Official vsftpd FAQ Chinese edition

Official FAQ address:Ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.3/FAQ

HereAlso, vsftpdrocks.org is a great site For vsftpd installation and configuration.

Q1)Can I restrict a user to his home directory?
A) Yes, SetChroot_local_user = YesThat's all.

Q2)Why does symlink not work after chroot_local_user = yes is set?
A) This is the result of how the security mechanism chroot () works. (Optional) Take A Look At hard links, or use the "modern" Linux and the powerful "Mount -- bind" command.

Q3)Does vsftpd support limit the number of user connections?
A1) Yes, indirectly. Vsftpd is an inetd-based service. If you use the popular Xinetd, it supports the connection restrictions of per-service per-IP. The "example" directory contains an example.
A2) If you run vsftpd in standalone mode (set Listen = yes), you can study it.Max_clients = 10Such settings.

Q4)Help! I got "refusing to run with writable Anonymous
Root "error message.
A) vsftpd does not allow "dangerous (Insecure)" configurations. This error message is usually caused by incorrect owner permissions in the home directory of FTP. The owner of the home directory should not be an FTP user, and the FTP user cannot have the write permission. The solution is:
Chown root ~ FTP; chmod-W ~ FTP

Q5)Help! I got the error message "str_getpwnam.
A) The most likely reason is that there is no user (generally 'nobody') configured as 'nopriv _ user' in your system '). Vsftpd must run with the lowest permissions.

Q6)Help! Local users cannot log on.
A) There are several possible problems that cause logon failure.
A1) by default, vsftpd only allows anonymous users (anonymous) to log on. In your/etc/vsftpd. conf configuration file, addLocal_enable = YesYou can log on to the local user.
A2) vsftpd needs to contact PAM (Run "LDD vsftpd" to check whether libpam exists in the result ). if vsftpd requires Pam support, you must prepare a pam file for the vsftpd service. in the "RedHat" directory, there is an example of preparing the PAM file for the RedHat system, put it in/etc/PAM. d directory.
A3) if Pam is not required for vsftpd, this may be caused by many reasons. Is your shell in the/etc/shells file? If you use shadow passwd, is there any shadow. h file in the include path?
A4) if Pam is not used, vsftpd will use its own method to check whether the user's shell is legal. if you want to use an illegal shell (so that users can only log on via FTP), you can addCheck_shell = No.

Q7)Help! "500 Unknown command." is reported for uploading or other "write" commands .".
A) by default, the "write" command (upload and create a directory) is disabled. this is a safe method. to allow writing a command, you must add the command in the configuration file/etc/vsftpd. add in ConfWrite_enable = Yes.

Q8)Help! What are the security risks in the chroot_local_user option?
A) First, note that other FTP servers have the same risks. This is a general question. This problem is not very serious, but it is like this: Some people give untrusted FTP accounts full shell access permissions. If these accounts can upload files, there is a risk. A bad user can control the root directory of the file system as its home directory. The FTP process may access some configuration files, such as/etc/some_file. With chroot (), this file is under the control of this user. Vsftpd is very concerned about these security issues. However, the system libc may want to open the language configuration file or other configuration ......

Q9)Help! The permission for uploaded files is-RW -------.
A1) based on whether the upload user is a local user or an anonymous user, modifyLocal_umaskOrAnon_umask. For example, SetAnon_umask = 022Specify the permission to upload files anonymously as-RW-r --. Note that the value of 0 in front of 22 cannot be less.
A2) You can also look at the vsftpd. confMan helpNew options inFile_open_mode.

Q10)Help! How can I integrate LDAP User Logon?
A) Use vsftpd with Pam to configure Pam to use LDAP authentication.

Q11)Help! Can vsftpd be configured as virtual hosting?
A1) Yes. If you use xinetd to run vsftpd, You can bind xinetd to several different IP addresses. For each IP address, xinetd uses different configuration files to start vsftpd. In this way, you can configure different vsftpd services on each IP address.
A2) You can also run multiple vsftpd instances in standalone mode. Usage optionsListen_address = x. xSet the virtual IP address.

Q12)Help! Does vsftpd support virtual users?
A) Yes. It is integrated with Pam. Set in/etc/vsftpd. confGuest_enable = YesIn this way, all non-Anonymous Users are mappedGuest_usernameThe specified local user. Then, the pam_userdb module of PAM and (for example) can improve the authentication based on the external user Library (that is, the/etc/passwd is not used. Note: WhenGuest_enableAfter the modification takes effect, a local user is mappedGuest_username(TRANSLATOR: Virtual users and local users cannot be used at the same time ). The example directory contains an example of virtual user configuration.

Q13)Help! Does vsftpd support different configurations for different users?
A) supported and powerful. ViewMan helpInUser_config_dir.

Q14)Help! Can I limit vsftpd data connection to a specified port range?
A) Yes. View configuration optionsPasv_min_portAndPasv_max_port.

Q15)Help! I see information like "Oops: chdir.
A) if an anonymous user is logged on, check whether the Home Directory of the System user FTP is correct. If you useAnon_rootCheck whether this option is correct.

Q16)Help! Vsftpd displays GMT instead of local time!
A) You can setUse_localtime = Yes.

Q17)Help! Can I disable some FTP commands?
A) Yes. There are some separate options (suchDirlist_enable), Or you can useCmds_allowedOption to specify the allowed command set.

Q18)Help! Can I change the working port of vsftpd?
A1) Yes. If you run vsftpd in standalone mode, you can useListen_portOption (specify the port ).
A2) Yes. If vsftpd is run in inetd or xinetd mode, inetd or xinetd is responsible for this problem. You must modify the configuration file of inetd or xinetd (possibly/etc/inetd. conf or/etc/xinetd. d/vsftpd ).

Q19)Help! Can vsftpd be verified using the LDAP server? Or use the MySQL database?
A) Yes. Vsftpd can be verified using PAM, so you need to configure Pam to use the pam_ldap or pam_mysql module. This includes installing the PAM module, and then editing the PAM Configuration File (possibly/etc/PAM. d/vsftpd) of vsftpd ).

Q20)Help! Does vsftpd support per-IP limits?
A1) Yes. If you run vsftpd in standalone mode, you can useMax_per_ip.
A2) Yes. If you run vsftpd in Xinetd mode, you can use the xinetd configuration parameters.Per_source.

Q21)Help! Does vsftpd support bandwidth restrictions?
A) supported. ViewMan helpIn (vsftpd. CONF.5"Anon_max_rate"And"Local_max_rate"Option.

Q22)Help! Does vsftpd support IP-based Access Control?
A1) can be combined with TCP_WRAPPERS implementation (provided that TCP_WRAPPERS is added for compilation ). SetTcp_wrappers = YesEnable it.
A2) Run vsftpd in Xinetd mode. xinetd can be combined with TCP_WRAPPERS.

Q23)Help! Does vsftpd support IPv6??
A) It is supported from version 1.2.0. See vsftpd. confMan help.

Q24)Help! Vsftpd compilation failed. The error is-lcap (unable to find-lcap) cannot be found ).
A) install libcap package and try again. It seems that Debian users have encountered more problems.

Q25)Help! My configuration file is/etc/vsftpd. conf, but it does not seem to work!
A) The RedHat user will encounter this problem-in some RedHat versions, the vsftpd configuration file is/etc/vsftpd. conf.

Q26)Help! Vsftpd compilation fails, and sysutil. C contains incomplete types (types ).
A) Your system may not support IPv6. You can either use the earlier version of vsftpd (for example, v1.1.3) in a modern (IPv6-supported) system or use a version without this problem.

Q27)Help! When downloading (especially a large number of small files), you can see a lot of such information: "500 Oops: vsf_sysutil_bind ".
A) The vsftpd-1.2.1 has solved this problem.

Q28)Help! Can vsftpd hide or deny access to certain files?
A) Yes. Let's take a look at vsftpd. conf'sMan helpInHide_fileAndDeny_file.

Q29)Help! Does vsftpd support fxp?
A) supported. The FTP server supports fxp without special configuration. However, due to the security restrictions of vsftpd on IP addresses, you may not succeed. For more information, see vsftpd. conf.Man help(Vsftpd. CONF.5) aboutPasv_promiscuous(And not recommended)Port_promiscuous.

Q30)......
A) For more information about vsftpd, see vsftpd. confMan helpAnd configuration example.