Install and Configure Ftp In Ubuntu (vsftpd)

Source: Internet
Author: User
There are many Ftp software in Ubuntu: google: some of the general features: wu-Ftp: relatively old-fashioned, but there are many attacks against it, it is difficult to set up, however, it has powerful functions. ProFtpd: implements all functions of wu-Ftp and server-U. High Security, but slightly more complex than vcFtpd configuration. VsFtpd: The function is powerful and the configuration is relatively simple. vsFtpd is selected because it is secure and fast. If proFtpd is selected, it is occasionally seen that webmin supports it, so it is used, for the convenience of Ftp software in Ubuntu, there are many types of software: google: a variety of general features:
Wu-Ftp: it is relatively old-fashioned, but has many attacks against it. It is difficult to set up but has powerful functions.
ProFtpd: implements all functions of wu-Ftp and server-U. High Security, but slightly more complex than vcFtpd configuration.
VsFtpd: Powerful and easy to configure

Vsftop is selected because it is secure and fast.
If you select proFtpd, you will occasionally see that webmin supports it, so it is used for convenience.
Serv-U is widely used in windows. Serv-U is convenient, but the biggest problem is piracy.

VsFtpd is mostly the Ftp software that comes with linux systems, and websites such as FREEBSD are all used, and the configuration is much simpler, so we also adopt vsFtpd

Installation:
Sudo apt-get install vsFtpd
Configuration:
Back up the source file:
Sudo cp/etc/vsFtpd. conf/etc/vsFtpd. conf. old

Then modify
Sudo vi/etc/vsFtpd. conf

Anonymous_enable = yes (anonymous login allowed)
Dirmessage_enable = yes (The. message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on Ftp, default: 077)
Connect_form_port_20 = yes (enable data connection on the Ftp data port )*
Xferlog_enable = yes (enable upload and download logs)
Xferlog_std_format = yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsFtpd (Verification Method )*
Listen = yes (independent VSFtpD server )*
Function: You can only connect to the Ftp server, but cannot upload or download files.
Note: All links related to log welcome information are optional. If an asterisk is used, all accounts must be added. This is a basic Ftp option.

Enable Anonymous Ftp Server Upload permission
Add the following information to the configuration file:

Anon_upload_enable = yes (Open upload permission)
Anon_mkdir_write_enable = yes (you can create a directory and upload files to it)
Write_enable = yes (grant write permission to local users)
Anon_other_write_enable = yes (anonymous accounts can have the permission to delete)
Enable the permission for downloading an anonymous server
Anon_world_readable_only = no
Note: Pay attention to the folder attributes. An anonymous account is another (other) user who wants to enable its read and write permissions.
(R) read ----- download (W) Write ---- upload (X) execute ---- if Ftp directory is not enabled
Local_enble = yes (the local account can log on)
Write_enable = no (You are not authorized to delete or modify files after logging on to the local account)
Function: You can use a local account to log on to the vsFtpd server and have the permission to download and upload files.
Note: The anonymous server can log on but cannot upload or download the information that disables Anonymous logon.

User Login is restricted to other directories, but only to its main directory
Set all local users to execute chroot


Chroot_local_user = yes (all local accounts can only be in their own directories)
Set the specified user to execute chroot


Chroot_list_enable = yes (the list in the file can be called)
Chroot_list_file =/any specified path/vsFtpd. chroot_list
Note: vsFtpd. chroot_list is not created and needs to be added by yourself. To control the account, add the account directly in the file.

Restrict access to Ftp by local users
Userlist_enable = yes (use userlistlai to restrict user access)
Userlist_deny = no (users in the list are not allowed to access)
Userlist_file =/Specify the path where the file is stored/(the path where the file is stored)
Note: Enabling userlist_enable = yes for anonymous accounts cannot log on

Security Options
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (bite) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (bite) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000 (change the client's data connection port
Pasv_max_port = 60000 between and)
Max_clients = 200 (maximum number of Ftp connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)
Check who logged on to Ftp and killed the Ftp process.
Ps-xf | grep Ftp
Kill process number

Pay attention to file permissions during configuration. After anonymous and local access is enabled, the key is File Permission settings. To assign different permissions to different users, you can generate a group, such as Ftpuser, then grant it the permissions such as 755. The chroot () setting can restrict local users to the directories at logon, which is very important for security, this can be the directory specified by local_root for local user logon. It is responsible for the corresponding directory in/home.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.