"VSFTPD" Redhat Linux FTP configuration (VSFTPD) __linux

Source: Internet
Author: User
Redhat Linux FTP configuration (vsftpd) 2010-08-03 16:46

First query whether to install Vsftp
[Root@localhost root]# Rpm-qa|grep vsftpd
[Root@localhost root]#

Not installed

Install RPM-IVH vsftpd-1.1.3-8.rpm First
[Root@localhost root]# Rpm-qa|grep vsftpd
Vsftpd-1.1.3-8
Proof of installation.

Now it's time to start vsftp directly.
Start
[Root@localhost root]#/etc/rc.d/init.d/vsftpd start
Starting vsftpd for VSFTPD: [OK]

Test
[Root@localhost root]# ftp localhost//Login
Connected to localhost (127.0.0.1).
1.1.3 (VSFTPD)
Name (Localhost:root):
530 Permission denied.
Login failed.
Ftp> bye//Use bye exit
221 Goodbye.

So without modifying the contents of the VSFTPD, you can run it directly. But at this point the effect is:
Anonymous account anonymous can log in, the home directory is/var/ftp, and is locked in this directory. This account has only download rights
The system's account number (the account number in the/etc/passwd file) can be logged in, and the home directory is not locked
Any account in the/etc/vsftpd/ftpusers file cannot be logged in.
Uploaded and downloaded log information is stored in the/var/log/vsftpd.log
So generally this is enough for us to use, just pay attention to those who do not allow the landing account to write to the above mentioned two files Vsftpd.ftpusers and vsftd.user_list


I have not found how to limit the total bandwidth, that is, unlimited number of clients, total bandwidth to their average, at the same time even more people each have less bandwidth, even the people less each have more bandwidth. I also hope that one can give the younger brother pointing.
But I also think so, anyway is to limit the number of clients and the download speed of each client, multiplying is the server to its maximum bandwidth, although not flexible, but also disguised as a limit to the total flow of the role.
I think the general FTP server also use so many functions, the last thing you have to mention is that you want to account can write, that directory will write to the account permission Oh.
6, because the anonymous upload will not succeed, so configure the upload user:
A, in the ETC directory more vsftp.user_list and more vsftp.users
B, VI vsftp.user_list
C, add a # comment off root. Save the disk exit.
7, let the FTP machine start to follow the start:
Chkconfig-–list | More
Chkconfig–-list | grep vsftpd
And then do this thing: Chkconfig vsftpd on start level becomes start

About/etc/vsftpd/vsftpd.conf Files

We're going to set up a vsftpd core file.

# cd/etc/vsftpd/vsftpd.conf This is VSFTPD's core configuration file

Anonymous_enable=yes/no whether anonymous users are allowed to log on

Anonymous_enable=yes/no whether to allow anonymous uploading of files

Local_enable= yes/no whether to allow local users to log on

write_enable= yes/no Whether local users are allowed to upload

Guest_enable=yes/no whether the virtual user is allowed to log in;

local_mask=022 sets the local user's file generation mask to 022, with the default value of 077

The dirmessage_enable= YES setting displays the contents of the. Message implied file when switching to the directory

xferlog_enable= YES activate upload and download logs

Connect_from_port_20=yes Enable FTP data port connections

PAM_SERVICE_NAME=VSFTPD sets the profile name of the PAM Authentication Service, which is stored in the/ETC/PAM.D directory

Userlist_enable= YES allows users in vsftpd.user_list files to access the server

Userlist_deny= YES rejects user access server in vsftpd.user_list file

Listen= yes/no whether to use exclusive startup (this is more important)

Tcp_wrappers= yes/no whether to use Tcp_wrappers as host access control method

The main thing is these settings. (This is generally the default is not too understand do not move)

You can set the following settings:

Ftpd_banner=welcome to FTP Service Set welcome information after connecting to the server

IDLE_SESSION_TIMEOUT=60 Limited remote Client connection, the established control connection, the amount of time did not do any operation will be interrupted (seconds)

DATA_CONNECTION_TIMEOUT=120 set up idle data interruption time for the client to transfer

Accept_timeout=60 set how long after the connection is automatically established

CONNECT_TIMEOUT=60 set the maximum activation time of data connection, how long to disconnect, for others to use;

MAX_CLIENTS=200 indicates that the total number of client concurrent connections to the server is 200

Max_per_ip=3 indicates that the maximum number of connections per client is 3

local_max_rate=50000 (50KBYTES/SEC)

anon_max_rate=30000 set maximum transfer rate limit for local and anonymous users

pasv_min_port= Port

The pasv-max-prot= port number defines the maximum and minimum ports, 0 represents any port, and the port is specified for the client connection;

LISTEN_ADDRESS=IP Address set the FTP service to listen to the address, the client can use which address to connect;

listen_port= port number to set the FTP work, the default is 21

Chroot_local_user=yes Settings All local users can chroot

Chroot_local_user=no setting specifies that the user can chroot

Chroot_list_enable=yes

Chroot_list_file=/etc/vsftpd.chroot_list (only the specified user in/etc/vsftpd.chroot_list can execute)

Local_root=path no matter which user can log in to the user, define the main directory of the login account, if not specified, then each user will enter the user's home directory;

Chroot_local_user=yes/no whether the local System account user home directory (all) is locked, the user can only access the user's home directory/home/user, and cannot use the CD command to go up;

Chroot_list_enable=yes/no locks the user's home directory (section) in the specified file, as specified in the file:/chroot_list_file=path;

userlist_enable=yes/no whether the user list file is loaded;

Userlist_deny=yes indicates whether the user loaded above is allowed to deny login;

Userlist_file=/etc/vsftpd.user_list list File

These are the advanced settings. You can make the appropriate changes.

#vi/etc/hosts.allow

Vsftpd:192.168.5.128:deny Setting this IP address does not allow access to the FTP service (VSFTPD supports Tcp_wrappers host access control in exclusive startup mode)

Time limit:

#cp/usr/share/doc/vsftpd-1.1.3/vsftpd.xinetd/etc/xinetd.d/vsftpd

#vi/etc/xinetd.d/vsftpd/

Modify Disable = No

Access_time = hour:min-hour:min (add configuration access time limit (note: corresponds to Listen=no in vsftpd.conf)

Example: Access_time = 8:30-11:30 17:30-21:30 indicates that only these two time periods can access the FTP

The FTP configuration is basically the only one.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.