Linux configuration Vsftp Server method _linux

Source: Internet
Author: User
Tags anonymous auth chmod create directory hash mkdir parent directory touch

One, Linux FTP server classification:

<1>wu-ftp
<2>proftp=profession FTP
<3>vsftp=very Security FTP

Configuration file:
/etc/vsftpd/vsftpd.conf//Main configuration file
/etc/vsftpd.ftpusers//user files that are not allowed to log on to FTP
/etc/vsftpd.user_list//Allow user files to log on to FTP

Ii. means of access

<1> Anonymous Login
<2> Account Login
To start the FTP server:
#service vsftpd Restart

Third, configure the VSFTP server

1.vsftpd.conf The parameter description:

#vi/etc/vsftpd/vsftpd.conf <1>anonymous_enable=yes: Control anonymous Login <2>local_enable=yes: Allow local account login <3>write _enable=yes: Control writable Permission <4>local_umask=022: the permission mask that controls local files <5>anon_upload_enable=yes: Controls whether anonymous uploads are allowed (with Anon_mkdir_ Write_enable=yes on or off) <6>anon_mkdir_write_enable=yes: Controls whether to allow anonymous write and create directory permissions <7>xferlog_enable= YES: Controls the logging of uploaded or downloaded <8>connect_from_port_20=yes: Control connection Port <9>chown_uploads=yes: whether to allow uploaded file holders (with Chown_ Username=whoever at the same time Open or close) <10>chown_username=whoever: Allow uploaded file owner to whoever <11>xferlog_file=/var/log/ Xferlog: Log location <12>xferlog_std_format=yes: Standard format login upload and download record <13>data_connection_timeout=120: Transmission time <14 >nopriv_user=ftpsecure: Use special user ftpsecure <15>ftpd_banner=welcome to blah FTP service: Login Welcome Information <16>deny_ Email_enable=yes: Reject mail address <17>banned_email_file=/etc/vsftpd/banned_emails: Reject Mailing Address List <18>chroot_list_ Enable=yes: (Open or close at the same time as Chroot_list_file=/etc/vsftpd/chroot_list) <19>chroot_list_file=/etc/vsftpd/chroot_ List: Only access to this directory, noAccess to parent directory <20>userlist_enable=yes: Enable/etc/vsftpd.user_list files
 

2. Configure Anonymous Logins

#vi/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes (default value)
To start the VSFTPD server:
#service vsftpd Restart
#service iptables Stop
Default directory for anonymous logins:
/var/ftp/pub
To turn on anonymous upload and Write permissions:
#vi/etc/vsftpd/vsftp.conf
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Ascii_upload_enable=yes
Ascii_download_enable=yes
Chroot_local_user=yes
Chroot_list_file=/etc/vsftpd/chroot_list
Open the default shared directory permissions
#chmod 777/var/ftp/pub
Note: Anonymous can upload the download, but can not delete;

3. Local account Login

<1> Disable Anonymous Login

Modify configuration file
#vi/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
Anon_upload_enable=no
Anon_mkdir_write_enable=no

<2> open to those users who can log in and those users who refuse to log in

#vi/etc/vsftpd/vsftpd.conf
Userlist_deny=no (newly added)
(Note: Set/etc/vsftpd.user_list file in the user can log in to FTP) if it is #userlist_deny=no commented out, then the default all users can log in FTP, when to limit a user can not login: the user name into the file/etc/ Vsftpd.ftpusers, this username denies logging in to FTP.
Create a user and add it to the appropriate control file
#useradd US1
#useradd US2
#passwd US1
#passwd US2
Users who are allowed to log on to ftp:
#echo us1>>/etc/vsftpd.user_list
#echo us2>>/etc/vsftpd.user_list
To start the FTP server:
#service vsftpd Restart
Note: Account login FTP, the default is to log in at home directory;
Users who are not allowed to log on to ftp: #echo us3>>/etc/vsftpd.ftpusers

<3> limit the logged-in user to the local home directory:

#vi/etc/vsftpd/vsftpd.conf
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd.chroot_list
Create a new restricted user's list file and add a restricted user name
#vi/etc/vsftpd.chroot_list
Us2
Save exit
#service vsftpd Restart

<4> Limit the speed of anonymous uploads:

#vi/etc/vsftpd/vsftpd.conf
anon_max_rate=5000//default in bytes 5000 = 5K Speed

<5> limit the upload speed of local accounts:

local_max_rate=5000//In (Bytes/sec)

<6> limit different speeds for different users (this speed overrides all user speeds):

#vi/etc/vsftpd/vsftpd.conf
Add the following line
User_config_dir=/etc/vsftpd/userconf
Create a directory #mkdir/etc/vsftpd/userconf
#vi/etc/vsftpd/userconf/user1 (User1 is the user name to restrict speed)
local_max_rate=25000

<7> Custom Welcome information:

#vi/etc/vsftpd/vsftpd.conf
Ftpd_banner=welcome to Huayu FTP service.

<8> Limit the number of server connections and the number of IP connections

1, max_clients

You can use this parameter to define the maximum total number of online. More than this number will be rejected online, 0 means unlimited. The default value is 0.
2, Max_per_ip

Use this parameter to define the number of online per IP address. More than this number will be rejected online, 0 means unlimited. The default value is 0.

<9> Virtual FTP user settings

1, the establishment of virtual user password library files

#vi/etc/vsftpd/logins.txt
Vuser1 123
Vuser2 321
Set the user name in the odd line in the password library file, and set the password on even lines

2, the generation of VSFTPD certification documents

#db_load-T-t hash-f/etc/vsftpd/logins.txt/etc/vsftpd/vsftpd_login.db # #生成认证文件

3, set the authentication file only to the root user can read and write

# chmod 600/etc/vsftpd/vsftpd_login.db

4. Set up the PAM configuration file for the virtual user and create the Vsftpd.vu file by hand

# CAT/ETC/PAM.D/VSFTPD.VU
Auth required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

5, the establishment of all FTP virtual user account number of users of the system user account, and set the permissions of the account host directory

# useradd-d/home-s/sbin/nologin/ftpsite Virtual
# chmod 700/home/ftpsite

6, set vsftpd.conf configuration file

#vi/etc/vsftpd/vsftpd.conf
To add the configuration content of a virtual user to a configuration file
Guest_enable=yes
Guest_username=virtual
Pam_service_name=vsftpd.vu (to correspond to the Pam file just built)
User_config_dir=/etc/vsftpd/user_config_dir (Specify each virtual user account configuration directory,)
Local_root=/www (this line does not, virtual user login to/ftpsite)

7, configure the virtual user name settings

#mkdir-P/etc/vsftpd/user_config_dir (primary configuration file corresponds)
#mkdir-P/www/vuser1 (Create a virtual home directory)
#chmod-R 777/www/vuser1 (set permissions)
#touch/etc/vsftpd/user_config_dir/vuser1 (for vuser1 rights profile)
#echo "Anon_world_readable_only=no
Write_enable=yes
Anon_upload_enable=yes
Anon_other_write_enable=yes
Local_root=/www/feixiang
Anon_mkdir_write_enable=yes ">/etc/vsftpd/user_config_dir/vuser1

8, restart the VSFTPD service program

# Service VSFTPD Restart
Now you should be able to log in with a virtual account.

<9> Virtual FTP user settings

1, the establishment of virtual user password library files

#vi/etc/vsftpd/logins.txt
Vuser1 123
Vuser2 321
Set the user name in the odd line in the password library file, and set the password on even lines

2, the generation of VSFTPD certification documents

#db_load-T-t hash-f/etc/vsftpd/logins.txt/etc/vsftpd/vsftpd_login.db # #生成认证文件

3, set the authentication file only to the root user can read and write

# chmod 600/etc/vsftpd/vsftpd_login.db

4. Set up the PAM configuration file for the virtual user and create the Vsftpd.vu file by hand

# CAT/ETC/PAM.D/VSFTPD.VU
Auth required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

5, the establishment of all FTP virtual user account number of users of the system user account, and set the permissions of the account host directory

# useradd-d/home-s/sbin/nologin/ftpsite Virtual
# chmod 700/home/ftpsite

6, set vsftpd.conf configuration file

#vi/etc/vsftpd/vsftpd.conf
To add the configuration content of a virtual user to a configuration file
Guest_enable=yes
Guest_username=virtual
Pam_service_name=vsftpd.vu (to correspond to the Pam file just built)
User_config_dir=/etc/vsftpd/user_config_dir (Specify each virtual user account configuration directory,)
Local_root=/www (this line does not, virtual user login to/ftpsite)

7, configure the virtual user name settings

#mkdir-P/etc/vsftpd/user_config_dir (primary configuration file corresponds)
#mkdir-P/www/vuser1 (Create a virtual home directory)
#chmod-R 777/www/vuser1 (set permissions)
#touch/etc/vsftpd/user_config_dir/vuser1 (for vuser1 rights profile)
#echo "Anon_world_readable_only=no
Write_enable=yes
Anon_upload_enable=yes
Anon_other_write_enable=yes
Local_root=/www/feixiang
Anon_mkdir_write_enable=yes ">/etc/vsftpd/user_config_dir/vuser1

8, restart the VSFTPD service program

# Service VSFTPD Restart
Now you should be able to log in with a virtual account.

The above is a small series for everyone to bring the Linux configuration Vsftp server method of all content, I hope that we support cloud Habitat Community ~

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.