B. enable Anonymous FTP Server Upload permission
Add the following information to the configuration file:
Anon_upload_enable = Yes (Open upload permission)
Anon_mkdir_write_enable = Yes (you can create a directory and upload files to it)
Write_enable = Yes (grant write permission to local users)
Anon_other_write_enable = Yes (anonymous accounts can have the permission to delete)
C. enable Anonymous Server Download permission
Add the following information to the configuration file:
Anon_world_readable_only = No
Note: Pay attention to the folder attributes. An anonymous account is another (other) user who wants to enable its read and write permissions.
(R) read ----- download (w) Write ---- upload (x) execute ---- if FTP directory is not enabled
D. Connection to the FTP server of a common user (independent server)
Add the following information to the configuration file:
Local_enble = Yes (the local account can log on)
Write_enable = No (You are not authorized to delete or modify files after logging on to the local account)
Function: You can use a local account to log on to the vsftpd server and have the permission to download and upload files.
Note: The anonymous server can log on to but cannot upload or download the information that prohibits anonymous login. E. User Login is restricted to other directories and can only be imported into its main directory.
Set all local users to execute chroot
Chroot_local_user = Yes (all local accounts can only be in their own directories)
Set the specified user to execute chroot
Chroot_list_enable = Yes (the list in the file can be called)
Chroot_list_file =/any specified path/vsftpd. chroot_list
Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, add the account directly in the file.
F. restrict access by local users to FTP
Userlist_enable = Yes (use userlistlai to restrict user access)
Userlist_deny = No (users in the list are not allowed to access)
Userlist_file =/Specify the path where the file is stored/(the path where the file is stored)
Note: Enabling userlist_enable = yes for anonymous accounts cannot log on
G. Security Options
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (BITE) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (BITE) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000 (change the client's data connection port
Pasv_max_port = 60000 between and)
Max_clients = 200 (maximum number of FTP connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)
H. Check who logged on to FTP and killed the process.
PS-XF | grep FTP
Kill process number 5. Advanced part test: configure the ftp
First, create the main directory of the user group test and FTP
Groupadd Test
Mkdir/tmp/test
Then create a user
Useradd-g test-D/tmp/test-M usr1
Note: G: the user's Group D: indicates that the location of the user's own directory is specified.
M: do not create a default home directory, that is, there is no home directory.
Useradd-g test-D/tmp/test-M usr2
Then, change the owner and permissions of the folder.
Chown usr1.test/tmp/test ---- This indicates that the owner of/tmp/test is set to usr1
Chmod 750/tmp/test ---- 7 indicates WRX 5 indicates RX 0 indicates no Permissions
The purpose of this experiment is that usr1 has the upload, deletion, and download permissions.
However, usr2 only has the download permission and does not have the upload and deletion permissions.
Of course, don't forget our main configuration file vsftpd. conf.
-----------------------------------------------------------------------
Change User Password or Add User Password
Take user name as an example. Add User: useradd name, SET Password: passwd name, and enter the password twice as prompted.
Deleting a user: userdel name is not completely deleted, but the user cannot log on and the files in the directory are still retained.
Example: useradd Username
Passwd Username
Userdel Username
---------------------------------------------------------------
Make sure that the local_enable = Yes, write_enable = Yes, And chroot_local_usr = Yes options are available!
6. A brief description of the parameters in vsftpd. conf:
Anonymous_enable = Yes (anonymous login allowed)
Dirmessage_enable = Yes (The. Message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on FTP, default: 077)
Connect_form_port_20 = Yes (enable data connection on the FTP data port )*
Xferlog_enable = Yes (enable upload and download logs)
Xferlog_std_format = Yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsftpd (Verification Method )*
Listen = Yes (independent vsftpd server )*
Anon_upload_enable = Yes (Open upload permission)
Anon_mkdir_write_enable = Yes (you can create a directory and upload files to it)
Write_enable = Yes (grant write permission to local users)
Anon_other_write_enable = Yes (anonymous accounts can have the permission to delete)
Anon_world_readable_only = No (open anonymous user browsing permission)
Ascii_upload_enable = Yes (enable the upload ASCII transfer mode)
Ascii_download_enable = Yes (enable the ASCII transmission mode for download)
Banner_file =/var/vsftpd_banner_file)
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (BITE) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (BITE) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000 (change the client's data connection port
Pasv_max_port = 60000 between and)
Max_clients = 200 (maximum number of FTP connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)
Local_enble = Yes (the local account can log on)
Write_enable = No (You are not authorized to delete or modify files after logging on to the local account)
This is a group
Chroot_local_user = Yes (all local accounts can only be in their own directories)
Chroot_list_enable = Yes (the list in the file can be called)
Chroot_list_file =/any specified path/vsftpd. chroot_list
(Prerequisite: chroot_local_user = No)
This is another group
Userlist_enable = Yes (users in the specified file cannot access it)
Userlist_deny = Yes
Userlist_file =/specified path/vsftpd. user_list
I started the ticket again.
Banner_fail =/path/file name (the file content is displayed when the connection fails)
Ls_recurse_enable = No
Async_abor_enable = Yes
One_process_model = Yes
Listen_address = 10.2.2.2 (bind the virtual service to a port)
Guest_enable = Yes (Virtual users can log on)
Guest_username = User Name (ing virtual users to local users)
User_config_dir =/any specified path/folder created by the user policy
(Specify the path of different virtual user configuration files)
Another group
Chown_uploads = Yes (change the owner of the uploaded file to root)
Chown_username = root
Another group
Deny_email_enable = Yes (whether anonymous users are allowed to use certain email addresses)
Banned_email_file = // any specified path/XX/
Yes
Pasv_enable = Yes (server uses passive mode)
User_config_dir =/any specified path // any file directory (specify the path where the virtual user stores the configuration file)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
