Introduction to vsftpd Configuration

Vsftpd configuration details-linux Enterprise Application-Linux server application information-Mago Linux content sharing-the following is a detailed description. Introduction to vsftpd Configuration
Vsftpd (very secure FTP, very secure FTP) is an ftp server software released based on GPL on unix-like systems. Currently
It has been used by ftp sites of many large enterprises.
In addition to the inherent security of vsftpd, high speed and high stability are two important features of vsftpd. In terms of speed, the Gigabit Ethernet
The download speed on the internet is up to 86 Mbit/s. In terms of stability, a single machine can connect more than 4000 concurrent users at the same time.
Vsftpd user authentication methods include:
Anonymous user
Authorized users-> system users
-> Virtual user-> local database file
-> Mysql database
-> LDAP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Directory
1. Install vsftpd
Ii. vsftpd. conf configuration file details
Iii. vsftpd based on local database file Authentication
Iv. vsftpd Based on mysql Database Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Install vsftpd using yum
1. Install vsftpd
# Yum-y install vsftpd
2. Start the vsftpd service and automatically start it next time it is started.
# Service vsftpd restart
# Chkconfig vsftpd on

Ii. vsftpd. conf configuration file details
By default, the main vsftpd configuration file installed with rpm has many options in the/etc/vsftpd. conf file. The following describes their advantages.
1. Anonymous user class
Anonymous_enable = yes whether anonymous users are allowed to access

Anon_umask = 022 set the default permission mask for files uploaded by anonymous users

Anon_root =/var/ftp: Set the ftp root directory for anonymous users (not set to the/var/ftp directory by default)

Anon_upload_enable = yes whether anonymous users are allowed to upload files

Anon_mkdir_write_enable = yes: whether to allow anonymous users to create directory write permissions

Anon_other_write_enable = yes: whether anonymous users are allowed to write data, for example, renaming, overwriting, and deleting a file.

Anon_max_rate = 0 the maximum transmission rate for anonymous users is 0.
2. Local User class
Local_enable = yes whether local system access is allowed

Local_umask = 022 set the default permission mask for the files uploaded by the local user

Local_root =/var/ftp set the ftp and directory of the local user

Chroot_local_user = yes: whether to block ftp local users in the Home Directory

Local_max_rate = 0 limit the maximum transmission rate of local users. 0 is unlimited (in bytes)
3. Global Configuration
Listen = yes whether to Listen to the Service in standalone Mode

Listen_port = 21 set the port for listening to the ftp service

Write_enable = yes enable any form of write permission (such as uploading and deleting files ).

Download_enable = yes: Indicates whether to allow downloading files. (Only browsing is allowed. The uploaded ftp server can be set to NO)

Dirmessage_enable = yes the content of the message file (if any) is displayed when the user switches to the directory.

Xferlog_enable = yes enable xferlog to the/var/log/xferlog file by default.

Xferlog_std_format = yes enable the standard xferlog format. If this option is disabled, the vsftpd log format is used.

Connect_from_Port_20 = yes allow active server mode (Data Connection established from Port 20)

Pasv_enable = yes allow passive mode connection

Pasv_max_port = 24600 set the maximum Port Number of the server for Passive Mode

Pasv _ min_port = 24500 set the minimum port number of the server for Passive Mode

Pam_Service_name = vsftpd: Set the PAM file location for User Authentication

Userlist_enable = yes whether use_list user list files are enabled

Userlist_deny = yes whether to disable users in the user_list user list

Max_clients = 0 the maximum number of clients allowed to connect simultaneously (0 is unlimited)

Max_per_ip = 0 maximum number of concurrent connections allowed for a client from the same IP address (0 is unlimited)

Tcp_wrappers = yes whether tcp_wrappers is enabled

3. Configure the virtual user and use the local database as the authentication source
1. Install related software packages
# Yum-y install db4-utils
2. Create a local user mapped to a virtual user
# Useradd-d/ftp-s/sbin/nologin vuser
# Chmod o = rwx/ftp
3. Modify the main configuration file of vsftpd,
# Vim/etc/vsftpd. conf:
Anonymous_enable = YES
Local_enable = YES
Write_enable = YES
Local_umask = 022
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Listen = YES

Pam_service_name = vsftpd
Userlist_enable = YES
Tcp_wrappers = YES
Guest_enable = yes # Enable User ing
Guest_username = vuser # system user mapped by the virtual user
User_config_dir =/etc/vsftpd/vuser_conf # virtual user permission directory
4. Modify PAM Authentication
# Vim/etc/pam. d/vsftpd # comment on or delete the content in the file. The content is as follows:
Auth required pam_userdb.so db =/etc/vsftpd/ftpuser
Account required pam_userdb.so db =/etc/vsftpd/ftpuser
5. Create a virtual user name and password file
Vim/etc/vsftpd/user.txt # The content is as follows:
Test # User Name
1111 # password for test
Tech # User Name
2222 # tech Password
6. Generate the database file of the virtual user
# Db_load-T-t hash-f/etc/vsftpd/user.txt/etc/vsftpd/ftpuser. db
# Chmod 600/etc/vsftpd/ftpuser. db
7. configure access permissions for virtual users
Configure permissions for the test user
# Vim/etc/vsftpd/vuser_conf/test:
Local_root =/ftp # Set the root directory of the ftp user
Anon_upload_enable = yes # files can be uploaded
Anon_mkdir_write_enable = yes # You can create directories and write permissions.
Anon_other_write_enable = yes # The user has other permissions (such as renaming, overwriting, and deleting a file)


Set permissions for tech users
# Vim/etc/vsftpd/vuser_conf/tech content:
Local_root =/ftp # Set the root directory
Anon_upload_enable = yes # files can be uploaded
Anon_mkdir_write_enable = yes # You can create directories and write permissions.
Anon_other_write_enable = yes # The user has other permissions (such as renaming, overwriting, and deleting a file)
8. Restart the vsftpd service.
# Service vsftpd restart