Linux Operations Phase III (III) VSFTPD services

Linux operation and Maintenance Phase III (II) VSFTPD services

1,FTP(filetransfer Protocol), the TCP packet mode of the server and the client file transfer;

Data connection: TCP20 for uploading and downloading data, TCP21 for sending FTP command information;

Type of data connection: Active mode (the server initiates a connection to the client from Port 20); Passive mode (the server is passively waiting for a client connection within a specified range);

FTP User type: Anonymous user (anonymous or ftp), local User (account password and other information saved in /etc/passwd,/etc/shadow below)

of Common FTP server-side programs:IIS,serv-u,wu-ftpd,Proftpd,vsftpd(very secure FTP Daemon);

of Common FTP client programs:cuteftp,FlashFXP,leapftp,Filezilla,gftp, kuftp,FTP command;

Official site:http://vsftpd.beasts.org/;

Main program:/usr/sbin/vsftpd;

master configuration file:/etc/vsftpd/vsftpd.conf

User Control List file:/etc/vsftpd/ftpusers,/etc/vsftpd/user_list

2, "anonymous permission control:

Anonymous_enable=yes (Enable anonymous access

anon_umask=022 (anonymous user uploaded permission mask, no default

Anon_root=/var/ftp (anonymous user's ftp root directory

Anon_upload_enable=yes (Allow anonymous users to upload files

Anon_mkdir_write_enable=yes (Allow directory creation

Anon-other_write_enable=yes (Open other Write permissions

Anon_max_rate=0 (limit maximum transfer rate, bytes per second

"Local User Rights control:

Local_enable=yes (Enable Local system users

local_umask=022 (Permission mask for local users to upload files

Local_root=/home/username (Setting the FTP root directory for local Users

Chroot_local_user=yes (Imprison the user in the home directory

Local_max_rate=0 (limit maximum transfer rate, bytes per second

"Common Global Configuration items:

Listen=yes

Listen_port=21 (Setting the Listening port

Write_enable=yes (whether Write permission is enabled

Download_enable=yes (whether to allow download of files

Max_clients=0 (Limit number of concurrent client connections

Max_per_ip=0 (Limit the number of concurrent connections for the same IP address

Pasv_enable=yes (Turn on Passive mode

pasv_min_port=50000 (Change the client's data connection between 50000 to 60000

pasv_max_port=60000

"Access Restrictions:

Usrelist_enable=yes,userlist_deny=yes ( Note: The user who appears in the/etc/vsftpd/user_list file is denied access

Userlist_enable=yes,userlist_deny=no (Note: Users who appear in /etc/vsftpd/ftpusers deny access, regardless of user_list How do I change

"Other security options:

CONNECT_TIMEOUT=60 (Active mode, the connection signal can not get the client response in 60S, forced disconnection

ACCEPT_TIMEOUT=60 (passive mode, waiting for client 60S no response, forced disconnection

data_connection_timeout=300 (server and client successfully established, due to line problem 300S can not smooth transmission, forced culling

Ftpd_banner=xxx;banner_file=/path (Welcome information

Tcp_wrappers=yes

Dirmessage_enable=yes (when a user enters a directory, it displays what needs attention, and the file that displays the message defaults to. Message

Message_file=.message

Xferlog_enable=yes (users upload downloaded files will be recorded

Xferlog_file=/var/log/vsftpd.log

3, the creation and use of virtual users:

Note: Features: Reduce the data of users of the system, improve the security of the system; Set different access rights based on different users

A Create account data: Establish the virtual FTP user's account database file, create the FTP root directory and virtual user mapping system users, and establish a Pam authentication file supporting virtual users ;

b Add virtual user support: Add support configurations in the Vsftpd.conf file, and create separate profiles for individual virtual users ;

C Start the service and test: Reload The vsftpd configuration, and access the test using the virtual FTP account.

Detailed process:

"#vi/etc/vsftpd/vusers.list (Note: An even line password for odd line accounts

Zhangsan

123

Lisi

123

#db_load-T-t hash-f vusers.list vusers.db (requires db4-utils installation under CentOS)

#file vusers.db

#chmod 600/etc/vsftpd/vusers.*

#ls-lh/etc/vsftpd/vuser.*

#useradd-D/var/ftproot-s/sbin/nologin virtual

#chmod 755/var/ftproot/

"#vi/etc/pam.d/vsfptd.vu

#%pam-1.0

Auth Required pam_userdb.so Db=/etc/vsftpd/vusers

Account Required Pam_userdb.so Db=/etc/vsftpd/vusers

#vi/etc/vsftpd/vsftpd.conf

Local_enable=yes

Write_enable=yes

anon_umask=022

Guest_enable=yes

Guest_username=virtual

Pam_service_name=vsftpd.vu

User_config_dir=/etc/vsftpd/vusers_dir

#mkdir/etc/vsftpd/vusers_dir

#cd/etc/vsftpd/vusers_dir

#vi Zhangsan

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

#touch Lisi

"#service vsftpd Reload

# Test

From Brother Lian Training

This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1654866

Linux Operations Phase III (III) VSFTPD services