How to configure FTP and Web Services in linux fedora core 5

Detailed vsftpd Server Configuration
Related Files:
/Etc/vsftpd. conf main configuration file
/Etc/vsftpd. ftpusers specifies which users cannot access the FTP server
/Etc/vsftpd. user_list can be used to determine whether the specified user in the file can access the ftp server based on the settings in the vsftpd. conf file.
/Etc/rc. d/init. d/vsftpd Startup Script File
2. Modify the/etc/vsftpd. conf file.
# Vi/etc/vsftpd. conf
Function: sets FTP server related options.
File Format: # description
...........
...........
Configuration Options
...........
...........
Note: The vsftpd. Conf file consists of various configuration options, which are divided into the following categories:
2.1 connection options
2.1.1. Listener address and control port
Listen_address = ip address
Specifies the IP address on which the host listens for FTP requests (the default value is none for multiple IP hosts in the independent startup mode)
Listen_port = port_value
Specifies the port number (control port) listened to by the FTP server. The default value is 21. This option takes effect in standalone mode.
2.1.2.FTP mode and data port
Port_enable = YES | NO
Specifies the data connection mode. The default value is YES (PORT mode, NO is PASV mode)
Connect_from_port_20 = YES | NO
Control whether PORT 20 (ftp-data) is used for data transmission in PORT mode. (YES, NO, NO by default)
Ftp_data_port = port number
Set the ftp-data value. The default value is 20. This parameter is used in port ftp mode.
Port_promiscuous = YES | NO
The default value is NO. If YES, cancel the PORT security check. This check ensures that the outgoing data can only be connected to the client. Enable this option with caution.
Pasv_enable = YES | NO
YES. PASV mode is used for data transmission. NO. PASV mode is not allowed. The default value is YES.
Pasv_min_port = port number
Pasv_max_port = port number
In PASV mode, the lower and upper bounds of the port range can be used for data transmission. The value 0 indicates any port range. The default value is 0. Setting the port range in a relatively high range, such as 50000-60000 will help improve security.
Pasv_promiscuous = YES | NO
When this option is activated, security checks in PASV mode are disabled. This check ensures that the data connection and control connection come from the same IP address. Enable this option with caution. The only rational use of this option is that it exists in an organization consisting of a security tunnel solution. The default value is NO.
Pasv_address = ip address
This option is a digital IP address and serves as a response to the PASV command. The default value is none, that is, the address is obtained from the incoming connection socket (incoming connectd socket.
2.1.3.ASCII Mode
Ascii_upload_enable = YES | NO
Checks whether files can be uploaded in ascii mode. If YES, NO is allowed. The default value is NO.
Ascii_download_enable = YES | NO
Controls whether to allow files to be downloaded in ascii mode. YES indicates YES. NO indicates NO. The default value is NO.
2. Performance and load control
2.2.1. Timeout options
Idle_session_timeout = numerical value
Idle (in a daze) user session timeout time. If no data transmission or command input exceeds this time, the disconnection is forced. The Unit is seconds. The default value is 300.
Data_connection_timeout = numerical value
The timeout value for idle data connections. Default Value: 300 seconds.
Accept_timeout = numerical value
Accept the timeout setting for online setup, in seconds. The default value is 60.
Connect_timeout = numerical value
Timeout setting for data connection in the Response PORT mode, in seconds. The default value is 60. If the preceding two options are used for clients, the connection is automatically interrupted after the client is idle for one minute, and the connection is automatically activated after the client is interrupted for one minute.
2.2.2. Load Control
Max_clients = numerical value
This parameter is valid in standalone Mode For VSFTPD. This parameter defines the maximum number of concurrent connections on the FTP server. When the number of connections exceeds this limit, the server rejects the client connection. The default value is 0, indicating no limit to the maximum number of connections.
Max_per_ip = numerical value
This parameter is valid in standalone Mode For VSFTPD. This parameter defines the maximum number of concurrent connections for each IP address. If this number is exceeded, the connection will be rejected. The setting of this option affects multi-process download software such as the Internet Express. The default value is 0, indicating no restriction.
Anon_max_rate = value
Sets the maximum data transmission speed value for anonymous users, in Bytes/s. None by default.
Local_max_rate = value
Sets the maximum data transmission speed value, in Bytes/s. None by default. This option applies to all users.
2. 3. User options
2.3.1. Anonymous Users
Anonymous_enable = YES | NO
Checks whether anonymous users are allowed to log on. YES indicates YES. NO indicates NO. The default value is YES.
Ftp_username = username
The system username used by anonymous users. By default, this parameter is not displayed in the configuration file and its value is ftp.
No_anon_password = YES | NO
Controls whether anonymous users need a password when logging on. YES, NO. The default value is NO.
Deny_email_enable = YES | NO
The default value of this parameter is NO. When the value is YES, anonymous users who use the banned_email_file parameter to specify the e-mail address listed in the file for Logon are denied. That is, anonymous users are denied logon by using the e-mail listed in the banned_email_file file. Obviously, this is effective for blocking some Dos attacks. When this parameter is valid, You need to append the banned_email_file parameter.
Banned_email_file =/etc/vsftpd. banned_emails
Specifies the file containing the rejected email address. The default file is/etc/vsftpd. banned_emails.
Anon_root = path
Set the root directory of the anonymous user, that is, the root directory of the anonymous user. The default value is/var/ftp /.
Anon_world_readable_only = YES | NO
Controls whether only anonymous users are allowed to download readable documents. YES. Only anonymous users are allowed to download readable files. NO. allows anonymous users to browse the file system of the entire server. The default value is YES.
Anon_upload_enable = YES | NO
Controls whether anonymous users are allowed to upload files. YES, NO, NO, default value: NO. In addition to this parameter, an anonymous user needs two conditions to upload a file: 1. The write_enable parameter is YES; 2. on the file system, anonymous FTP users have write permission on a directory.
Anon_mkdir_write_enable = YES | NO
Controls whether anonymous users are allowed to create new directories. YES indicates YES. NO indicates NO. By default, NO indicates NO. Of course, in the file system, anonymous FTP users must have the write permission on the upper-level directory of the new directory.
Anon_other_write_enable = YES | NO
Controls whether anonymous users have permissions other than uploading and creating directories, such as deleting and renaming. YES. NO. The default value is NO.
Chown_uploads = YES | NO
Whether to modify the ownership of the files uploaded by anonymous users. YES, the ownership of the files uploaded by anonymous users will be changed to that of another different users. The user is specified by the chown_username parameter. The default value of this option is NO.
Chown_username = whoever
Specifies a user with the ownership of the uploaded files by an anonymous user. This parameter is used with chown_uploads. Root users are not recommended.
2.3.2. Local User
Local_enable = YES | NO
Controls whether users of the system where vsftpd is located can log on to vsftpd. The default value is YES.
Local_root =
Define the root directory of all local users. When a local user logs in, it is replaced with this directory. The default value is none.
User_config_dir =
Define the directory where the user's personal configuration file is located. The user's personal configuration file is a file of the same name under this directory. The format of the personal configuration file is the same as that of vsftpd. conf. For example, to define user_config_dir =/etc/vsftpd/userconf and host users xiaowang and lisi, we can add two files named xiaowang and lisi in the user_config_dir directory. When you log on to lisi, VSFTPD reads the set value in the lisi file under user_config_dir and applies it to lisi. The default value is none.
2.3.3. Virtual user
Guest_enable = YES | NO
If this function is enabled, all non-Anonymous logins are considered as guest. The default value is disabled.
Guest_username =
Define the username of the guest user of VSFTPD in the system. The default value is ftp.
2. 4. Security measures
2.4.1. User Logon Control
Pam_service_name = vsftpd
The PAM Configuration File name used by VSFTPD for PAM Authentication. The default value is vsftpd, and the default PAM Configuration File is/etc/pam. d/vsftpd.
/Etc/vsftpd. ftpusers
VSFTPD prohibits users listed in this file from logging on to the FTP server. This mechanism is set by default in/etc/pam. d/vsftpd.
Userlist_enable = YES | NO
After this option is activated, VSFTPD reads the user list in the file specified by the userlist_file parameter. When a user in the list logs on to the FTP server, the user is denied before prompted to enter the password. After the user name is entered, VSFTPD finds that the user name is in the list. VSFTPD directly disallows the user and does not perform subsequent steps such as asking for the password. The default value is NO.
Userlist_file =/etc/vsftpd. user_list
Indicates the files that contain the user list that are read after the userlist_enable option takes effect. The default value is/etc/vsftpd. user_list.
Userlist_deny = YES | NO
Decide whether to prohibit or only allow users in the file specified by userlist_file to log on to the FTP server. This option takes effect only after the userlist_enable option is enabled. YES, the default value is to prohibit users in the file from logging on, and do not prompt these users to enter a password. NO. Only users in the file can log on to the FTP server.
Tcp_wrappers = YES | NO
Use the TCP_Wrappers remote access control mechanism in VSFTPD. The default value is YES.
2.4.2. Directory Access Control
Chroot_list_enable = YES | NO
Lock some users in their own directories. That is, after these users log on, they cannot be transferred to other directories in the system, but only under their own directories (and their subdirectories. Specific users are listed in the files specified by the chroot_list_file parameter. The default value is NO.
Chroot_list_file =/etc/vsftpd/chroot_list
List Files of users locked in their directories. The file format is one user per row. This file is usually/etc/vsftpd/chroot_list. This option is not set by default.
Chroot_local_users = YES | NO
Lock local users in their own directories. When this item is activated, the functions of the chroot_list_enable and chroot_local_users parameters will change. users in the files specified by chroot_list_file will not be locked in their own directories. After this parameter is activated, security conflicts may occur, especially when the user has the upload and shell access permissions. Therefore, you can open this parameter only when you know it. The default value is NO.
Passwd_chroot_enable = YES | NO
When this option is activated, with the chroot_local_user option, the location of the chroot () container can be specified based on each user. Each user's container comes from its own directory Field in/etc/passwd. The default value is NO.
2.4.3. File Operation Control
Hide_ids = YES | NO
Whether to hide the owner and group information of an object. YES. When you use commands such as "ls-al", the owner and group information of all files in the directory list is displayed as ftp. The default value is NO.
Ls_recurse_enable = YES | NO
YES. The "ls-R" command is allowed. This option has a small security risk because using "ls-R" in the root directory of a large FTP site will consume a large amount of system resources. The default value is NO.
Write_enable = YES | NO
Controls whether to allow any FTP commands that can modify the file system, such as STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE. The default value is NO, but this option is enabled in the built-in simple configuration file.
Secure_chroot_dir =
This option points to an empty directory, and the ftp user has no write permission to this directory. When vsftpd does not need to access the file system, this directory will be used as a secure container, and users will be restricted in this directory. The default directory is/usr/share/empty.
2.4.4. added file permission settings
Anon_umask =
Umask value of the newly added file for anonymous users. The default value is 077.
File_open_mode =
The permission to upload files, which is the same as the value used by chmod. If you want to upload a file that can be executed, set this value to 0777. The default value is 0666.
Local_umask =
Umask value when a local user adds a file. The default value is 077. However, most other FTP servers use 022. If your user wishes to, you can change it to 022. In the built-in configuration file, this item is set to 022.
2. 5. Prompt information
Ftpd_banner = login banner string
This parameter defines the login banner string (logon welcome speech string ). You can modify the settings on your own. The default value is none. After ftpd_banner is set, the original welcome letter of the system will be replaced.
Banner_file =/directory/vsftpd_banner_file
This item specifies a text file. The content of this file is displayed when the user logs in. It is usually a welcome word or description. The default value is none. Compared with ftpd_banner, banner_file is a text file, while ftpd_banner is a string file. The banner_file option replaces the ftpd_banner option.
Dirmessage_enable = YES | NO
Determines whether to enable the directory prompt function. YES. NO is enabled. The default value is YES. After this function is enabled, when a user enters a directory, the user will check whether the file specified by the message_file option is in this directory. If yes, the content of this document will appear, this file usually contains welcome words or descriptions of the directory.
Message_file =
This option takes effect only when the dirmessage_enable option is enabled. The default value is. message.