Ubuntu: vsftpd service installation settings

Ubuntu: vsftpd service installation settings-Linux Enterprise Application-Linux server application information. For details, refer to the following section. The first is the most basic configuration. Please check my/etc/vsftpd. conf

# Accepting Anonymous Users

Anonymous_enable = YES

# Do not ask for a password when an anonymous user logs in

No_anon_password = YES

# Accept local users

Local_enable = YES

# Upload allowed (global control ). if you want anonymous users to upload files, set anon_upload_enable = YES. If you want anonymous users to create directories, set anon_mkdir_write_enable = YES. upload by anonymous users is prohibited, so these two items are not set.

Write_enable = YES

# Umask for local user to upload files

Local_umask = 022

# Use upload/download logs. The default log file is/var/log/vsftpd. log, which can be modified using the xferlog_file option.

Xferlog_enable = YES

# Use standard xferlog format for logs

Xferlog_std_format = YES

# Welcome information for login

Ftpd_banner = Welcome to KingArthur's FTP service.

# If this parameter is set, the above ftpd_banner setting will be overwritten, And the content in/etc/vsftpd/banner will be displayed in login.

Banner_file =/etc/vsftpd/banner

# If YES, the text file (. message by default) specified by message_file in this directory is displayed when you enter the directory.

Dirmessage_enable = YES

# The directory where the local user login is located. If this item is not set, the local user login will be in his home directory (the sixth field of/etc/passwd. the option for anonymous users is anon_root.

Local_root =/var/ftp

# If YES, the following controls are valid:

Chroot_list_enable = YES

# If NO, the file specified by the chroot_list_file option is recorded (/etc/vsftpd by default. the user in chroot_list will be in the directory where the chroot is logged on and cannot leave. if YES, the logged user will not be chroot. select YES here.

Chroot_local_user = YES

# If it is set to YES, the login cannot be logged in the user specified file (default:/etc/vsftpd. user_list) recorded in the userlist_file option, and the following userlist_deny options will be checked.

Userlist_enable = YES

# If NO, only login requests of users recorded in the file specified by userlist_file (/etc/vsftpd. user_list by default) are accepted. If YES, requests of these users are not accepted.

Userlist_deny = NO

# Note !!! Vsftpd also checks the/etc/vsftpd. ftpusers file. Users recorded in this file will not be able to log in !!

# The server runs in standalong mode, so that the following control can be performed

Listen = YES

# Transfer ratio of anonymous users (B/s)

Anon_max_rate = 51200

# Local user transmission rate (B/s)

Local_max_rate = 512000

# Maximum number of acceptable clients

Max_clients = 100

# Maximum number of clients for each ip Address

Max_per_ip = 5

Connect_from_port_20 = YES

Tcp_wrappers = YES

Pam_service_name = vsftpd

Below is my/etc/vsftpd. user_list

Ftpuser

Anonymous

/Etc/vsftpd. ftpusers can use the built-in/etc/vsftpd file. if the content of chroot_list is empty, set up the System user ftpuser, add it to the ftp group, and change the last field of his records in/etc/passwd to/sbin/nologin (local login prohibited ). set the/var/ftp owner and all groups to root, and set the permission to 755. Set the/var/ftp/pub owner to root, set all groups to ftp, and set the permission to 775.

Now the basic configuration of vsftpd is complete. here, we accept requests from anonymous users anonymous and local users ftpuser. anonymous can only download and ftpuser can download and upload. after they log on, they are all under the/var/ftp directory and cannot leave the directory (chroot ). ftpuser can create directories and upload files in the/var/ftp/pub directory. the permission to upload files is 755 (local_umask = 022 is set ). the transfer rate of anonymous users is 50kb/s, and that of ftpuser is 500kb/s. the maximum number of customers that can be connected is 100, and the maximum number of customers that can be connected per ip address is 5. to enable the local user ftpput to support login, add it to/etc/vsftpd. user_list: to allow him to upload, add him to the ftp group. then we can create a directory under/var/ftp (including/var/ftp. message file, so that vsftpd will be displayed when the user enters this directory. message content. You can write the welcome information or precautions here. in addition, you can edit/etc/vsftpd/banner to set up the welcome information for login to make ftp more personalized.

Next we use quota to add the ftpuser to the disk quota to prevent malicious users from filling your hard disk with junk data. assume that/var/ftp is in the root partition/(/dev/hda5), change the 4th fields of the records in the root partition in/etc/fstab to ults and usrquota, this record looks like this:

LABEL = // ext3 defaults, usrquota 1 1

Restart the system and enter the following command:

Quotacheck-acu # Check the file system with quotas enabled and create a table for each file system for the current Disk

Quotacheck-avu # generate the current disk usage table for each file system with the quota enabled

Edquota ftpuser # Set Disk Quota for user ftpuser

At this time, the system will open the quota file in the default text editor (vi), and the display is similar to this:

Disk quotas for user ftpuser (uid 501 ):

Filesystem blocks soft hard inodes soft hard

/Dev/hda5 0 0 0 0 0 0

The first column is the name of the file system with the quota enabled. The second column shows the number of blocks currently used by the user. The next two columns are used to set the hardware and software block limits of the user on the file system. The inodes column displays the number of I nodes currently used by the user. The last two columns are used to set the limits of the hard and soft I nodes on the file system. The hard limit is the absolute maximum disk space that users or groups can use. After this limit is reached, the disk space cannot be used by users or groups. The maximum disk space that can be used. Unlike Hard Limits, soft limits can be exceeded within a period of time. This period is called grace period ). The transition period can be expressed in seconds, minutes, hours, days, weeks, or months. If any of the above values is set to 0, the limit will not be set. After you modify the value as needed, the disk will be released. to verify whether the user's quota is set, run the following command:

Quota testuser

Then you can use edquota-t to set the grace period, which is similar to another edquota command. This command also opens the current file system quota in the Text Editor:

Grace period before enforcing soft limits for users:

Time units may be: days, hours, minutes, or seconds

Filesystem Block grace period Inode grace period

/Dev/hda5 7 days 7 days

Modify as needed and then save the disk and exit

In this way, we have successfully added the disk quota for the ftpuser, and a complete FTP site has been configured.