VSFTPD server startup Guide

The cainiao Script For VSFTPD server setup-Linux Enterprise Application-Linux server application information. The following is a detailed description. Simple VSFTPD server Construction
1. Check whether VSFTPD software is installed: # rpm? Qa | grep vsftpd
2. start the FTP server: # service vsftpd start
3. The default FTP directory is/var/ftp/pub.
4. Perform anonymous tests on FTP 127.0.0.1. name: anonymous pass:

Further configuration of the FTP server
Create a welcome speech:
1. Open the/etc/vsftpd. conf file.
2. Change the dirmessage_enable value to YES.
3. Create a message text file in your FTP directory, and enter the welcome word.

Change the default port of the FTP server:
1. Open the vsftpd. conf file.
2. Add listen_port = 2121 in the last line of the file, and change the default port 21 to 2121.

Cancel the Anonymous logon function:
Change the value of Anonymous to NO in the vsftpd. conf file.

The user cannot change the directory:
Find the following three lines in vsftodd. conf:
# Chroot_list_enable = YES
# (Default follows)
# Chroot_list_file =/etc/vsftpd. chroot_list

Change it?
# Chroot_list_enable = YES
# (Default follows)
Chroot_list_file =/etc/vsftpd/chroot. list
Add a new file:/etc/vsftpd/chroot_list. The file content is the user name to log on.

Note: After modification, You need to RESTART the FTP server, SERVICE VSFTPD RESTART

When you change the directory, the system will prompt you: Failed to change directory

FTP configuration for virtual users

Features of a virtual user: only the FTP service provided by the server can be accessed, but other resources of the system cannot be accessed.

Virtual users: to improve system security.

1. Create a virtual user password library file and create a. TXT file in the format of singular behavior name and even behavior pssword

2. Generate a password library file and modify the File Permissions

Note: before using the following command, you must first install the Berkeley db Program
# Db_load? T-t hash-f account.txt/etc/vsftpd/account. db
# Chmod 600/etc/vsftpd/account. db

3. Create a virtual user's PAM file and add the following two sentences:
# Vi/etc/pam. d/vsftp. vu
Auth required/lib/security/pam_userdb.so db =/etc/vsftpd/account
Account required/lib/security/pam_userdb.so db =/etc/vsftpd/account

4. Create a virtual user, set the directory to be accessed by the user, and set the access permissions of the virtual user:
# Useradd? D/ftp virtual_user
# Chmod 700/ftp

Now the virtual user has been set.
Note: Add the following two statements to/etc/vsftpd. conf:
Guest_username = virtual
Guest_enable = YES
Pam_service_name = vsftp. vu specifies that the configuration file of the PAM file is vsftp. vu


Cainiao of VSFTPD:


This is the first article I wrote by cainiao to learn about LINUX. It is a basic FTP application. If I have any questions, please give me more advice, in the future, I will discuss the configuration details in FTP in the advanced article.
I am using the LINUX AS + VSFTPD-1.2.0-4 system architecture, here is explained if the configuration file is not very familiar with, it is best to make a backup, to avoid misoperation:


1. anonymous server connection (independent server)
Add the following items to the/etc/vsftpd. conf configuration file:
Anonymous_enable = yes (anonymous login allowed)
Dirmessage_enable = yes (The. message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on FTP, default: 077)
Connect_form_port_20 = yes (enable data connection on the FTP data port )*
Xferlog_enable = yes (enable upload and download logs)
Xferlog_std_format = yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsftpd (Verification Method )*
Listen = yes (independent VSFTPD server )*
Function: You can only connect to the FTP server, but cannot upload or download files.
Note: All links related to log welcome information are optional. If an asterisk is used, all accounts must be added. This is a basic FTP option.

2. enable Anonymous FTP Server Upload permission
Add the following information to the configuration file:
Anon_upload_enable = yes (Open upload permission)
Anon_mkdir_write_enable = yes (you can create a directory and upload files to it)
Write_enable = yes (grant write permission to local users)
Anon_other_write_enable = yes (anonymous accounts can have the permission to delete)

3. Enable the permission for downloading anonymous servers
Add the following information to the configuration file:
Anon_world_readable_only = no
Note: Pay attention to the folder attributes. An anonymous account is another (other) user who wants to enable its read and write permissions.
(R) read ----- download (W) Write ---- upload (X) execute ---- if FTP directory is not enabled

4. Connection to the FTP server of a common user (independent server)
Add the following information to the configuration file:
Local_enble = yes (the local account can log on)
Write_enable = no (You are not authorized to delete or modify files after logging on to the local account)
Function: You can use a local account to log on to the vsftpd server and have the permission to download and upload files.
Note: The anonymous server can log on but cannot upload or download the information that disables Anonymous logon.

5. User Login is restricted to other directories, but only to its main directory
Set all local users to execute chroot
Chroot_local_user = yes (all local accounts can only be in their own directories)
Set the specified user to execute chroot
Chroot_list_enable = yes (the list in the file can be called)
Chroot_list_file =/any specified path/vsftpd. chroot_list
Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, add the account directly in the file.

6. restrict access by local users to FTP
Userlist_enable = yes (use userlistlai to restrict user access)
Userlist_deny = no (users in the list are not allowed to access)
Userlist_file =/Specify the path where the file is stored/(the path where the file is stored)
Note: Enabling userlist_enable = yes for anonymous accounts cannot log on

7. Security Options
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (bite) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (bite) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000 (change the client's data connection port
Pasv_max_port = 60000 between and)
Max_clients = 200 (maximum number of FTP connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)

8. Check who logged on to FTP and killed the process.
Ps? Xf | grep ftp
Kill process number