VsftpdIs the most popular FTP server program in the Linux release. Features: small, light, secure, and easy to use. Vsftpd is so easy to use. If you don't have any friends, you will be out of date and the speed will be loaded. Next, let's take a Q & A form to answer the question about vsftpd. This is the last article and the next article is waiting for you!
Q1)Can I restrict a user to his home directory?
A) YES. Set chroot_local_user = YES.
Q2)Why does symlink not work after chroot_local_user = YES is set?
A) This is the result of how the security mechanism chroot () works. (Optional) Take A Look At hard links, or use the "modern" Linux and the powerful "mount -- bind" command.
Q3)Does vsftpd support limit the number of user connections?
A1) Yes, indirectly. Vsftpd is an inetd-based service. If you use the popular xinetd, it supports the connection restrictions of per-service per-IP. The "EXAMPLE" directory contains an EXAMPLE.
A2) If you run vsftpd in standalone mode (set listen = YES), you can study settings such as max_clients = 10.
Q4)Help! I got "refusing to run with writable anonymous
Root "error message.
A) vsftpd does not allow "dangerous (Insecure)" configurations. This error message is usually caused by incorrect owner permissions in the home directory of ftp. The owner of the home directory should not be an ftp user, and the ftp user cannot have the write permission. The solution is:
Chown root ~ Ftp; chmod-w ~ Ftp
Q5)Help! I got the error message "str_getpwnam.
A) The most likely reason is that there is no user (generally 'nobody') configured as 'nopriv _ user' in your system '). Vsftpd must run with the lowest permissions.
Q6)Help! Local users cannot log on.
A) There are several possible problems that cause logon failure.
A1) by default, vsftpd only allows anonymous users (anonymous) to log on. Add local_enable = YES to your/etc/vsftpd. conf configuration file to allow local users to log on.
A2) vsftpd needs to contact PAM (Run "ldd vsftpd" to check whether libpam exists in the result ). if vsftpd requires PAM support, you must prepare a PAM file for the vsftpd service. in the "RedHat" directory, there is an example of preparing the PAM file for the RedHat system, put it in/etc/pam. d directory.
A3) if PAM is not required for vsftpd, this may be caused by many reasons. Is your shell in the/etc/shells file? If you use shadow passwd, is there any shadow. h file in the include path?
A4) if PAM is not used, vsftpd will use its own method to check whether the user's shell is legal. if you want to use an illegal shell (so that users can only log on via FTP), you can add check_shell = NO in the configuration file.
Q7)Help! "500 Unknown command." is reported for uploading or other "write" commands .".
A) by default, the "write" command (upload and create A directory) is disabled. this is a safe method. to allow writing a command, you must add the command in the configuration file/etc/vsftpd. add write_enable = YES to conf.
Q8)Help! What are the security risks in the chroot_local_user option?
A) First, note that other ftp servers have the same risks. This is a general question. This problem is not very serious, but it is like this: Some people give untrusted ftp accounts full shell access permissions. If these accounts can upload files, there is a risk. A bad user can control the root directory of the file system as its home directory. The FTP process may access some configuration files, such as/etc/some_file. With chroot (), this file is under the control of this user. Vsftpd is very concerned about these security issues. However, the system libc may want to open the language configuration file or other configuration ......
Q9)Help! The permission for uploaded files is-rw -------.
A1) modify the local_umask or anon_umask option based on whether the upload user is a local user or an anonymous user. For example, set anon_umask = 022 to specify the permission to upload files anonymously as-rw-r --. Note that the value of 0 in front of 22 cannot be less.
A2) you can also check the New Option file_open_mode in the man help of vsftpd. conf.
Q10)Help! How can I integrate LDAP User Logon?
A) Use vsftpd with PAM to configure PAM to use LDAP authentication.
Q11)Help! Can vsftpd be configured as virtual hosting?
A1) Yes. If you use xinetd to run vsftpd, You can bind xinetd to several different IP addresses. For each IP address, xinetd uses different configuration files to start vsftpd. In this way, you can configure different vsftpd services on each IP address.
A2) You can also run multiple vsftpd instances in standalone mode. Use listen_address = x. x to set the virtual IP address.
Q12)Help! Does vsftpd support virtual users?
A) Yes. It is integrated with PAM. Set guest_enable = YES in/etc/vsftpd. conf. The effect is that the successful logon of all non-anonymous users is mapped to the local user specified by guest_username. Then, the pam_userdb module of PAM and (for example) can improve the authentication based on the external user Library (that is, the/etc/passwd is not used. Note: When guest_enable takes effect, there is a restriction that the local user is also mapped to guest_username (TRANSLATOR: that is, the virtual user and the local user cannot be used at the same time ). The EXAMPLE directory contains an EXAMPLE of virtual user configuration.
Q13)Help! Does vsftpd support different configurations for different users?
A) supported and powerful. Check the user_config_dir option in man's help.
Q14)Help! Can I limit vsftpd data connection to a specified port range?
A) Yes. Check the configuration options pasv_min_port and pasv_max_port.
Q15)Help! I see information like "OOPS: chdir.
A) if an anonymous user is logged on, check whether the Home Directory of the System user ftp is correct. If you use the anon_root option, check whether the option is correct.
Through the answers in the article, are you all suddenly enlightened? If you didn't understand it before, you should know it now! Don't go away. next article!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
