"VSFTPD" Redhat Linux FTP configuration (VSFTPD) __linux

Redhat Linux FTP configuration (vsftpd) 2010-08-03 16:46

First query whether to install Vsftp [Root@localhost root]# Rpm-qa|grep vsftpd [Root@localhost root]# Not installed Install RPM-IVH vsftpd-1.1.3-8.rpm First [Root@localhost root]# Rpm-qa|grep vsftpd Vsftpd-1.1.3-8 Proof of installation. Now it's time to start vsftp directly. Start [Root@localhost root]#/etc/rc.d/init.d/vsftpd start Starting vsftpd for VSFTPD: [OK] Test [Root@localhost root]# ftp localhost//Login Connected to localhost (127.0.0.1). 1.1.3 (VSFTPD) Name (Localhost:root): 530 Permission denied. Login failed. Ftp> bye//Use bye exit 221 Goodbye. So without modifying the contents of the VSFTPD, you can run it directly. But at this point the effect is: Anonymous account anonymous can log in, the home directory is/var/ftp, and is locked in this directory. This account has only download rights The system's account number (the account number in the/etc/passwd file) can be logged in, and the home directory is not locked Any account in the/etc/vsftpd/ftpusers file cannot be logged in. Uploaded and downloaded log information is stored in the/var/log/vsftpd.log So generally this is enough for us to use, just pay attention to those who do not allow the landing account to write to the above mentioned two files Vsftpd.ftpusers and vsftd.user_list I have not found how to limit the total bandwidth, that is, unlimited number of clients, total bandwidth to their average, at the same time even more people each have less bandwidth, even the people less each have more bandwidth. I also hope that one can give the younger brother pointing. But I also think so, anyway is to limit the number of clients and the download speed of each client, multiplying is the server to its maximum bandwidth, although not flexible, but also disguised as a limit to the total flow of the role. I think the general FTP server also use so many functions, the last thing you have to mention is that you want to account can write, that directory will write to the account permission Oh. 6, because the anonymous upload will not succeed, so configure the upload user: A, in the ETC directory more vsftp.user_list and more vsftp.users B, VI vsftp.user_list C, add a # comment off root. Save the disk exit. 7, let the FTP machine start to follow the start: Chkconfig-–list | More Chkconfig–-list | grep vsftpd And then do this thing: Chkconfig vsftpd on start level becomes start About/etc/vsftpd/vsftpd.conf Files We're going to set up a vsftpd core file. # cd/etc/vsftpd/vsftpd.conf This is VSFTPD's core configuration file Anonymous_enable=yes/no whether anonymous users are allowed to log on Anonymous_enable=yes/no whether to allow anonymous uploading of files Local_enable= yes/no whether to allow local users to log on write_enable= yes/no Whether local users are allowed to upload Guest_enable=yes/no whether the virtual user is allowed to log in; local_mask=022 sets the local user's file generation mask to 022, with the default value of 077 The dirmessage_enable= YES setting displays the contents of the. Message implied file when switching to the directory xferlog_enable= YES activate upload and download logs Connect_from_port_20=yes Enable FTP data port connections PAM_SERVICE_NAME=VSFTPD sets the profile name of the PAM Authentication Service, which is stored in the/ETC/PAM.D directory Userlist_enable= YES allows users in vsftpd.user_list files to access the server Userlist_deny= YES rejects user access server in vsftpd.user_list file Listen= yes/no whether to use exclusive startup (this is more important) Tcp_wrappers= yes/no whether to use Tcp_wrappers as host access control method The main thing is these settings. (This is generally the default is not too understand do not move) You can set the following settings: Ftpd_banner=welcome to FTP Service Set welcome information after connecting to the server IDLE_SESSION_TIMEOUT=60 Limited remote Client connection, the established control connection, the amount of time did not do any operation will be interrupted (seconds) DATA_CONNECTION_TIMEOUT=120 set up idle data interruption time for the client to transfer Accept_timeout=60 set how long after the connection is automatically established CONNECT_TIMEOUT=60 set the maximum activation time of data connection, how long to disconnect, for others to use; MAX_CLIENTS=200 indicates that the total number of client concurrent connections to the server is 200 Max_per_ip=3 indicates that the maximum number of connections per client is 3 local_max_rate=50000 (50KBYTES/SEC) anon_max_rate=30000 set maximum transfer rate limit for local and anonymous users pasv_min_port= Port The pasv-max-prot= port number defines the maximum and minimum ports, 0 represents any port, and the port is specified for the client connection; LISTEN_ADDRESS=IP Address set the FTP service to listen to the address, the client can use which address to connect; listen_port= port number to set the FTP work, the default is 21 Chroot_local_user=yes Settings All local users can chroot Chroot_local_user=no setting specifies that the user can chroot Chroot_list_enable=yes Chroot_list_file=/etc/vsftpd.chroot_list (only the specified user in/etc/vsftpd.chroot_list can execute) Local_root=path no matter which user can log in to the user, define the main directory of the login account, if not specified, then each user will enter the user's home directory; Chroot_local_user=yes/no whether the local System account user home directory (all) is locked, the user can only access the user's home directory/home/user, and cannot use the CD command to go up; Chroot_list_enable=yes/no locks the user's home directory (section) in the specified file, as specified in the file:/chroot_list_file=path; userlist_enable=yes/no whether the user list file is loaded; Userlist_deny=yes indicates whether the user loaded above is allowed to deny login; Userlist_file=/etc/vsftpd.user_list list File These are the advanced settings. You can make the appropriate changes. #vi/etc/hosts.allow Vsftpd:192.168.5.128:deny Setting this IP address does not allow access to the FTP service (VSFTPD supports Tcp_wrappers host access control in exclusive startup mode) Time limit: #cp/usr/share/doc/vsftpd-1.1.3/vsftpd.xinetd/etc/xinetd.d/vsftpd #vi/etc/xinetd.d/vsftpd/ Modify Disable = No Access_time = hour:min-hour:min (add configuration access time limit (note: corresponds to Listen=no in vsftpd.conf) Example: Access_time = 8:30-11:30 17:30-21:30 indicates that only these two time periods can access the FTP The FTP configuration is basically the only one.