Ubuntu 12.04 FTP Server configuration

Source: Internet
Author: User
Tags chmod documentation ftp site local time readable string format file permissions server port
Installation: sudo apt-get install vsftpd
# VSFTP (Very secure FTP) is a very secure and fast-stable FTP server in Unix/linux
After installation, you may automatically generate an account "FTP",/home will also add a folder.
If you do not generate this user, you can manually come, the generation is not necessary:
sudo useradd-m FTP
sudo passwd ftp

To change permissions after an "FTP" account
sudo chmod 777/srv/ftp

In this directory I set up a folder to store what needs to be shared.


Modify port Number Ports Modify configuration:
Target: The default port is 21, and for system security, 21 ports need to be modified to 2021.
Steps: 1. Modify the/etc/services file (default assigned port number and protocol type)
# vi/etc/services
Modify the 21/tcp to 2021/tcp
2. Modify (Add) FTP configuration file vsftpd.conf
# vi/etc/vsftpd/vsftpd.conf
If there are listen_port=21 in the file, the 21 is modified to 2021,
Otherwise add a row listen_port=2021
3. Start TFP Service
# Service VSFTPD Restart
4. Check the TFP service
# Service VSFTPD Status
Or
# NETSTAT-NPL


Two types of models

FTP has two modes, namely, the port mode (also called active mode) and PASV mode (also known as passive mode), how to understand these two modes? Let me make a metaphor, in the active mode: The client sends a command to the server port 21 and says, "What do I want to download?" And it says I've opened a port of my own, you just give me something from here, the server will pass another data port to the client, this is the active mode, can be understood as the service side of the initiative to transfer files to the client; in Passive mode: Client to server-side 21-port command said, I want to download what what, the server side know, open a port, and then tell the client, I have opened a certain port, you go in to take it, so the client from that port into the file, this is the passive mode, can be understood as a service end by the client took something

In active mode, FTP two ports are relatively fixed, if the command port is x, the data port is x-1, that is, by default, the command port is 21, the data port is 20; you change the command port to 123, then the data port is 122. This use of the firewall is very convenient, as long as the opening of these two ports on it, but if the client is sharing the Internet, then it is not normal to use FTP, so still not, must be passive mode.

In general, the active mode of FTP refers to the server to actively connect the client's data port, passive mode of FTP refers to the server passively waiting for the client to connect their own data port.
Passive-mode FTP typically uses FTP clients that are behind a firewall to access an external FTP server, because in this case, the firewall is typically configured to not allow outside access to the host after the firewall, but only the connection requests initiated by the host behind the firewall are allowed to pass. Therefore, in this case can not use the active mode of FTP transmission, while the passive mode of FTP can work well.



Configuration files are modified through sudo gedit/etc/vsftpd.conf.
The configuration file is relatively simple, as follows

#独立模式启动
Listen=yes

#同时允许4客户端连入, up to 5 processes per IP
max_clients=200

Max_per_ip=4
#不允许匿名用户访问, allow local (System) users to log on
Anonymous_enable=no
Local_enable=yes
Write_enable=no

#是否采用端口20进行数据传输

Connect_from_port_20=yes
#生成日志
Xferlog_enable=yes
#指定登录转向目录
Local_root=/home/ftp/ftp
In this way, in the same LAN computer, with my IP address, with the account "FTP" and the corresponding password can be logged in, the password is the first step inside passwd that sentence specified

Anonymous_enable=yes (Allow anonymous login)
Dirmessage_enable=yes (Displays the contents of the directory. Message when the directory is switched)
local_umask=022 (local file permissions on FTP, default is 077)
Connect_form_port_20=yes (data connection with FTP data port enabled) *
Xferlog_enable=yes (activation of upload and next log)
Xferlog_std_format=yes (using standard log format)
FTPD_BANNER=XXXXX (Welcome information)
PAM_SERVICE_NAME=VSFTPD (Verification method) *
Listen=yes (Standalone VSFTPD server) *
Function: can only connect FTP server, cannot upload and send down
Note: All of which are related to the log welcome information is optional, the asterisk is no matter what account to add, is the basic FTP option

Turn on anonymous FTP server upload permissions
Add the following information to the configuration file:

Anon_upload_enable=yes (open upload permission)
Anon_mkdir_write_enable=yes (You can create a directory and upload files in this directory)
Write_enable=yes (open Local user write permission)
Anon_other_write_enable=yes (anonymous account can have permission to delete)
To turn on permissions under anonymous server
Anon_world_readable_only=no
Note: To note the properties of the folder, the anonymous account is another (other) user to open its read and write permission to execute
(R) Read-----down (W) write----upload (X) execution----If you do not open the FTP directory will not go
Local_enble=yes (local account can log in)
Write_enable=no (local account does not have permission to delete and modify files after landing)
Function: Can log on to VSFTPD server with local account, have permission to download and upload
Note: Anonymous servers can still log on without anonymous login, but not above

User login restricted to other directories, only into its home directory
Set all local users to perform chroot

Chroot_local_user=yes (all local accounts are available in their own directory)
Set the specified user execution chroot
Chroot_list_enable=yes (the list in the file can be called)
chroot_list_file=/any specified path/vsftpd.chroot_list
Note: Vsftpd.chroot_list is not created need to add their own, to control the account directly in the file add an account can

Restrict local user access to FTP
Userlist_enable=yes (use Userlistlai to restrict user access)
Userlist_deny=no (people on the list are not allowed to visit)
userlist_file=/specifies the path to which the file is stored/(the path where the file is placed)
Note: Open userlist_enable=yes Anonymous account cannot log in

Security options
idle_session_timeout=600 (seconds) (10 minutes after user session idle)
data_connection_timeout=120 (seconds) (Disconnect data connection for 2 minutes)
accept_timeout=60 (seconds) (Idle 1 minutes after the client is disconnected)
connect_timeout=60 (seconds) (1 minutes after interruption and reconnect)
local_max_rate=50000 (bite) (Local user transfer rate 50K)
anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)
pasv_min_port=50000 (change the client's data connection port to
Between pasv_max_port=60000 50000-60000)
MAX_CLIENTS=200 (maximum number of connections to FTP)
Max_per_ip=4 (maximum number of connections per IP)
listen_port=5555 (data connection from Port 5555)
See who landed the FTP and killed it in the process
PS–XF |grep FTP
Kill Process Number

Attention to the problem of file permissions when configured, open anonymous and local, the key is the setting of file permissions, in order to give different users different permissions, you can generate a group, such as Ftpuser, and then give it when the permissions such as 755, The chroot () setting allows local users to limit the directory at logon time, which is important for security, which is local_root the directory at which local users log on, responsible for the corresponding directory under/home.

Listen_address=ip Address
This parameter is valid in VSFTPD using separate (standalone) mode. This parameter defines which IP address on the host listens for FTP requests, that is, which IP address provides the FTP service. You do not need to use this parameter for a host with only one IP address. For multiple-access hosts, this parameter is not set, and all IP addresses are monitored. The default value is None.

Listen_port=port_value
Specifies the port number (control port) that the FTP server listens on, and the default value is 21. This option takes effect in standalone mode.

Port_enable=yes|no
If you want to cancel port mode when data is connected, set this option to No. The default value is yes.

Connetc_from_port_20=yes|no
Controls whether 20 ports (ftp-data) are used for data transfer in port mode. Yes use, no no use. The default value is no, but this parameter is set to Yes in the vsftpd.conf file with RHL.

Ftp_data_port=port number
Sets the FTP data transfer port (ftp-data) value. The default value is 20. This parameter is used for port FTP mode.

Port_promiscuous=yes|no
The default value is No. When yes, cancels the port security check. This check ensures that outgoing data is only connected to the client. Be careful to open this option.

Pasv_enable=yes|no
YES, PASV mode is allowed when transferring data. No, you are not allowed to use PASV mode. The default value is yes.

Pasv_min_port=port number
Pasv_max_port=port number
Set in PASV mode, the lower and upper bounds of the port range can be used to establish the data transmission, and 0 indicates arbitrary. The default value is 0. Setting the port range in a relatively high range, such as 50000-60000, will help improve security.

Pasv_promiscuous=yes|no
When this option is activated, the security check for PASV mode is turned off. This check ensures that data connections and control connections are from the same IP address. Be careful to open this option. The only reasonable use of this option is in an organization composed of a secure tunneling scheme. The default value is No.

pasv_address=
This option is a numeric IP address, as a response to the PASV command. The default value is None, that is, the address is obtained from the incoming connection socket (incoming CONNECTD socket).


5.2.2 Load Control

Max_clients=numerical value
This parameter is valid in VSFTPD using separate (standalone) mode. This parameter defines the maximum number of concurrent connections for the FTP server, and when the number of this connection is exceeded, the server rejects the client connection. The default value is 0, which means that the maximum number of connections is unlimited.

Max_per_ip=numerical value
This parameter is valid in VSFTPD using separate (standalone) mode. This parameter defines the maximum number of concurrent connections per IP address. Exceeding this number will reject the connection. The settings for this option will affect multiple process download software such as the Internet. The default value is 0, which means no limit.

Anon_max_rate=value
Set the maximum data transfer speed of the anonymous user value, in BYTES/S as the unit. Default None.

Local_max_rate=value
Set the maximum data transfer speed value of the user to bytes/s as the unit. Default None. This option is in effect for all users. Alternatively, you can use this option in the user's personal profile to specify the maximum data transfer rate that a particular user can obtain.
The steps are as follows:
① Specifies the directory where the user's personal profile is located in vsftpd.conf, such as:
User_config_dir=/etc/vsftpd/userconf
② generates the/etc/vsftpd/userconf directory.
③ user profile is a file in this directory that has the same name as a specific user, such as:
/etc/vsftpd/userconf/xiaowang
④ sets Local_max_rate parameters in the user's personal profile, such as:
local_max_rate=80000
The above steps set the maximum data transfer speed of the FTP user Xiaowang to 80KBYTES/S.

The range of VSFTPD for speed control is about 80% to 120%. For example, we limit the maximum speed to 100kbytes/s, but the actual speed may be between 80kbytes/s and 120KBYTES/S. Of course, if the line bandwidth is insufficient, the rate will naturally be lower than this limit.

5.3 User options

VSFTPD users are grouped into three categories: anonymous, local, and virtual (guest).

5.3.1, anonymous user

Anonymous_enable=yes|no
Controls whether anonymous users are allowed to log on, yes, no, no, the default is yes.

Ftp_username=
The system user name used by the anonymous user. By default, this parameter does not appear in the configuration file, and the value is FTP.

No_anon_password=yes|no
Controls whether anonymous users need a password to log in, yes, no, no required. The default value is No.

Deny_email_enable=yes|no
The default value for this parameter is no. When the value is yes, the anonymous user who is denied logon by using the Banned_email_file parameter to specify the e-mail address listed in the file. That is, when anonymous users log on using the e-mail listed in the Banned_email_file file, they are denied. Obviously, this is valid for blocking certain Dos attacks. When this parameter is in effect, you need to append the Banned_email_file parameter

Banned_email_file=/etc/vsftpd.banned_emails
Specifies the file containing the rejected e-mail address, and the default file is/etc/vsftpd.banned_emails.

anon_root=
Sets the root directory of anonymous users, that is, when anonymous users log in, they are located in this directory. This is not the default in the primary configuration file, and the default value is/var/ftp/.

Anon_world_readable_only=yes|no
Controls whether anonymous users are allowed to download only readable documents. YES, only anonymous users are allowed to download the readable files. NO, allows anonymous users to browse the file system of the entire server. The default value is yes.

Anon_upload_enable=yes|no
Controls whether anonymous users are allowed to upload files, yes allow, no not allowed, default is no value, that is no. In addition to this parameter, anonymous users need to be able to upload files, also requires two conditions: first, the write_enable parameter is yes; second, on the file system, FTP anonymous users have write access to a directory.

Anon_mkdir_write_enable=yes|no
Controls whether anonymous users are allowed to create new directories, yes allows, no not allowed, default is no value, that is no. Of course on the file system, FTP anonymous users must have write access to the upper directory of the new directory.

Anon_other_write_enable=yes|no
Controls whether anonymous users have permissions other than uploading and creating a new directory, such as deleting, renaming, and so on. Yes owns, no does not, the default value is No.

Chown_uploads=yes|no
Whether to modify the ownership of files uploaded by anonymous users. YES, the ownership of the file uploaded by the anonymous user is changed to a different user, and the user is specified by the Chown_username parameter. The default value for this option is no.

Chown_username=whoever
Specifies the user who has ownership of the uploaded file by an anonymous user. This parameter is associated with Chown_uploads. It is not recommended to use the root user.

5.3.2, Local Users

Among users who use the FTP service, in addition to anonymous users, there is a class of users who have an account on the host of the FTP server. VSFTPD that this type of user is a local user, equivalent to real users in other FTP servers
Local_enable=yes|no
Controls whether users of the system on which VSFTPD resides can log on to VSFTPD. The default value is yes.

local_root=
Defines the root directory for all local users. When local users log in, they are replaced in this directory. The default value is None.

User_config_dir=
Defines the directory where the user's personal profile resides. The user's personal profile is a file with the same name under that directory. The personal profile is in the same format as the vsftpd.conf format. For example, to define user_config_dir=/etc/vsftpd/userconf and have user Xiaowang,lisi on the host, we can add two files named Xiaowang, Lisi in the User_config_dir directory. When the user Lisi log in, VSFTPD reads the set value in User_config_dir under Lisi and applies to the user Lisi. The default value is None.

5.3.3, Virtual user

Guest_enable=yes|no
If you start this feature, all non-anonymous login is considered guest. The default value is off.

Guest_username=
Defines the user name of the VSFTPD Guest user in the system. The default value is FTP.

5.4. Safety measures

5.4.1, User Login control

Pam_service_name=vsftpd
Indicates the PAM profile name used by VSFTPD for PAM authentication, the default is VSFTPD, and the default Pam profile is/etc/pam.d/vsftpd.

/etc/vsftpd.ftpusers
VSFTPD prevents users in this file from logging on to the FTP server. This mechanism is set by default in/ETC/PAM.D/VSFTPD.

Userlist_enable=yes|no
When this option is activated, VSFTPD will read the list of users in the file specified by the Userlist_file parameter. When a user in the list logs on to the FTP server, the user is disabled before prompting for a password. That is, the user name input, vsftpd to find the user name in the list, VSFTPD directly prohibit the user, will not be asked password and other follow-up steps. The default value is NO.

Userlist_file=/etc/vsftpd.user_list
Indicates the file that contains the list of users that was read after the userlist_enable option is in effect. The default value is/etc/vsftpd.user_list.

Userlist_deny=yes|no
Decide whether to disable or allow only users in the file specified by Userlist_file to log on to the FTP server. This option does not take effect until the userlist_enable option is started. YES, default, prevents users in the file from logging in, and does not send a prompt to enter a password for those users. NO, only users in the file are allowed to log on to the FTP server.

Tcp_wrappers=yes|no
The Tcp_wrappers remote access control mechanism is used in vsftpd, and the default value is yes.

5.4.2, Directory Access control

Chroot_list_enable=yes|no
Lock some users in their own directory. That is, when these users log on, they are not allowed to go to other directories on the system, only under their own directories (and their subdirectories). The specific user is listed in the file specified by the Chroot_list_file parameter. The default value is No.

Chroot_list_file=/etc/vsftpd/chroot_list
Lists files that indicate which users are locked in their own directory. The file format is a one-line user. Usually the file is/etc/vsftpd/chroot_list. This option is not set by default.

Chroot_local_users=yes|no
Lock local Users in their own directory. When this item is activated, the role of the chroot_list_enable and Chroot_local_users parameters will change, and the user in the specified file chroot_list_file will not be locked in the home directory. When this parameter is activated, it may bring security conflicts, especially when the user has permission to upload, shell access, and so on. Therefore, you can open this parameter only if you do know it. The default value is No.

Passwd_chroot_enable
When this option is activated, in conjunction with the Chroot_local_user option, the location of the chroot () container can be specified on a per-user basis. The container for each user originates from the Home directory field of each user in the/etc/passwd. The default value is No.

5.4.3, Document Good control

Hide_ids=yes|no
Whether to hide the owner and group information for the file. YES, the owner and group information for all files in the directory list appears as FTP when the user uses instructions such as "Ls-al". The default value is No.

Ls_recurse_enable=yes|no
Yes, allow the "ls-r" instruction to be used. This option has a small security risk because using "ls-r" in the root directory of a large FTP site consumes a large amount of system resources. The default value is No.

Write_enable=yes|no
Controls whether to allow the use of any FTP-enabled commands that modify the file system, such as Stor, DELE, RNFR, Rnto, MKD, RMD, AppE, and site. The default value is no, but this option is turned on in a simple configuration file that is brought in.

Secure_chroot_dir=
This option points to an empty directory and the FTP user does not have write permissions to this directory. When VSFTPD does not need access to the file system, this directory will be used as a secure container, and the user will be restricted to this directory. The default directory is/usr/share/empty.

5.4.4, new file permission settings

anon_umask=
The umask value of the new file added by the anonymous user. The default value is 077.

File_open_mode=
The right to upload files is the same as the value used by chmod. If you want the uploaded file to execute, set this value to 0777. The default value is 0666.

local_umask=
Umask value when a local user adds a file. The default value is 077. However, most of the other FTP servers are using 022. If your users want to, you can change to 022. This is set to 022 in your own configuration file.

5.5. Prompt information

Ftpd_banner=login Banner String
This parameter defines the login banner string (the login welcome string). Users can modify their own. The preset value is none. When Ftpd_banner is set, the original welcome word for the system is replaced.

Banner_file=/directory/vsftpd_banner_file
This item specifies a text file that, when the user is logged in, displays the contents of the file, usually a welcome speech or description. The default value is None. Compared with Ftpd_banner, Banner_file is the form of a text file, and Ftpd_banner is a string format. The Banner_file option replaces the Ftpd_banner option.

dirmessage_enable=yes| MO
Controls whether the directory hint information feature is enabled. Yes is enabled, no is not enabled, and the default value is yes. When this feature is enabled, when a user enters a directory, it checks to see if there is a document specified by the Message_file option in the directory, and if so, the contents of the document will appear, usually with a welcome speech or a description of the directory.

message_file=
This option only takes effect on the dirmessage_enable option activation side. The default value is. message.

5.6, good Log settings

Xferlog_enable=yes|no
Controls whether a good log file is enabled for detailed recording of uploads and downloads. The good log file is specified by the Xferlog_file option. The default value is no, but this option is activated in a simple configuration file.

xferlog_file=
This option sets the file name of the record to transmit the good log. The default value is/var/log/vsftpd.log.

Xferlog_std_format=yes|no
Control whether the log file uses Xferlog standard format, like WU-FTPD. Using the Xferlog format, you can reuse the transport statistics generator that already exists. However, the default good log format is more readable. The default value is no, but this option is activated in the configuration file that you brought.

Log_ftp_protocol=yes|no
When this option is active, all FTP requests and responses are logged to the good log. When this option is provided, Xferlog_std_format cannot be activated. This option is useful for debugging. The default value is No.

5.7, other settings

Setproctitle_enable=yes|no
YES,VSFTPD will display the status of each session in the system process list. In other words, the process report will show what each VSFTPD session is doing (hang, download, etc.), such as using Ps-ef|grep FTP. For security purposes, consider shutting down this option. NO, the process report shows only one VSFTPD process running. The default value is No.

text_userdb_names=yes| No
The user and Group information field of the directory list, by default, is the UID of the owner, not the name of the owner of the file, when users log in and use instructions such as Ls-al. If you want the owner's name to appear, turn this feature on. The default value is No.

User_localtime=yes|no
The default is No. YES,VSFTPD the time of your local time zone when displaying the list of directories. The default is to display GMT time. Similarly, the time value returned by the FTP command "MDTM" is also affected by this option.

Check_shell=yes|no
This option is only effective for vsftpd that do not use the Pam method. When this option is turned off, VSFTPD does not check the/etc/shells file for a valid user shell when the local user logs on. The default is yes.

Nopriv_user=
Specify a user who will use this user identity when VSFTPD does not want any permissions. This user is best to be a dedicated user, not a user nobody. On most machines, nobody users are used in a number of important things. The default value is nobody.

Pam_service_name=
Indicates the PAM profile name when VSFTPD uses PAM to authenticate the service. The default value is FTP.
6, VSFTPD Application

This part introduces the concrete application method of VSFTPD.

6.1. Allow anonymous users to upload files
Modify or add the following options in the vsftpd.conf file:
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes

Then create a directory for anonymous users to upload files and set permissions:
# mkdir/var/ftp/incoming
# chmod O+w/var/ftp/incoming
Because anonymous users (FTP) upload files, you need to do a good job on the incoming directory, and incoming as root, anonymous users (FTP) for incoming is another user, so to join other users (o) Write permission.

6.2, limit users in their own directory

In the default configuration, local users can switch to directories outside their home directory for browsing and uploading and downloading within their purview, which is no doubt a security factor.
We can set up chroot to allow local users to log on only to their own directories and not to access other directories. There are three related options: Chroot_local_user, Chroot_list_enable, Chroot_list_file. There are two ways to limit the user's own directory:
1, limit all local users in their own directory
Chroot_local_user=yes
This approach can lead to some security conflicts. See the previous Chroot_local_user option description.
2. Restrict some local users in their own directory
Chroot_local_user=no
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd.chroot_list
Add the local user name to be restricted in the/etc/vsftpd.chroot_list file. Note A user name line.

6.3, configure the High security level of anonymous FTP server

VSFTPD's own simple configuration file has claimed to be paranoid, and here to see if it can be more paranoid. Some options have been set by default with security, and are no longer written here.

#只允许匿名访问, do not allow local user access
Anonymous_enable=yes
Local_enable=no

#使用ftpd_banner取代VSFTPD默认的欢迎词 to avoid leaking information
Ftpd_banner=welcome to this FTP Server
#只让匿名用户浏览可阅读的文件, you cannot browse the entire system
Anon_world_readable_only=yes
#隐藏文件的所有者和组信息, the owner and group of files that are seen by anonymous users are all converted to FTP
Hide_ids=yes

#取消写权限
Write_enable=no
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Anon_other_write_enable=no

#使用单独模式 and specify the IP address to listen on
Listen_address=ip Address
#对连接进行控制, there is time for overtime, and that is according to the specific situation.
Connect_from_port_20=yes
pasv_min_port=50000
pasv_max_port=60000
#控制并发数, limit the number of concurrent per IP address, this, according to the user's own set.
Max_clients=numerical value
Max_per_ip=numerical value
#限定下载速度, the specific limit of how big, by the user set themselves, 80kb/s, also very soon.
anon_max_rate=80000

#启用详细的好志记录格式
Xferlog_enable=yes

6.4. Virtual FTP server based on IP address

Assume that the server has two IP addresses, 192.168.0.1 and 192.168.0.2. VSFTPD is built on the 192.168.0.1, and now we provide a virtual FTP server on 192.168.0.2. How to use multiple IP addresses on a single server, refer to the documentation.

1, create a virtual FTP server root directory.
Mkdir-p/var/ftp2/pub
Ensure that both the owner and group of the/VAR/FTP2 and/var/ftp2/pub directories are root and the mask is 755.

2, increase the virtual FTP server anonymous user account. The original FTP server uses the system user FTP as its anonymous user account. We want to add a FTP2 for the virtual FTP server.
useradd-d/var/ftp2-m FTP2

3, create a virtual FTP server configuration file. Copy the original vsftpd.conf as the configuration file for the virtual FTP server and modify the relevant parameters.
Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd2.conf
Add or modify the following parameters:
Listen=yes
listen_address=192.168.0.2
Ftp_username=ftp2

Note: Because the VSFTPD default is to listen to all the IP address, when we set the IP based virtual FTP server, in order to prevent the original FTP server and virtual FTP server on the monitoring of the conflict, the original FTP server needs to specify the IP address of the listener. Here, the original configuration file will be set listen_address=192.168.0.1.

4, start the virtual FTP server.

At startup, the/etc/rc.d/init.d/vsftpd script scans all *.conf files in the/etc/vsftpd/directory and, in the *.conf file sequence, turns on the VSFTPD process, which corresponds to a. conf file for each VSFTPD process. That is, the order of the "ls/etc/vsftpd/" list is the same as in the Ps-aux |grep vsftpd. Of course, "Ps-aux | grep VSFTPD also shows the configuration file that VSFTPD uses to see which VSFTPD process corresponds to which FTP server. If the configuration file is not listed, that is the default vsftpd.conf, then the process is the original FTP server process.
Because the configuration file for the virtual FTP server in step 3rd is named vsftpd2.conf file, we can use the/ETC/RC.D/INIT.D/VSFTPD script to start or close the original FTP server and the new virtual FTP server at the same time.
The following command launches the virtual FTP server individually:
/usr/sbin/vsftpd/etc/vsftpd/vsftpd2.conf &
Shut down the virtual FTP server individually, with "Ps-aux | grep VSFTPD "detects the process number, and then kills the virtual FTP process with the KILL command."

6.4. Virtual FTP server based on IP address
Assume that the server has two IP addresses, 192.168.0.1 and 192.168.0.2. VSFTPD was built on the 192.168.0.1, and now I
They provide a virtual FTP server on the 192.168.0.2. How to use multiple IP addresses on a single server, refer to related documentation

1, create a virtual FTP server root directory.
Mkdir-p/var/ftp2/pub
Ensure that both the owner and group of the/VAR/FTP2 and/var/ftp2/pub directories are root and the mask is 755.
2, increase the virtual FTP server anonymous user account. The original FTP server uses the system user FTP as its anonymous user account. I
We want to add a FTP2 for the virtual FTP server.
useradd-d/var/ftp2-m FTP2
3, create a virtual FTP server configuration file. Copy the original vsftpd.conf as the configuration file for the virtual FTP server and modify
Related parameters.
Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd2.conf
Add or modify the following parameters:
Listen=yes
listen_address=192.168.0.2
Ftp_username=ftp2
Note: Since VSFTPD is listening to all IP addresses by default, when we set up a virtual FTP server based on IP, to prevent the original FTP
The server and the virtual FTP server on the monitor conflict, the original FTP server needs to specify the IP address of the listener. Here, the original configuration text
Set the listen_address=192.168.0.1 in the piece.
4, start the virtual FTP server.
The/etc/rc.d/init.d/vsftpd script scans all *.conf files in the/etc/vsftpd/directory at startup, according to *.conf
File successively, in turn enable the VSFTPD process, each VSFTPD process corresponds to a. conf file. That is, the "ls/etc/vsftpd/" list
In the same order as in "Ps-aux |grep vsftpd". Of course, "Ps-aux | The grep vsftpd also shows
VSFTPD the configuration file used, from which you can also see which VSFTPD process corresponds to which FTP server. If the configuration file is not listed,
That is the default vsftpd.conf, then the process is the original FTP server process.
Because the configuration file for the virtual FTP server in step 3rd is named vsftpd2.conf file, we can
Start or close the original FTP server and the newly added virtual FTP server at the same time with the/etc/rc.d/init.d/vsftpd script.
The following command launches the virtual FTP server individually:
/usr/sbin/vsftpd/etc/vsftpd/vsftpd2.conf &
Shut down the virtual FTP server individually, with "Ps-aux | grep vsftpd "detect process number, then kill virtual FTP with kill command
Process.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.