1. Install FTPS--VSFTPD:
#yum Install VSFTPD
2. Specify the upload download directory configuration:
such as: User name: XXX, need to specify directory:/xxx/xxx
#useradd-d/xxx/xxx-s/sbin/nologin xxx
#vi/etc/vsftpd/vsftp.conf
Chroot_local_user=yes #将所有本地用户限制在自家目录中, no is not limited. The following instructions indicate that the user specified in this directive is excluded from all local users.
Chroot_list_enable=yes #是否允许vsftpd读取一个提供了用户名的文件, if the chroot_local_user instruction is yes, the user in the file will not be restricted to the home home directory if chroot_local If the _user is no, these users will be restricted.
Chroot_list_file=/etc/chroot_list
Chroot_list does not exist in the directory and needs to be created and configured:
#vi chroot_list
XXX #写入你指定的用户名即可
Some configurations of vsftpd.conf are introduced:
1. Connections to anonymous servers (standalone server)
Add the following items in the/etc/vsftpd/vsftpd.conf configuration file:
Anonymous_enable=yes (Allow anonymous login)
Dirmessage_enable=yes (when switching directories, display the contents of the. Message in the directory)
local_umask=022 (local file permissions on FTP, default is 077)
Connect_form_port_20=yes (data connection with FTP data port enabled) *
Xferlog_enable=yes (active upload and down log)
Xferlog_std_format=yes (using the standard log format)
FTPD_BANNER=XXXXX (Welcome information)
PAM_SERVICE_NAME=VSFTPD (Verification method) *
Listen=yes (Standalone VSFTPD server) *
Function: can only connect FTP server, cannot upload and transmit
Note: All of them and the log welcome information related to is optional, hit the asterisk no matter what account to add, is the basic FTP option
2. Turn on anonymous FTP server upload permissions
Add the following information to the configuration file:
Anon_upload_enable=yes (open upload permission)
Anon_mkdir_write_enable=yes (You can also upload files in this directory while creating a directory)
Write_enable=yes (open Local user write permission)
Anon_other_write_enable=yes (anonymous account can have delete permission)
3. Turn on anonymous server permissions
Add the following information to the configuration file:
Anon_world_readable_only=no
Note: To note the properties of the folder, the anonymous account is the other user's permission to open its read and write execution
(R) read-down (W) write-upload (X) execution-If the directory does not open FTP is not in
4. Connection of normal user FTP server (standalone server)
Add the following information to the configuration file:
Local_enble=yes (local account can log in)
Write_enable=no (no permission to delete and modify files after local account login)
Function: Can login VSFTPD server with local account, have permission to download and upload
Note: Anonymous server can still log in after the anonymous login is forbidden, but it cannot be transmitted
5. User login restricted to other directories, only into its home directory
Set all local users to execute chroot
Chroot_local_user=yes (all local accounts are only available in your home directory)
Sets the specified user execution chroot
Chroot_list_enable=yes (the list in the file can be called)
chroot_list_file=/any specified path/vsftpd.chroot_list
Note: Vsftpd.chroot_list is not created need to add their own, want to control the account directly in the file add account can
6. Restrict local user access to FTP
Userlist_enable=yes (use Userlistlai to restrict user access)
Userlist_deny=no (the list of people is not allowed to visit)
userlist_file=/specify the path of the file to be stored/(path of file placement)
Note: Open userlist_enable=yes Anonymous account cannot login
7. Security options
idle_session_timeout=600 (seconds) (10 minutes after user session is idle)
data_connection_timeout=120 (seconds) (data connection is idle for 2 minutes)
accept_timeout=60 (seconds) (Break the client after 1 minutes of inactivity)
connect_timeout=60 (seconds) (Interrupt 1 minutes and reconnect)
local_max_rate=50000 (bite) (Local user transfer rate 50K)
anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)
pasv_min_port=50000 (change the client's data connection port to
Between pasv_max_port=60000 50000-60000)
MAX_CLIENTS=200 (maximum number of FTP connections)
Max_per_ip=4 (maximum number of connections per IP)
listen_port=5555 (data connection from Port 5555)
8. See who logged in the FTP and kill it process
PS–XF |grep FTP
Kill Process Number
Linux CentOS vsftp Installation and configuration related operations