FTP Configuration under Linux

# Anonymous User Configuration

Anonymous_enable=yes # Whether to allow anonymous FTP, as otherwise select No

Anon_upload_enable=yes # Whether anonymous users can upload

Anon_mkdir_write_enable=yes # Whether anonymous users can create directories

Anon_other_write_enable=yes # Modifying file names and deleting files

# Local User Configuration

Local_enable=yes # Whether to allow local users to log on

LOCAL_UMASK=022 # umask Default 755

Write_enable=yes

Chroot_local_user=yes # Local user imprisoned in host directory

Chroot_list_enable=yes # Whether to restriction the system user in their home directory

Chroot_list_file=/etc/vsftpd.chroot_list # List of users who are not chroot

Chown_upload=yes # Whether to change the owner of the uploaded file

Chown_username=username # If you need to enter a system user name

Userlist_enable=yes

Userlist_deny=no

Deny_email_enable=yes # Whether to allow anonymous users to use certain e-mail addresses

Banned_email_file=/etc/vsftpd.banned_emails # file path for forbidden email addresses

Ftpd_banner=welcome to CHENLF FTP service. # Custom Welcome Information

Dirmessage_enable=yes # Whether to display the directory description file, need to finish creating the. Message file

message_file= # Sets the file name of the directory information file that is obtained when accessing a directory, by default. Message

Xferlog_enable=yes # Whether the FTP transfer process is logged

Xferlog_file=/var/log/vsftpd.log # Path and name of FTP transfer log

Xferlog_std_format=yes # Whether to use standard FTP Xferlog mode

Ascii_upload_enable=yes # Whether to upload files using ASCII code mode

Ascii_download_enable=yes # whether to download files using ASCII code mode

Connect_from_port_20=yes # Are you sure the port transfer is from (Ftp-data)

Nopriv_user=ftpsecure # Non-privileged system users running VSFTPD require the default is nobody

Async_abor_enable=yes # Whether to allow the Special FTP command to run async Abor.

# Resource limits for FTP servers

IDLE_SESSION_TIMEOUT=600 # Set Session timeout time

DATA_CONNECTION_TIMEOUT=120 # Set data transfer time-out

MAX_CLIENTS=50 # User Maximum number of connections default is 0 unlimited

Max_per_ip=5 # Maximum number of connections per IP address

anon_max_rate=102400 # anonymous Download speed KB

local_max_rate=102400 # Average user download speed KB

Other configuration files

/etc/xinetd.d/vsftpd

Service FTP

{

Socket_type = Stream

wait = no

user = root

Server =/USR/LOCAL/SBIN/VSFTPD

# Server_args =

# log_on_success + = DURATION USERID

# Log_on_failure + = USERID

Nice = 10

Disable = no

}

/etc/pam.d/vsftpd

PAM Certification

/etc/vsftpd.chroot_list

This file contains user names that have permissions on all FTP content on the server. For other users, they appear as root directories on the server's home directory.

/etc/shells

The system checks for a valid user shell by default before allowing local users to log on. In case PAM authentication is not available.

/etc/ftpusers

This file contains * Prohibit *ftp login user name, usually have "root", "UUCP", "News" and the like, because these user rights are too high, login FTP error operation is very dangerous.

Firewall settings

If you are using the default SuSEFirewall2, in the yast-system-/etc/sysconfig editor, Network-susefirewall2

Add FTP to FW_SERVICES_EXT_TCP, for example, if you want to open ssh.

Fw_services_ext_tcp "ftp ssh"

If you need passive mode FTP and NAT in the yast-system-/etc/sysconfig editor, Network-susefirewall2

Fw_load_modules "Ip_conntrack_ftp ip_nat_ftp"

Another way to modify the firewall configuration file directly:

# cd/etc/sysconfig/

# VI SuSEfirewall2

Fw_services_ext_tcp "ftp telnet 23"

# rcSuSEfirewall2 Restart

FTP Configuration under Linux