Article Title: Setting up an FTP server in Linux (6 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Ensures ftp server security
First, make sure that the "/etc/ftpusers" file has been created. This file is used to set which users are not allowed to log on to the ftp server, at least including: root, bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, nobody, and all default accounts provided by Linux publishers in the system.
If you want to disable anonymous ftp services, remove the ftp user from the password file, and use the following command to determine that the anonftp-version.i386.rpm package is not installed in the system:
[Root @ deep] # rpm-q anonftp.
Upload Command
By default, the WU-FTPD Server gives all guest users the permissions to upload. When a user logs on, the root directory (chroot) is changed to "/home/ftp", so that the directory cannot be accessed. However, some areas in the "/home/ftp" directory still need to be protected and cannot be accessed by users at will. On the ftp server we configured, enter the "bin", "etc", "dev", and "lib" directories under the "/home/ftp" directory. We do not allow users to upload files to these directories. Therefore, we need to set the access permission for these directories. You can set the upload permission in the "/etc/ftpaccess" file. In our example, It is set as follows:
Upload/home/ftp/*/no
Upload/home/ftp/*/etc no
Upload/home/ftp/*/dev no
Upload/home/ftp/*/bin no (require only if you are not using the "-- enable-ls" option)
Upload/home/ftp/*/lib no (require only if you are not using the "-- enable-ls" option)
Noretrieve command
It is best to prohibit some users from downloading files from certain subdirectories in the "/home/ftp" directory. You can use the "noretrieve" command to set the file in the "/etc/ftpaccess" file.
Noretrieve/home/ftp/etc
Noretrieve/home/ftp/dev
Noretrieve/home/ftp/bin (require only if you are not using the "-- enable-ls" option)
Noretrieve/home/ftp/lib (require only if you are not using the "-- enable-ls" option)
". Notar" File
Whether or not to allow instant directory packaging (on-the-fly tar), you must ensure that you cannot package (tar) directories that are not allowed to be uploaded. Create the ". notar" file in each subdirectory of the "/home/ftp" directory.
[Root @ deep] # touch/home/ftp/. notar
[Root @ deep] # chmod 0/home/ftp/. notar
[Root @ deep] # touch/home/ftp/etc/. notar
[Root @ deep] # chmod 0/home/ftp/etc/. notar
[Root @ deep] # touch/home/ftp/dev/. notar
[Root @ deep] # chmod 0/home/ftp/dev/. notar
[Root @ deep] # touch/home/ftp/bin/. notar (require only if you are not using the "-- enable-ls" option)
[Root @ deep] # chmod 0/home/ftp/bin/. notar (require only if you are not using the "-- enable-ls" option)
[Root @ deep] # touch/home/ftp/lib/. notar (require only if you are not using the "-- enable-ls" option)
[Root @ deep] # chmod 0/home/ftp/lib/. notar (require only if you are not using the "-- enable-ls" option)
These ". notar" files with a length of 0 can cause confusion in some browsers and ftp proxies. To solve this problem, you must mark them as prohibited downloads. Add this line to the "/etc/ftpaccess" file:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.