Linux ftp configuration instructions, ftp configuration instructions

Linux ftp configuration instructions, ftp configuration instructions

1. Default Configuration:
1> allow anonymous users and local users to log on.
Anonymous_enable = YES
Local_enable = YES
2> the logon name used by anonymous users is ftp or anonymous, and the password is blank. anonymous Users cannot leave the anonymous user's home directory/var/ftp, and can only download but cannot upload.
3> the login name of the local user is the local user name, And the password is the password of the local user. The local user can perform read and write operations in his/her home directory; local users can switch from their own directories to other directories with access permissions, and upload/download files with permission.
Write_enable = YES
4> the local user in the/etc/vsftpd. ftpusers file cannot log on.

2. configuration file format:
The content of vsftpd. conf is very simple, and each line is set. If it is a blank line or a line starting with #, it will be ignored. There is only one content format, as shown below
Option = value
Note that the equal signs cannot be blank on both sides.

3. anonymous user (anonymous) settings
Anonymous_enable = YES/NO (YES)
Checks whether anonymous users are allowed to log on. YES indicates that anonymous users are allowed to log on, and NO indicates that anonymous users are not allowed. The default value is YES.
Write_enable = YES/NO (YES)
Whether logon users are permitted to write data. It is a global setting. The default value is YES.
No_anon_password = YES/NO (NO)
If this function is enabled, no password is asked when anonymous logon is used. The default value is NO.
Ftp_username = ftp
Defines the name of the anonymous login user. The default value is ftp.
Anon_root =/var/ftp
The directory used for anonymous logon. The default value is/var/ftp. Note that the ftp directory cannot be a 777 permission attribute, that is, the anonymous user's home directory cannot have 777 permissions.
Anon_upload_enable = YES/NO (NO)
If set to YES, anonymous logon users are allowed to upload files (non-Directories). This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.
Anon_world_readable_only = YES/NO (YES)
If it is set to YES, anonymous login users are allowed to download readable files (which can be downloaded to the Local Machine for reading and cannot be opened directly on the FTP server ). The default value is YES.
Anon_mkdir_write_enable = YES/NO (NO)
If it is set to YES, anonymous logon users are permitted to add directories. This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.
Anon_other_write_enable = YES/NO (NO)
If YES is set, anonymous logon users are allowed to upload or create permissions outside the directory, such as deleting or renaming. (If anon_upload_enable = NO, anonymous users cannot upload files, but can delete or rename existing files. If anon_mkdir_write_enable = NO, anonymous users cannot upload or create folders, however, you can delete or rename an existing folder .) The default value is NO.
Chown_uploads = YES/NO (NO)
Set whether to change the owner of the File Uploaded by anonymous users (non-directory. The default value is NO.
Chown_username = username
Set the owner name of the File Uploaded by an anonymous user (non-directory. We recommend that you do not set it to root.
Anon_umask = 077
Set the umask value when the anonymous login adds or uploads files. The default value is 077, and the corresponding permission for creating a new file is 700.
Deny_email_enable = YES/NO (NO)
If this function is enabled, a file/etc/vsftpd/banner_emails must be provided with the email address. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter. The default value is NO.
Banned_email_file =/etc/vsftpd/banner_emails
This file is used to enter the email address. This file is used only when deny_email_enable = YES. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter.

4. Local user settings
Local_enable = YES/NO (YES)
Check whether local users are allowed to log on. YES indicates that local users are allowed to log on, and NO indicates that local users are not allowed. The default value is YES.
Local_root =/home/username
When a local user logs on, it is replaced with a defined directory. The default value is the home directory of each user.
Write_enable = YES/NO (YES)
Whether logon users are permitted to write data. It is a global setting. The default value is YES.
Local_umask = 022
Umask value when a local user adds a file. The default value is 077.
File_open_mode = 0755
The permission of the local user to upload files is the same as that used by chmod. The default value is 0666.

5. Welcome Speech settings
Dirmessage_enable = YES/NO (YES)
If this option is enabled, the first time the user enters a directory, the user will check whether there is any. message, if any, the contents of this file will appear. Usually, this file contains welcome words or descriptions of this directory. The default value is enable.
Message_file =. message
Sets the directory message file to write the information to be displayed to this file. The default value is. message.
Banner_file =/etc/vsftpd/banner
When a user logs in, the file content of this setting is displayed, which is usually a welcome word or description. The default value is none. Use this configuration item if you have more welcome information.
Ftpd_banner = Welcome to BOB's FTP server
Here is the string used to define the welcome discourse. banner_file is the file format, while ftpd_banner is the string format. Default Value: none.

6. control whether the user can switch to the parent directory
By default, after logging on to FTP, a local user can use the cd command to switch to another directory, which brings security risks to the system. You can use the following three configuration files to control user directory switching.
Chroot_list_enable = YES/NO (NO)
Sets whether to enable the user list file specified by the chroot_list_file configuration item. The default value is NO.
Chroot_list_file =/etc/vsftpd. chroot_list
Specifies the user list file, which is used to control which users can switch to the parent directory of the user's home directory.
Chroot_local_user = YES/NO (NO)
Specifies whether the user in the user list file can switch to the upper-level directory. The default value is NO.
The following effects can be achieved through combination:
① When chroot_list_enable = YES, chroot_local_user = YES, in/etc/vsftpd. users listed in the chroot_list file can switch to other directories. Users not listed in the file cannot switch to other directories.
② When chroot_list_enable = YES, chroot_local_user = NO, in/etc/vsftpd. users listed in the chroot_list file cannot switch to other directories. Users not listed in the file can switch to other directories.
③ When chroot_list_enable = NO, chroot_local_user = YES, all users cannot switch to other directories.
④ When chroot_list_enable = NO and chroot_local_user = NO, all users can switch to other directories.

7. Data Transmission Mode settings
You can use the binary mode or the ASCII mode to upload or download data during FTP data transmission.
Ascii_upload_enable = YES/NO (NO)
Set whether to enable the ASCII mode to upload data. The default value is NO.
Ascii_download_enable = YES/NO (NO)
Set whether to enable ASCII mode to download data. The default value is NO.

8. Access control settings
Two control modes: one is to control host access and the other is to control user access.
① Control host access:
Tcp_wrappers = YES/NO (YES)
Sets whether vsftpd is combined with tcp wrapper to control access to the host. The default value is YES. If it is enabled, the vsftpd server checks the settings in/etc/hosts. allow and/etc/hosts. deny to determine whether to allow access to the FTP server. These two files can provide simple firewall functions.
For example, to allow only users with 192.168.0.1-192.168.0.254 to connect to the FTP server, add the following content to the/etc/hosts. allow file:
Vsftpd: 192.168.0.: allow
All: deny
② Control user access:
You can use the vsftpd. user_list and ftpusers Files in the/etc directory to control user access.
Userlist_file =/etc/vsftpd. user_list
Controls the user's access to the FTP file, which contains the user name. A row of user names.
Userlist_enable = YES/NO (NO)
Whether to enable the vsftpd. user_list file.
Userlist_deny = YES/NO (YES)
Determines whether users in the vsftpd. user_list file can access the FTP server. If YES, users in the vsftpd. user_list file are not allowed to access FTP. If NO, only users in the vsftpd. user_list file can access FTP.
The/etc/vsftpd/ftpusers file is used to define a list of users that are not allowed to access the FTP server (Note: If userlist_enable = YES, userlist_deny = NO, if it is in vsftpd. if a user exists in both user_list and ftpusers, the user cannot access FTP, that is, the ftpusers has a higher priority ). By default, vsftpd. user_list and ftpusers Files are pre-configured with system internal accounts that do not allow access to the FTP server. If the system does not have these two files, create these two files and add them to the system.

9. Access Rate Settings
Anon_max_rate = 0
Sets the maximum transmission speed used by anonymous logon users. The unit is B/s. 0 indicates no speed limit. The default value is 0.
Local_max_rate = 0
The maximum transmission speed used by local users. The unit is B/s. 0 indicates no speed limit. The default value is 0.

10. timeout settings
Accept_timeout = 60
Set the timeout time for establishing an FTP connection, in seconds. The default value is 60.
Connect_timeout = 60
The timeout time for establishing a data connection in the PORT mode, measured in seconds. The default value is 60.
Data _ connection_timeout = 120
Set the timeout time for establishing an FTP data connection, in seconds. The default value is 120.
Idle_session_timeout = 300
If you do not perform any operation on the FTP server for a specified period of time, the FTP connection is disconnected, in seconds. The default value is 300.

11. Log File Settings
Xferlog_enable = YES/NO (YES)
Whether to enable upload/download logging. If enabled, the upload and download information is recorded in the file defined by xferlog_file. It is enabled by default.
Xferlog_file =/var/log/vsftpd. log
Set the log file name and path. The default value is/var/log/vsftpd. log.
Xferlog_std_format = YES/NO (NO)
If enabled, the log file will be written as the standard format of xferlog, just like wu-ftpd. The default value is disabled.
Log_ftp_protocol = YES | NO (NO)
If this option is enabled, all FTP requests and responses are recorded in the log. The default log file is/var/log/vsftpd. log. When this option is enabled, xferlog_std_format cannot be activated. This option is helpful for debugging. The default value is NO.

12. Define the user configuration file
In vsftpd, you can define a user configuration file to implement different configurations for different users.
User_config_dir =/etc/vsftpd/userconf
Set the directory where the user configuration file is located. After this configuration item is set, after you log on to the server, the system will go to the/etc/vsftpd/userconf directory to read the file with the same user name as the current one, and according to the configuration commands in the file, further configure the current user.
For example, if user_config_dir =/etc/vsftpd/userconf is defined and the host has users test1 and test2, we will add two files named test1 and test2 in the user_config_dir directory. If you log on to test1, the settings in the file test1 under user_config_dir will be read. The default value is none. The user configuration file can be used to control the access speed of different users. You can define local_max_rate = XX in each user configuration file.

13. How FTP works and port settings
FTP can work in two ways: port ftp (active mode) and pasv ftp (passive mode)
Listen_port = 21
Set the port on which the FTP server establishes a connection. The default value is 21.
Connect_from_port_20 = YES/NO
Specify FTP port 20 for data transmission. The default value is YES.
Ftp_data_port = 20
Set the PORT used for FTP data connection in PORT mode. The default value is 20.
Pasv_enable = YES/NO (YES)
If it is set to YES, PASV working mode is used; if it is set to NO, PORT mode is used. The default value is YES, that is, PASV mode is used.
Pasv_max_port = 0
In PASV mode, the maximum port in the port range that data connections can use. 0 indicates any port. The default value is 0.
Pasv_min_port = 0
In PASV mode, the minimum port in the port range that data connections can use. 0 indicates any port. The default value is 0.

14. Connection-related settings
Listen = YES/NO (YES)
Sets whether the vsftpd server runs in standalone mode. Running in standalone mode is a good method. In this case, the listen must be set to YES, which is a recognized value. We recommend that you do not change the configuration. There are many configuration commands related to server running, which must be effective in this mode. If it is set to NO, vsftpd does not run independently. It is subject to the control of the xinetd service and has limited functions.
Max_clients = 0
Set the maximum number of connections allowed by vsftpd. The default value is 0, indicating that no limit is imposed. If this parameter is set to 100, 100 connections are allowed at the same time. Otherwise, the connection is rejected. It is valid only when running in standalone mode.
Max_per_ip = 0
Set the number of connections allowed between each IP address and the FTP server. The default value is 0, indicating no restriction. It is valid only when running in standalone mode.
Listen_address = IP Address
Set the FTP server to listen for user FTP requests on the specified IP address. If this parameter is not set, all IP addresses bound to the server are listened. It is valid only when running in standalone mode.
Setproctitle_enable = YES/NO (NO)
Set whether each connection to the FTP server is expressed by a different process. The default value is NO. In this case, only one vsftpd process is available using ps aux | grep ftp. If it is set to YES, each connection will have a vsftpd process.

15. Virtual user settings
The virtual user uses the PAM Authentication Method.
Pam_service_name = vsftpd
Set the name used by PAM. The default value is/etc/pam. d/vsftpd.
Guest_enable = YES/NO (NO)
Enable virtual users. The default value is NO.
Guest_username = ftp
This is used to map virtual users. The default value is ftp.
Virtual_use_local_privs = YES/NO (NO)
When this parameter is activated (YES), the virtual user uses the same permissions as the local user. When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ).

16. Other settings
Text_userdb_names = YES/NO (NO)
Set whether to display UID, GID, or specific user name and group name when executing commands such as ls-la. The default value is NO, which is displayed as UID and GID. If you want to display the user name and group name, set it to YES.
Ls_recurse_enable = YES/NO (NO)
If this function is enabled, the user is allowed to use the ls-R command (you can view files in subdirectories in the current directory. The default value is NO.
Hide_ids = YES/NO (NO)
If this function is enabled, the owner and group of all archives are ftp, that is, the user logs on to commands such as ls-al, and the owner and group of all archives are ftp. The default value is disabled.
Download_enable = YES/NO (YES)
If it is set to NO, all files cannot be downloaded to the local device, and folders are not affected. The default value is YES.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.