Linux FTP configuration Instructions

Source: Internet
Author: User
Tags ftp connection ftp file parent directory

1. Default configuration:
1> allows anonymous users and local users to log on.
Anonymous_enable=yes
Local_enable=yes
2> Anonymous User login name is FTP or anonymous, password is empty, anonymous user can not leave the anonymous user home directory/var/ftp, and can only download can not upload.
3> Local user's login name is the local user name, password for this local user, local users can read and write in their home directory, Local users can leave their home directory to switch to other directories with permission to access, and the permission to upload/download.
Write_enable=yes
4> write in file/etc/vsftpd.ftpusers Local user is forbidden to log in.

2. Configuration file Format:
The content of vsftpd.conf is very simple, and each line is a setting. A blank line or a line that starts with a # will be ignored. There is only one format for the content, as shown below
Option=value
Note that there is no blank space on either side of the equals sign.

3. Anonymous user (anonymous) settings
Anonymous_enable=yes/no (YES)
Controls whether anonymous users are allowed to log in, YES to allow anonymous login, no is not allowed. The default value is yes.
Write_enable=yes/no (YES)
Whether to allow login users to have write permission. is the global setting and the default value is yes.
No_anon_password=yes/no (NO)
If you start this feature, you will not be asked for the password using anonymous login. The default value is No.
Ftp_username=ftp
Defines the name of the user who logged in anonymously. The default value is FTP.
Anon_root=/var/ftp
Log in to the directory using anonymous login. The default value is/var/ftp. Note The FTP directory cannot be a 777 permission attribute, which means that the anonymous user's home directory cannot have 777 permissions.
Anon_upload_enable=yes/no (NO)
If set to Yes, the anonymous login is allowed to upload files (not directories), which is only valid when Write_enable=yes. Of course, anonymous users must have write rights to the upper directory. The default value is No.
Anon_world_readable_only=yes/no (YES)
If set to Yes, the anonymous login is allowed to download the readable profile (which can be downloaded to the native reading, and cannot be opened directly on the FTP server). The default value is yes.
Anon_mkdir_write_enable=yes/no (NO)
If set to Yes, the anonymous login is allowed to have the new directory permission, which is only valid when Write_enable=yes. Of course, anonymous users must have write rights to the upper directory. The default value is No.
Anon_other_write_enable=yes/no (NO)
If set to Yes, allow anonymous login to upload or create more permissions than the directory, such as delete or rename. (If anon_upload_enable=no, anonymous users cannot upload files, but they can delete or rename files that already exist; if anon_mkdir_write_enable=no, anonymous users cannot upload or create new folders, but You can delete or rename a folder that already exists. The default value is No.
Chown_uploads=yes/no (NO)
Sets whether to change the owner of an anonymous user's upload file (not a directory). The default value is No.
Chown_username=username
Sets the owner name of an anonymous user to upload a file (not a directory). It is not recommended to set as root.
anon_umask=077
Sets the Umask value when an anonymous login adds or uploads an archive. The default value is 077, and the corresponding permission for the new profile is 700.
Deny_email_enable=yes/no (NO)
If you start this feature, you must provide a file/etc/vsftpd/banner_emails with the email address. If you use anonymous login, you will be asked to enter an email address, if you enter the email address in this file, it is not allowed to enter. The default value is No.
Banned_email_file=/etc/vsftpd/banner_emails
This file is used to enter the email address, which is only used when deny_email_enable=yes. If you use anonymous login, you will be asked to enter an email address, if you enter the email address in this file, it is not allowed to enter.

4. Local User settings
Local_enable=yes/no (YES)
Controls whether local users are allowed to log in, YES to allow local users to log in, no is not allowed. The default value is yes.
Local_root=/home/username
When the local user is logged in, it will be replaced with the defined directory. The default value is the home directory for each user.
Write_enable=yes/no (YES)
Whether to allow login users to have write permission. is the global setting and the default value is yes.
local_umask=022
The Umask value for local Users when new files are added. The default value is 077.
file_open_mode=0755
The file permissions of the local user after uploading the file are the same as the values used by the chmod. The default value is 0666.

5. Welcome Language Settings
Dirmessage_enable=yes/no (YES)
If this option is enabled, the first time a user enters a directory, it checks to see if there is a. Message in the directory, if any, the contents of this file will appear, usually this file will be placed in a welcome word, or a description of the directory. The default value is on.
Message_file=.message
Set up a directory message file to write the information that will be displayed to the file. The default value is. message.
Banner_file=/etc/vsftpd/banner
When the user is logged in, the file content of this setting is displayed, usually a welcome word or description. The default value is None. If the welcome information is large, the configuration item is used.
Ftpd_banner=welcome to BOB ' s FTP server
This is used to define the string of welcome discourse, Banner_file is the form of the file, and Ftpd_banner is the form of a string. Presets are none.

6. Control whether the user is allowed to switch to the parent directory
In the default configuration, a local user can switch to a different directory using the CD command after logging in to FTP, which poses a security risk to the system. You can control the user to switch directories by using the following three configuration files.
Chroot_list_enable=yes/no (NO)
Sets whether the user list file specified by the Chroot_list_file configuration item is enabled. The default value is No.
Chroot_list_file=/etc/vsftpd.chroot_list
Lets you specify a user list file that controls which users can switch to the parent directory of the user's home directory.
Chroot_local_user=yes/no (NO)
Lets you specify whether users in the user list file are allowed to switch to the parent directory. The default value is No.
The following effects can be achieved by pairing:
① when Chroot_list_enable=yes,chroot_local_user=yes, users that are listed in the/etc/vsftpd.chroot_list file can switch to a different directory, and users who are not listed in the file You cannot switch to a different directory.
② when Chroot_list_enable=yes,chroot_local_user=no, users listed in the/etc/vsftpd.chroot_list file cannot switch to a different directory, and users who are not listed in the file can switch to a different directory.
③ when Chroot_list_enable=no,chroot_local_user=yes, all users cannot switch to a different directory.
④ when Chroot_list_enable=no,chroot_local_user=no, all users can switch to a different directory.

7. Data transfer Mode settings
FTP can use binary mode when transferring data, or it can use ASCII mode to upload or download data.
Ascii_upload_enable=yes/no (NO)
Sets whether ASCII mode is enabled for uploading data. The default value is No.
Ascii_download_enable=yes/no (NO)
Sets whether to enable ASCII mode to download data. The default value is No.

8. Access Control Settings
Two control modes: one to control host access and another to control user access.
① Control host access:
Tcp_wrappers=yes/no (YES)
Sets whether VSFTPD is combined with TCP wrapper for host access control. The default value is yes. If enabled, the VSFTPD server checks the settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection is allowed access to the FTP server. These two files can play a simple firewall function.
For example: to allow only 192.168.0.1-192.168.0.254 users to connect to the FTP server, add the following in the/etc/hosts.allow file:
vsftpd:192.168.0.: Enable
All:all:d eny
② Control user access:
Access control for users can be achieved through the vsftpd.user_list and ftpusers files in the/etc directory.
Userlist_file=/etc/vsftpd.user_list
Controls the user's access to the FTP file, which is written with the user name. A row of user names.
Userlist_enable=yes/no (NO)
Whether the Vsftpd.user_list file is enabled.
Userlist_deny=yes/no (YES)
Determines whether the user in the Vsftpd.user_list file has access to the FTP server. If set to Yes, the user in the Vsftpd.user_list file does not allow access to FTP, and if set to No, only users in the Vsftpd.user_list file can access FTP. The
/etc/vsftpd/ftpusers file is specifically designed to define a list of users who do not allow access to the FTP server (note: If Userlist_enable=yes,userlist_deny=no, at this point, if the Vsftpd.user_ If there is a user in both list and ftpusers, then the user is not able to access the FTP, that is, the ftpusers priority is higher). By default, Vsftpd.user_list and Ftpusers, these two files have pre-set some system internal accounts that do not allow access to the FTP server. If the system does not have these two files, then create a new two files, add the user.

9. Access Rate Settings
Anon_max_rate=0
Sets the maximum transfer speed used by anonymous login, in b/s,0 for unlimited speed. The default value is 0.
Local_max_rate=0
The maximum transfer speed that is used by the local user, in b/s,0, to indicate no throttling speed. The preset value is 0.

10. Time-Out settings
Accept_timeout=60
Sets the time-out period in seconds for an FTP connection to be established. The default value is 60.
Connect_timeout=60
The time-out period in seconds for establishing a data connection in PORT mode. The default value is 60.
data_connection_timeout=120
Sets the time-out for setting up an FTP data connection in seconds. The default value is 120.
idle_session_timeout=300
Set how long to do nothing to the FTP server, disconnect the FTP connection in seconds. The default value is 300.

11. log File Settings
xferlog_enable= yes/no (YES)
Whether to enable upload/download logging. If enabled, the uploaded and downloaded information will be fully recorded in the file defined by Xferlog_file. The preset is on.
Xferlog_file=/var/log/vsftpd.log
Set the log file name and path, the default value is/var/log/vsftpd.log.
Xferlog_std_format=yes/no (NO)
If enabled, the log file will be written in Xferlog's standard format, as in WU-FTPD. The default value is off.
log_ftp_protocol=yes| No (NO)
If this option is enabled, all FTP requests and responses are logged to the log, and the default log file is/var/log/vsftpd.log. When this option is enabled, Xferlog_std_format cannot be activated. This option is useful for debugging. The default value is No.

12. Define User Profiles
In vsftpd, you can define user profiles to enable different users to use different configurations.
User_config_dir=/etc/vsftpd/userconf
Sets the directory where the user profile resides. When the configuration item is set, after the user logs on to the server, the system will go to the/etc/vsftpd/userconf directory, read the same file as the current user name, and further configure the current user according to the configuration command in the file.
For example: Define USER_CONFIG_DIR=/ETC/VSFTPD/USERCONF, and there are user test1,test2 on the host, then we add two files named Test1 and test2 in the User_config_dir directory. If test1 is logged in, it will read the settings in the Test1 file under User_config_dir. The default value is None. With user profiles, you can control the access speed of different users and define LOCAL_MAX_RATE=XX in each user profile.

13.FTP mode of operation and port settings
FTP works in two ways: PORT FTP (Active mode) and PASV FTP (passive mode)
Listen_port=21
Sets the port that the FTP server listens on to establish a connection, with a default value of 21.
Connect_from_port_20=yes/no
Specifies that FTP uses port 20 for data transfer, and the default value is yes.
Ftp_data_port=20
Set the port mode in which the FTP data connection uses the default value of 20.
Pasv_enable=yes/no (YES)
If set to Yes, the PASV operation mode is used, and if set to No, the port mode is used. The default value is Yes, which is to use the PASV operating mode.
Pasv_max_port=0
In PASV operating mode, the maximum port range for a data connection can be used, and 0 represents any port. The default value is 0.
Pasv_min_port=0
In PASV operating mode, the minimum port range for a data connection can be used, and 0 represents any port. The default value is 0.

14. Connection-Related Settings
Listen=yes/no (YES)
Sets whether the VSFTPD server runs in standalone mode. Running in standalone mode is a good way, at which point the listen must be set to Yes, which is the default value. It is not recommended to change, there are many configuration commands related to server run that need to be valid in this mode. If set to No, the VSFTPD is not run as a standalone service and is subject to limited functionality by the XINETD service.
Max_clients=0
Sets the maximum number of connections allowed for the VSFTPD, with the default value of 0, which means unrestricted. When set to 100, 100 connections are allowed at the same time, and the exceeded will be rejected. Only works in standalone mode.
Max_per_ip=0
Sets the number of simultaneous connections that each IP allows to the FTP server. The default value is 0, which means that it is unrestricted. Only works in standalone mode.
Listen_address=ip Address
Sets the FTP server to listen for the user's FTP request on the specified IP address. If not set, all IP addresses bound by the server are listened to. Only works in standalone mode.
Setproctitle_enable=yes/no (NO)
Sets each connection to the FTP server and whether it is displayed in a different process. The default value is no, when using PS aux |grep ftp there will only be one vsftpd process. If set to Yes, each connection will have a vsftpd process.

15. Virtual User Settings
The virtual user uses the PAM authentication method.
Pam_service_name=vsftpd
Set the name used by Pam and the default value is/ETC/PAM.D/VSFTPD.
guest_enable= yes/no (NO)
Enable the virtual user. The default value is No.
Guest_username=ftp
This is used to map virtual users. The default value is FTP.
Virtual_use_local_privs=yes/no (NO)
When this parameter is activated (YES), the virtual user uses the same permissions as the local user. When this parameter is closed (NO), the virtual user uses the same permissions as the anonymous user. By default, this parameter is off (NO).

16. Other Settings
text_userdb_names= yes/no (NO)
Sets whether a UID, GID, or a specific user name and group name are displayed when a command such as Ls–la is executed. The default value is no, which is displayed in UID and GID mode. Set to Yes if you want to display the user name and group name.
Ls_recurse_enable=yes/no (NO)
If this feature is enabled, the login is allowed to use the Ls–r (can view the files in the directory under the current directory) this command. The default value is No.
Hide_ids=yes/no (NO)
If this feature is enabled, the owner and the group of all files are FTP, that is, the user login to use Ls-al and other instructions, the file owners and groups are seen FTP. The default value is off.
Download_enable=yes/no (YES)
If set to No, all files cannot be downloaded locally and the folder is not affected. The default value is yes.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Linux FTP configuration Instructions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.