How to configure an FTP server in Ubuntu

How to configure the FTP server in Ubuntu: the FTP server in Ubuntu is vsftpd.

1. Install vsftpd

It is not difficult to install software in Ubuntu. Enter:

Sudo apt-Get install vsftpd

After installation, an FTP directory is created under/home. At this time, you can try to access the ftp: // ip address. You can see an FTP space with blank content.

By default, anonymous users can download files, but cannot write or upload files.

2. Set the vsftpd. conf file

Now, we need to make anonymous users inaccessible and enter the user password on Linux before they can access the contents in their own directories.

First, find the file for setting vsftpd, which is located in/etc/vsftpd. conf.

Back up this file before modification:

Sudo CP/etc/vsftpd. CONF/etc/vsftpd. conf. Old

　　

Then you can change the settings:

1. anonymous server connection (independent server)

Add the following items to the/etc/vsftpd. conf configuration file:

Anonymous_enable = Yes (anonymous login allowed)

Dirmessage_enable = Yes (The. Message content under the directory is displayed when the directory is switched)

Local_umask = 022 (local file permission on FTP, default: 077)

Connect_form_port_20 = Yes (enable data connection on the FTP data port )*

Xferlog_enable = Yes (enable upload and download logs)

Xferlog_std_format = Yes (use the standard log format)

Ftpd_banner = XXXXX (welcome information)

Pam_service_name = vsftpd (Verification Method )*

Listen = Yes (independent vsftpd server )*

Function: You can only connect to the FTP server, but cannot upload or download files.

Note: All links related to log welcome information are optional. If an asterisk is used, all accounts must be added. This is a basic FTP option.

2. enable Anonymous FTP Server Upload permission

Add the following information to the configuration file:

Anon_upload_enable = Yes (Open upload permission)

Anon_mkdir_write_enable = Yes (you can create a directory and upload files to it)

Write_enable = Yes (grant write permission to local users)

Anon_other_write_enable = Yes (anonymous accounts can have the permission to delete)

3. Enable the permission for downloading anonymous servers

Add the following information to the configuration file:

Anon_world_readable_only = No

Note: Pay attention to the folder attributes. An anonymous account is another (other) user who wants to enable its read and write permissions.

(R) read ----- download (w) Write ---- upload (x) execute ---- if FTP directory is not enabled

4. Connection to the FTP server of a common user (independent server)

Add the following information to the configuration file:

Local_enble = Yes (the local account can log on)

Write_enable = No (You are not authorized to delete or modify files after logging on to the local account)

Function: You can use a local account to log on to the vsftpd server and have the permission to download and upload files.

Note: The anonymous server can log on but cannot upload or download the information that disables Anonymous logon.

5. User Login is restricted to other directories, but only to its main directory

Set all local users to execute chroot

Chroot_local_user = Yes (all local accounts can only be in their own directories)

Set the specified user to execute chroot

Chroot_list_enable = Yes (the list in the file can be called)

Chroot_list_file =/any specified path/vsftpd. chroot_list

Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, add the account directly in the file.

6. restrict access by local users to FTP

Userlist_enable = Yes (use userlistlai to restrict user access)

Userlist_deny = No (users in the list are not allowed to access)

Userlist_file =/Specify the path where the file is stored/(the path where the file is stored)

Note: Enabling userlist_enable = yes for anonymous accounts cannot log on

7. Security Options

Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)

Data_connection_timeout = 120 (seconds) (idle 2 minutes)

Accept_timeout = 60 (seconds) (disconnect the client one minute later)

Connect_timeout = 60 (seconds) (disconnect again after 1 minute)

Local_max_rate = 50000 (BITE) (Local User transfer rate: 50 K)

Anon_max_rate = 30000 (BITE) (anonymous user transfer rate: 30 K)

Pasv_min_port = 50000 (change the client's data connection port

Pasv_max_port = 60000 between and)

Max_clients = 200 (maximum number of FTP connections)

Max_per_ip = 4 (maximum number of connections per IP)

Listen_port = 5555 (data connection from port 5555)

8. Check who logged on to FTP and killed the process.

PS-XF | grep FTP

Kill process number

Master of vsftpd

Author: Long lei

I am not a master !!! ^_^ I am just a cainiao. I have done my best to write a master article I think of as a cainiao. please correct me if you have any mistakes !!!

Environment: Linux as 3.0 + vsftpd-1.2.0-4 system architecture, which is under an independent server! Hate xinetd ^_^

1. Configure the FTP address accessed by the Local Group

First, create the main directory of the user group test and FTP

Groupadd Test

Mkdir/tmp/test

Then create a user

Useradd-g test-D/tmp/test-M usr1

Note: G: the user's Group D: indicates that the location of the user's own directory is specified.

M: do not create a default home directory, that is, there is no home directory.

Useradd-g test-D/tmp/test-M usr2

Then, change the owner and permissions of the folder.

Chown usr1.test/tmp/test ---- This indicates that the owner of/tmp/test is set to usr1

Chmod 750/tmp/test ---- 7 indicates WRX 5 indicates RX 0 indicates no Permissions

The purpose of this experiment is that usr1 has the upload, deletion, and download permissions.

However, usr2 only has the download permission and does not have the upload and deletion permissions.

Of course, don't forget our main configuration file vsftpd. conf.

Make sure that the local_enable = Yes, write_enable = Yes, And chroot_local_usr = Yes options are available!

2. Configure non-port standard mode for independent FTP servers for Data Connection

This is very easy: In vsftpd. Add in Conf

Listen_port= 33333

That's it!

Now, the most important thing is why I am a master! ^_^ (Do not throw eggs !)

3. configure a separate virtual FTP, use a virtual FTP user, and grant different permissions to the created four accounts.

(Two permissions are available for reading directories, one for browsing, uploading, and downloading, and the other for browsing, downloading, deleting, and modifying file names)

A: configure the NIC

The first NIC address is 10.2.3.4 and the mask is 255.255.0.0.

Ifconfig eth0: 1 211.131.4.253 netmask 255.255.255.0 up

B: Write to/etc/sysconfig (the IP address will not be lost after restarting)

CD/etc/sysconfig/network-Scripts

CP ifcfg-eth0 ifcfg-eth0: 1

VI ifcfg-eth0: 1 where the changes are as follows

Device = eth0: 1

Broadcast = 211.131.4.255

Hwaddr = MAC address of the NIC

Ipaddr = 211.131.4.253

Netmask = 255.255.255.0

Network = 211.131.4.0

Onboot = Yes

Type = Ethernet

WQ released

C: Enter the folder where vsftpd. conf is located.

CP vsftpd. conf vsftpd2.conf

Modify vsftpd. conf and add the following information:

Listen_address = 10.2.3.4

Modify vsftpd2.conf and add the following information:

Listen_address = 211.131.4.253

Ftpd_banner = This is a virtual FTP test

The virtual FTP server has been established.

D: Create logins.txt

VI/tmp/logins.txt

Add the following information:

Longlei ------------ User Name

Longlei ------------ Password

Zhangweibo

Zhangweibo

Jinhui

Jinhui

Lxp

Lxp

The format follows my instructions. One user name and one password.

F: Create a password library file for the visitor and modify its permissions.

Db_load-T-t hash-F/tmp/logins.txt/etc/vsftpd_login.db

G: Create ftp. vu in/etc/PAM. d /.

Add the following information to this file:

Auth required/lib/security/pam_userdb.so DB =/etc/vsftpd_login

Account required/lib/security/pam_userdb.so DB =/etc/vsftpd_login

H: create a directory in/var/FTP/and change its attributes and its owner

Useradd-D/var/FTP/test Qiang

Chmod 700/var/FTP/test

Add the test_file test file to the directory.

I: Go to vsftpd2.conf to modify the information (I added it)

Listen_yes

Anonymous_enable = No

Local_enable = Yes

Write_enable = No

Anon_upload_enable = No

Anon_mkdir_write_enable = No

Anon_other_write_enable = No

Chroot_local_user = Yes

Guest_enable = Yes ---------- starting with a virtual user

Guest_username = Qiang ------ map virtual users to local users

Listen_port= 5555

Max_client = 10

Max_per_ip = 1

Ftpd_banner = This is a virtual server and users

Pam_service_name = ftp. vu

Note: The lower the permissions given in the master configuration file, the larger the space for permission classification during user management, because the maximum number of Master configuration files is limited, the service first reads the master configuration file and then reads the configuration file of the user.

Restart service

Now the virtual user is created.

J: In vsftpd. Create the volume aul file directory in the conf directory.

Create a configuration file named after your user name in the file directory.

Longlei zhangweibo o jinhui lxp

Add the following to longlei:

Anon_world_readable_only = No

Add in lxp

Anon_world_readable_only = No

In this way, the two users have permission to browse the directory.

Add in jinhui

Anon_world_readable_only = No

Write_enable = Yes

Anon_upload_enable = Yes

This user has the permission to upload, download, and browse

Add

Anon_world_readable_only = No

Write_enable = Yes

Anon_upload_enable = Yes

Anon_other_write_enable = Yes

This user has the permission to upload, download, delete file directories, modify file names, and browse

K: Modify vsftpd2.conf

Add user_config_dir =/vsftpd. conf to the directory/virtual

Restart the server.

Well, don't go away. Now we are introducing vsftpd. All configuration information I know in Conf

Anonymous_enable = Yes (anonymous login allowed)

Dirmessage_enable = Yes (The. Message content under the directory is displayed when the directory is switched)

Local_umask = 022 (local file permission on FTP, default: 077)

Connect_form_port_20 = Yes (enable data connection on the FTP data port )*

Xferlog_enable = Yes (enable upload and download logs)

Xferlog_std_format = Yes (use the standard log format)

Ftpd_banner = XXXXX (welcome information)

Pam_service_name = vsftpd (Verification Method )*

Listen = Yes (independent vsftpd server )*

Anon_upload_enable = Yes (Open upload permission)

Anon_mkdir_write_enable = Yes (you can create a directory and upload files to it)

Write_enable = Yes (grant write permission to local users)

Anon_other_write_enable = Yes (anonymous accounts can have the permission to delete)

Anon_world_readable_only = No (open anonymous user browsing permission)

Ascii_upload_enable = Yes (enable the upload ASCII transfer mode)

Ascii_download_enable = Yes (enable the ASCII transmission mode for download)

Banner_file =/var/vsftpd_banner_file)

Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)

Data_connection_timeout = 120 (seconds) (idle 2 minutes)

Accept_timeout = 60 (seconds) (disconnect the client one minute later)

Connect_timeout = 60 (seconds) (disconnect again after 1 minute)

Local_max_rate = 50000 (BITE) (Local User transfer rate: 50 K)

Anon_max_rate = 30000 (BITE) (anonymous user transfer rate: 30 K)

Pasv_min_port = 50000 (change the client's data connection port

Pasv_max_port = 60000 between and)

Max_clients = 200 (maximum number of FTP connections)

Max_per_ip = 4 (maximum number of connections per IP)

Listen_port = 5555 (data connection from port 5555)

Local_enble = Yes (the local account can log on)

Write_enable = No (You are not authorized to delete or modify files after logging on to the local account)

This is a group

Chroot_local_user = Yes (all local accounts can only be in their own directories)

Chroot_list_enable = Yes (the list in the file can be called)

Chroot_list_file =/any specified path/vsftpd. chroot_list

(Prerequisite: chroot_local_user = No)

This is another group

Userlist_enable = Yes (users in the specified file cannot access it)

Userlist_deny = Yes

Userlist_file =/specified path/vsftpd. user_list

I started the ticket again.

Banner_fail =/path/file name (the file content is displayed when the connection fails)

Ls_recurse_enable = No

Async_abor_enable = Yes

One_process_model = Yes

Listen_address = 10.2.2.2 (bind the virtual service to a port)

Guest_enable = Yes (Virtual users can log on)

Guest_username = User Name (ing virtual users to local users)

User_config_dir =/any specified path/folder created by the user policy

(Specify the path of different virtual user configuration files)

Another group

Chown_uploads = Yes (change the owner of the uploaded file to root)

Chown_username = root

Another group

Deny_email_enable = Yes (whether anonymous users are allowed to use certain email addresses)

Banned_email_file = // any specified path/XX/

Yes

Pasv_enable = Yes (server uses passive mode)

User_config_dir =/any specified path // any file directory (specify the path where the virtual user stores the configuration file)

To use a local user to log in and close the Guest user, you must set the following command:

Anonymous_enable = No
Guest_enable = No
Local_enable = Yes
Write_enable = Yes
Local_umask = 022
Chroot_list_enable = Yes
Chroot_list_file =/etc/vsftpd. chroot_list (if not, create it by yourself)

(Enter the local user name to be logged on in ETC/vsftpd. chroot_list)

========================================================== ====================
Solve Chinese garbled vsftpd Problems

It is recommended that the compiled vsftpd be the same as the source installation.
It is best to install vsfpd in the source first, and then configure all the functions to solve Chinese garbled characters.
After you delete the source vsftpd, ITS/init. d/vsftpd and/vsftpd. conf will not be deleted. You can lay a good foundation for us, or you will find it helpless! If you compile and install the SDK directly, the attachment will show my init. d/vsftpd and vsftpd. conf files. overwrite them to/etc!

This requires manual compilation. Don't worry about it. It's actually very simple.
Start compilation preparation and prepare the library packages required by the compiling environment.
Sudo apt-Get build-dep vsftpd
----------------------------------------
Here, we use vsftpd in the source to be installed first, and then uninstall it.
Sudo apt-Get install vsftpd
Sudo apt-Get remove vsftpd
-----------------------------------------
Download the attachment and decompress the package
Tar-zxvf vsftpd-2.0.6
CD vsftpd-2.0.6
Sudo su: Use the root user to start Compilation
Make # compile the command. If no error occurs, the command is successful.
Make install # Install
If the directory cannot be found during installation, create the missing directory.
Basically, the system prompts that the/man8 and/man5 directories are missing. After the directories are created, make install again.

Next we will test the effect of modifying the configuration file, add
Charset_filter_enable = yes # enable character filtering
Charset_client = gb2312 # Set the client character to simplified Chinese
Now let's test the service.
Sudo/etc/init. d/vsftpd restart

Upload a Chinese file under Win to see the effect. Then, close the character in the configuration file and restart the service.

If you have any questions, please reply and leave a message
Tested. The server ubuntu8.04-server, client XP, and XP are encoded normally after being uploaded.
Additional issues
1: If/etc/init. d/vsftpd restart without any output, please change/init. d/vsftpd: Set the start path to/usr/local/sbin/vsftpd, because the first step is to install the directory first.
2: If anonymous users cannot log on, the system always prompts that anonymous login is not allowed, and the configuration file is set to allow, Please create a directory
After sudo mkdir/usr/share/empty is created
3: If you upload files in Linux, if the tool permits it, set it to gb2312 encoding or use English as much as possible.
4: Because the patch covers the original program to a certain extent, there is a 2g limit, there is time to look at the source code, basically determined to be a numerical overflow problem
If it is fixed, it will be added