Use VSFTP to set up FTP sites in Linux

Article Title: Use VSFTP to set up FTP sites in Linux. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems, open source, and other basic categories 1. Declaration

• Copyright (c) 2006-2007 belongs to etony C. F..

  Reprinted from http://www.debsir.org /.

2. FTP principles

The abbreviation of FTP Transfer Protocol is described in RFC 959.

An FTP session contains two channels: a control channel and a data channel.

Control CHannel: the control channel is used to communicate with the FTP server. The control channel is used to connect to FTP and send FTP commands.

Data Channel: data channel is a channel for file transfer or list with the FTP server.

In the FTP protocol, the control connection is initiated by a client, and the data connection works in two ways: PORT and PASV.

PORT mode (active mode)

The FTP client first establishes a connection with the tcp port 21 of the FTP Server and sends commands through this channel. When the client needs to receive data, it sends the PORT command through this channel. The PORT command contains the PORT used by the client (a PORT greater than 1024) to receive data. When transmitting data, the server sends data through its TCP port 20. The FTP server must establish a new connection with the client to transmit data.

PASV mode (passive mode)

The PORT mode is similar when a control channel is set up. When the client sends the PASV command through this channel, the FTP server opens a random port between port 1024 and port 5000 and notifies the client to send data requests on this port. Then, the FTP server transfers data through this port, at this time, the FTP server no longer needs to establish a new connection with the client to transfer data.

From the perspective of the C/S model, PORT is OUTBOUND for servers and PASV is INBOUND for servers. Pay special attention to this, especially in enterprises that use firewalls, this is critical. If an error is set, the customer will not be able to connect.

3. VSFTPD

Vsftpd is the name of a server running on a UNIX operating system that can run on Linux, BSD, Solaris, HP-UX, and IRIX. It supports many features that are not supported by other FTP servers. For example:

• Extremely high security requirements
• Bandwidth limit
• Good scalability
• Possibility of creating a virtual user
• IPv6 support
• Performance on the center-to-top
• Possible allocation of virtual IP addresses
• High Speed

The name of vsftpd stands for "very secure FTP daemon". Security is one of the top concerns of Chris Evans, its developer. At the beginning of the FTP server design and development, high security is a goal.

One example is that vsftpd works in chroot mode. In chroot mode, a new directory is specified for the Program (vsftpd is used here, it cannot access programs and files outside the directory-so it is also called "locked ". An FTP server that may be damaged by potential attackers will be isolated from other parts of the system, thus avoiding greater losses.

With so many features, the FTP service security should be the most important, and vsftpd is superior to other FTP servers. WU-FTPD http://www.wu-ftpd.org/can be seen here as a reverse example because it has seen too many security flaws in the past few years.

4. Basic VSFTPD configuration 4.1 Installation

Source code Installation

See http://www.vsftpdrocks.org/source/

Download source code

wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-1.2.1.tar.gz

Extract

tar zxvf vsftpd-1.2.1.tar.gz

Go to the source code directory

cd vsftpd-1.2.1

Compile

make

Create user

If no nobody user exists, create

useradd nobody

Create directory

Vsftpd requires the/usr/share/empty directory. If the directory does not exist, create:

mkdir /usr/share/empty

Install

make install

Copy the configuration file to the/etc directory.

cp vsftpd.conf /etc

Start the vsftpd service independently

/usr/local/sbin/vsftpd &

4.2 Debian Installation

        # aptitude update
        # aptitude install vsftpd( 2.0.5)

5. configuration file description

/Etc/vsftpd. conf

The main configuration file/etc/ftpusers of vsftpd does not allow access to the FTP server. The administrator can record some sensitive accounts that are threatening system security in this file, to avoid threats to the System

        # /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

        root
        daemon
        bin
        sys
        sync
        games
        man
        lp
        mail
        news
        uucp
        nobody

/Etc/vsftpd. user_list

This file is related to the userlist_file option. You can also use the userlist_file option to specify other files. The default value is/etc/vsftpd. user_list, which takes effect only when userlist_enable = YES. By default, userlist_deny = YES specifies the list of users that cannot access the server, for example, userlist_deny = NO, the FTP server only allows access from users in this list.

/Etc/init. d/vsftpd

Vsftpd Startup Script

/Var/log/vsftpd. log

Vsftpd Log File

[1] [2] [3] Next page