local_umask=022 permission settings for uploading files
Anon_mkdir_write_enable=no Anonymous user cannot create directory
Anon_other_write_enable=no Anonymous users cannot delete files
dirmessage_enable=YES Displays user welcome information, such as
in the/var/ftp/.message file.
write a ' Welcome ', when the user enters the/var/ftp directory, displays this information.
Xferlog_enable=yes Turn on log transfer
Xferlog_file=/var/log/vsftpd.log define the log transfer file, if it does not exist, please create it beforehand.
#chown_upload upload a file and change the owner to another user
#chown_username to which user, do not recommend the root user
Connect_from_port_20=yes Port 20th for data connection
Idle_session_timeout =600 Control Connection time-out
Data_connection_timeout =120 Single-Time data connection time
#ascii_upload_enable =yes
#ascii_download_enable =yes in plain text format for uploading and downloading, there are two modes of data transmission, the text This and binary, it is not recommended to open this entry.
Chroot_local_user=yes every user is imprisoned in the My mother record.
#chroot_list_file_enable =yes use a file to lock the user in the home directory
#chroot_list_file =/etc/vsftpd/chroot_list Which file creates a list of users, all used in this list families are imprisoned in the home catalogue.
Listen=yes vsftpd whether to work as an independent daemon
PAM_SERVICE_NAME=VSFTPD all written in Ftpuser are forbidden to log on to the FTP server
Userlist_enable=yes deny user login in User_list
userlist_deny=YES Deny user_list user login, if no then only allow user_list user sign in
#max_clients The maximum number of login FTP server clients
#max_per_ip Each individual IP allows several connection requests to be initiated
MySQL-based virtual users
# yum-y Install Mysql-server Mysql-devel
# service Mysqld Start
# Chkconfig Mysqld on
# Tar XF pam_mysql-0.7rc1.tar.gz
# CD PAM_MYSQL-0.7RC1
#./configure--with-mysql=/usr--with-openssl
# make
# make Install
mysql> CREATE DATABASE vsftpd
Mysql>us E vsftpd
Mysql> CREATE TABLE Users (
-ID INT auto_increment not NULL,
, name CHAR (a) BINARY not NULL,
Password CHAR () BINARY not NULL,
PRIMARY KEY (id));
Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
mysql> FLUSH privileges;
Mysql> INSERT into Users (Name,password) VALUES (' Tom ', ' Xiaoming '), (' Cat ', ' xiaoming ');
#vim/etc/pam.d/vsftpd.mysql
Auth required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0
Account required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0
# useradd-s/sbin/nologin-d/var/ftproot VUser
# chmod Go+rx/var/ftproot
# vim/etc/vsftpd/vsftpd.conf
Guest_enable=yes
Guest_username=vuser
Pam_service_name=vsftpd.mysql
# Service VSFPTD Restart
Can.
This article is from the "on the Road" blog, please be sure to keep this source http://mingxiao.blog.51cto.com/8124243/1629366
VSFTPD Server Setup