Linux VSFTPD Service Configuration detailed

Background

Recently, a friend Domino server to upgrade, migrate, build a Linux test system, also open VSFTPD service, but the configuration of the FTP account, the program can not download the attachment.

"Issue Tracking"

Log in via the FTP Client Connection tool and find that the directory specified by the FTP account was not redirected.

Cat/etc/vsftpd.config Discovery turned on:
Local_root=/home/test

Restarting the FTP service for this comment is OK.

Appendix (VSFTPD configuration Detailed):

For example,

VSFTPD server configuration file "/etc/vsftpd/vsftpd.conf".  
###--Each sentence in Chinese is followed by the following statement.  
# Example config file/etc/vsftpd/vsftpd.conf
#
# The default compiled in Settings is fairly paranoid. This is the sample file
# loosens things up a bit, to make the FTP daemon more usable.
# VSFTPD.CONF.5 for all compiled in defaults.
#
# READ This:this example file is not a exhaustive list of vsftpd options.
# Please read the VSFTPD.CONF.5 manual page to get a full idea of vsftpd ' s
# capabilities.
#
# Allow anonymous FTP? (beware-allowed by default if you comment this out).
#  ####--whether to allow anonymous users to log on to this FTP server. By default, "Yes" allows login.
Anonymous_enable=yes
# 
#
# Uncomment this to allows local users to log in.
#  ####-- This FTP server is recorded. By default, "Yes" allows login.
Local_enable=yes
#
#
# Uncomment this to enable any form of FTP write command.
#  ####--Whether the locally logged on user is allowed to have write permission. By default, "Yes" is allowed.
Write_enable=yes

#
#
# Default Umask for Local Users is 077. If you are wish to 022,
# If your users expect that (022 was used by the most other ftpd ' s)
# ####--Set the local user's file generation mask to 022, default to 077
local_umask=022
#
#
# Uncomment the anonymous FTP user to upload files. This only
# has a effect if the above global write enable is activated. Also, you'll
# obviously need to create a directory writable by the FTP user.
# ####--allows anonymous Logon users to have "upload" permission. By default, "Yes" is allowed. You need to remove the "#" in front of this sentence when you need to enable it.
#anon_upload_enable =yes
#
#
# Uncomment this if you want the anonymous FTP user to being able to create
# New directories.
# ####--allows anonymous logon users to have the "Create directory" permission. By default, "Yes" is allowed. You need to remove the "#" in front of this sentence when you need to enable it.
#anon_mkdir_write_enable =yes
#
#
# Activate Directory messages-messages given to remote users when they
# go into a certain directory.
# ####--activates directory information, and when a remote user changes the directory, a prompt message appears.
Dirmessage_enable=yes
#
#
# Activate logging of Uploads/downloads.
# ####--enable the upload and download logs feature.
Xferlog_enable=yes
#
#
# Make sure port transfer connections originate from port (ftp-data).
# ####--enable connection requests for FTP server data ports.
Connect_from_port_20=yes
#
#
# If you want, you can arrange for uploaded anonymous files to being owned by
# a different user. note! Using "root" for uploaded files are not
# recommended!
#chown_uploads =yes
#chown_username =whoever
#
#
# you could override where the log file goes if you like. The default is shown
# below.
# ####--Sets the file name and storage path for the log files. The default is/var/log/vsftpd.log. You need to remove the "#" in front of this sentence when it is enabled.
#xferlog_file =/var/log/vsftpd.log
#
#
# If you want, you can have the your log file in the standard FTPD xferlog format
# ####--whether to use the standard ftpd xferlog log file format. The default is enabled.
Xferlog_std_format=yes
#
#
# You could change the default value of timing out an idle session.
# ####--Set Idle user session interrupt Time, default is 10 minutes. You need to remove the "#" in front of this sentence when it is enabled.
#idle_session_timeout =600
#
#
# The default value for timing out a data connection.
# ####--sets the time of the connection timeout, which is 120 seconds by default. You need to remove the "#" in front of this sentence when it is enabled.
#data_connection_timeout =120
#
#
# It is recommended so define on your system a unique user which the
# FTP server can use as a totally isolated and unprivileged user.
#nopriv_user =ftpsecure
#
#
# Enable This and the server would recognise asynchronous ABOR requests. Not
# Recommended for security (the code is non-trivial). Not enabling it,
# However, may confuse older FTP clients. #async_abor_enable =yes
#
#
# By default the server would pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to has the server actually do ASCII
# mangling on files while in ASCII mode.
# beware, some FTP servers, ASCII support allows a denial of service
# Attack (DoS) via the command "Size/big/file" in ASCII mode. Vsftpd
# predicted this attack and have always been safe, reporting the size of the
# RAW file.
# ASCII mangling is a horrible feature of the protocol.
# ####--allows uploading and downloading of files using ASCII format. By default, "Yes" is allowed. You need to remove the "#" in front of this sentence when you need to enable it.
#ascii_upload_enable =yes
#ascii_download_enable =yes
#
#
# fully customise the login banner string:
# ####--Sets the welcome message that is displayed when the FTP user logs on to the server. You need to remove the "#" in front of this sentence when you need to enable it.
#ftpd_banner =welcome to blah FTP service.
#
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks.
#deny_email_enable =yes
# (default follows)
#banned_email_file =/etc/vsftpd/banned_emails
#
#
# Specify an explicit list of the Local users to Chroot () to their home
# directory. If Chroot_local_user is YES and then this list becomes a list of
# users to not Chroot ().
# ####--If you want the user to log in and not switch to a directory other than their own directory, you need to remove the "#" in front of this sentence to enable this sentence. If this feature is enabled, only the users listed in/etc/vsftpd.chroot_list are allowed to have this feature. If you want all local users to have this capability, you can add a line of code later: Chroot_local_user=yes.
#chroot_list_enable =yes
# (default follows)
#chroot_list_file =/etc/vsftpd/chroot_list
#
#
# You may activate the "-r" option to the builtin LS. This is disabled by # Default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "Mirror" assume # The presence of the "-r" option, so there is a Stro NG case for enabling it. #ls_recurse_enable =yes
#
#
# ####--Set the profile name of the PAM Authentication Service, which is stored in the/etc/pam.d/directory.
Pam_service_name=vsftpd
# ####--whether users in the user list are allowed to log on to the FTP server is not allowed by default.
Userlist_enable=yes
#enable for Standalone mode
# ####--The VSFTPD in standalone boot mode.
Listen=yes
# ####--uses tcp_wrappers as the host access control mode.
Tcp_wrappers=yes
####--additional Configuration
#
#
# ####--Set the maximum number of concurrent connections to the server and the maximum thread for the user
#max_clients = 100//Set concurrent user to connect to FTP server at 100
#max_per_ip = 2//Set the number of concurrent download threads per user for the same period of 2, and only two files can be downloaded
#
#
# ####--Set the maximum transfer rate for anonymous users and local Users
#anon_max_rate = 20000//Set the maximum transfer rate for anonymous users to 20Kbps
#local_max_rate = 1000000//Set local user's maximum transfer rate to 1Mbps
#
#
# ####--anonymous users of certain IP segments are forbidden to access the FTP server
#首先确认配置文件/etc/vsftpd/vsftpd.conf has the following statement and is enabled:
#tcp_wrappers =yes
#用gedit修改文件/etc/hosts.allow is as follows:
#hosts. Allow this file describes the names of the hosts which is
# allowed to use the local INET Services,as decided
# by the '/USR/SBIN/TCPD ' server.
Vsftpd:192.168.1.9:deny//Restrict host access to FTP server with IP address 192.168.1.9 and 192.168.1.12
Vsftpd:192.168.1.12:deny Remember, be sure to precede the IP address with "VSFTPD:".
#
#
# ####--allow users in the user list to access the FTP server, other users not in the list are forbidden to access
#userlist_enable =yes
#userlist_deny =no
#userlist_file =/etc/vsftpd/user_list
#
#
# ####--Change the default port number and IP address of the FTP server, add the following statement in the configuration file/etc/vsftpd/vsftpd.conf (remove the comment symbol):
#listen_port = 5555//Specify the server port number as "5555", note: The port number should be as much as 4000
#listen_address =192.168.0.3//Specifies that the server listens on an IP address of 192.168.0.3
#
# ####--Basic Operations Command
1, query vsftpd whether to install the command Rpm-qa | grep vsftpd
2. Close, start, restart, status command
/ETC/RC.D/INIT.D/VSFTPD Stop|start|restart|status
Service VSFTPD Stop|start|restart|status # #
Server Performance Tuning Command set:
one_process_model=yes--per IP single process mode
idle_session_timeout=120--kick out of the user after 2 minutes of idle
data_connection_timeout=300--kicks out after 5 minutes of free download
accept_timeout=60--kicking out a passive connection after 1 minutes of suspension
connect_timeout=60--kicking out the active connection after 1 minutes of suspension
anon_max_rate=50000--Maximum transfer rate for anonymous users is 50kb/s
Anonymous account configuration Command set:
anonymous_enable=yes--Allow Anonymous account login
anon_mkdir_write_enable=yes--Open Anonymous account create directory and write file permissions
anon_upload_enable=yes--Open Anonymous Account upload permissions
anon_world_readable_only=no--Anonymous account not only download permission
anon_umask=022--Permissions for new files
anon_other_write_enable=no--Close Anonymous account deletion, renaming permissions
anon_max_rate=50000--Limit Maximum transfer rate
anon_root=/var/ftp/--setting the root directory of anonymous account logins
no_anon_password=yes--Anonymous user does not need to enter a password
ftp_username=test--specify the corresponding local account for the anonymous account
chown_uploads=yes--the owner of the anonymous upload file is the account specified below
chown_username=test--the owner's account for uploading files anonymously
Local account Configuration Command set
local_enable=yes--Allow local account login
write_enable=yes--Enable write access for local accounts
local_umask=022--Permissions for new files
chroot_local_enable=yes--local account cannot switch home directory
chroot_list_enable=yes--allows certain local accounts to be switched outside
chroot_list_file=/etc/vsftpd/chroot_list--allow to switch to the outside list of local accounts
local_root=/home/test--setting the root directory for local account logins
chmod_enable=yes--local account can modify file permissions (SITE chmod)
local_max_rate=1000000--Maximum transfer rate for local accounts
Virtual User Configuration Command set
guest_enable=yes--Enabling virtual users
guest_username=ftp--A local user that specifies a virtual user mapping, which is FTP by default, can change