Set up a vsftp server in Linux

Source: Internet
Author: User

Set up on EL5

Vsftp is a popular FTP server in various Linux distributions.

 

Basic software requirements:

Tcp_wrappers-7.6-40.4.el5.i386.rpm

Vsftpd-2.0.5-12.e15.i386.rpm

 

The installation configuration is divided into the service hosting mode and the independent mode under xinet. D. This article discusses the independent mode.

    1. Suitable for modifying the configuration file:/etc/vsftpd. conf
    2. Modify iptables firewall settings: "Stop" is not good, it is best to allow Telnet port
    3. Modify SELinux: "Stop" It is not good; setenfoce 0 is not good; it is best to allow the FTP policy setsebool ftpd_disable_trans on | 1

Basic settings

    • Listen = Yes-- Open the FTP service and enable the anonymous service (only the FTP root directory in the anonymous user list can be downloaded. The root FTP directory is/var/FTP /)
    • Pam_service_name = vsftpd-- It's disgusting. Even if you don't need seliunx, you have to add this sentence, which enables vsftpd's identity authentication method !!!
    • Listen_port = 21 -- listen to the FTP port
    • Listen_address = x. x -- listens to an IP address or address.
    • Idle_session_timeout = 600-- Number of seconds before Idle session disconnection
    • Connect_timeout = 60 -- network connection timeout seconds
    • Accept_timeout = 60 -- the waiting queue times out after the user connects to the server
    • Max_client = 400 -- maximum number of client connections
    • Max_per_ip = 1 -- maximum number of connections per IP
    • Local_max_rate = 100000 -- maximum local user connection rate bit
    • Anno_max_rate = 1000 -- maximum connection rate of Anonymous Users

 

Auxiliary Basic settings

    • Ftpd_banner = welcome information
    • Banner_file =/var/vsftpd_banner_files -- use the welcome information in this file. Note that this setting override ftpd_banner settings.
    • Banner_fail =/var/vsftpd_banner_fail -- use the file to display connection failure information,
    • Dirmessage_enable = yes -- use the. message in the directory to display the message when switching the Directory

 

Anonymous user management: in essence, the vsftp process simulates anonymous users on Linux as nobody users. All users must ensure proper Linux system permissions.

    • Anonymous_enable = yes -- allows anonymous users to access FTP, which is the default setting. To access the root FTP directory, ensure that the directory accessed by anonymous users has the r write permission in Linux.
    • Anon_root =/var/FTP/Anon --Modify the FTP root directory of an anonymous user
    • Anon_upload_enable = yes -- allow anonymous users to upload files in the root FTP directory. Note that the directory accessed by anonymous users must have the write W permission in Linux.
    • Anon_mkdir_write_enable = yes -- allows anonymous users to create directories and upload files. Note that the directory accessed by anonymous users must have the write W permission in Linux.
    • Anon_world_readable_only = no --Allows anonymous users to read and view all files, directories, and subdirectories. Ensure that the directories accessed by anonymous users have the r write permission in Linux.

 

Local user managementEssentially: The vsftp process simulates local users on Linux. All Linux system permissions must be guaranteed.

    • Pam_service_name = vsftpd-- It's disgusting. Even if you don't need seliunx, you have to add this sentence, which enables vsftpd's identity authentication method !!!
    • Anonymous_enable = No -- disable anonymous login
    • Local_root =/var/FTP -- root directory of the local user. You can set chroot_local_user = yes to restrict the local user to be in its home
    • Local_enable = yes -- allow local users to log on to the vsftp Server
    • Write_enable = yes -- allow write permissions of local users
    • Chroot_local_user = Yes-- Local users can only be in their own home. Without this setting, login users can access any OS directory with Linux permissions.
    • Chroot_list_enable = Yes-- Only allow users in the list to change the root directory. chroot_local_user = yes and chroot_list_file =/var/vsftpd/chroot_list must be set at the same time.Otherwise, the setting does not work.
    • Chroot_list_file =/var/vsftpd/chroot_list-- Allow the user list. If chroot_list_enable = Yes, this parameter must be set.
    • Userlist_enable = yes -- disable local users listed in the userlist_file file from logging on to the vsftp server, and use the userlist_deny policy to set
    • Userlist_deny = Yes-- Restriction Policy: restrict local users listed in the userlist_file file to log on to the vsftp server. -- default setting; otherwise, only users in the userlist_file file are allowed to access
    • Userlist_file =/etc/vsftpd/userlist -- User List

 

Virtual user management

The key is to understand that vsftpd adopts the PAM User authentication method for virtual users. All configuration files must be set. In addition, you must review and set the Account module during PAM Authentication! This FTP virtual user does not actually exist in the system. To access the corresponding Linux directory, you must set a real local user in the vsftpd. conf configuration! Related settings are as follows:

    • The internal user settings of the virtual user are the same as those of the local user. The key is local_enable = Yes write_enable = Yes
    • Set virtual user: db42_load-T-t hash-F virtual user list file (User Name a \ n user a password ..........) pam virtual user database. DB
    • Create a vsftpd application configuration file under/etc/PAM. d/, for example, "vsftpd" -- the file name must be pam_service_name =? -- Configuration
    • Guest_enable = yes -- virtual users are allowed, that is, vsftp users only.
    • Guest_username = root -- local user mapped by the virtual user. This is the root Super administrator user.
    • User_config_dir = dir_spece -- the specific configuration directory of the virtual user, which contains the configuration file defined by each virtual User Name:Virtual users can impose home restrictions on the root directory like local users,Refer to local user settings

     

    Advanced Management

      • Create a virtual directory: # Mount -- bind olddir newdir
      • Start with xinet:

    1. Create a file vsftpd in the/etc/xinetd. d/directory.

    The content of/etc/xinetd. d/vsftpd is as follows:

     
    ServiceFTP
    {
    Socket_type = stream
    Wait = No
    User = root
    Server =/usr/sbin/vsftpd
    # Server_args =
    # Log_on_success + = duration userid
    # Log_on_failure + = userid
    Nice = 10
    Disable = No
    }

    2. Configure vsftpd. conf in/etc/, that is,/etc/vsftpd. conf. Delete Listen = Yes

     

     

    Unknown Parameters

    Data_connection_timeout

     

    Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.