Vsftp configuration file details

Source: Internet
Author: User
Tags ftp commands
The Vsftp configuration file has two types of FTP: PORTFTP, which is the common FTP? The other is PASVFTP, which is described as follows: www.2cto. comPORTFTP: this is a common form of FTP. first, a control channel is established. the default value is port21, that is, with port... the Vsftp configuration file has two types of FTP: port ftp, which is the common FTP? The other type is pasv ftp, which is described as follows: www.2cto.com port ftp. this is a common form of FTP. first, a control channel is established. the default value is port 21, that is, it is established online with port 21, the command is issued online. Second, the FTP server will establish a data transmission channel. the default value is 20, that is, it is established online with port 20, and data transmission is performed through port 20. Pasv ftp is similar to port ftp. first, a control channel is established. the default value is port 21, that is, it is established online with port 21 and commands are issued online. Second, the client will make a data transmission request, including the number of the data transmission port. Why is the difference between www.2cto.com and www.2cto.com? The data transmission PORT in port FTP is specified by the FTP server, while the pasv ftp data transmission port is determined by the FTP client. We usually use pasv ftp to determine the data transmission port through communication between the client and the server in a firewall environment. Boolean options allow_anon_ssl if ssl_enable is active and set to yes, anonymous users can use SSL connections. by default, Noanon_mkdir_write_enable is set to yes, anonymous users can create directories under certain conditions (write_enable is active and has write permission in the parent directory). by default, No port ftp is a common form of FTP, and a control channel is first created, the default value is port 21, that is, it is established online with port 21 and commands are issued through this online. Second, the FTP server will establish a data transmission channel. the default value is 20, that is, it is established online with port 20, and data transmission is performed through port 20. Pasv ftp is similar to port ftp. first, a control channel is established. the default value is port 21, that is, it is established online with port 21 and commands are issued online. Second, the client will make a data transmission request, including the number of the data transmission port. What are the differences between the two? The data transmission PORT in port FTP is specified by the FTP server, while the pasv ftp data transmission port is determined by the FTP client. We usually use pasv ftp to determine the data transmission port through communication between the client and the server in a firewall environment. Boolean options allow_anon_ssl if ssl_enable is active and set to yes, anonymous users can use SSL connections. by default, Noanon_mkdir_write_enable is set to yes, anonymous users can create directories under certain conditions (write_enable is active and has write permission in the parent directory). by default, Noanon_other_write_enable can be set to yes, in addition to upload and directory creation permissions, anonymous users also have write permissions, such as deleting or Renaming files. by default, Noanon_upload_enable is set to yes, anonymous users can upload files under certain conditions (write_enable must be active and anonymous users must have write permission). by default, Noanon_world_readable_only can download readable documents if yes is set, default Yesanonymous_enable Whether anonymous users are allowed to log on to ftp. If yes, ftp and anonymous users can log on as anonymous users. by default, if Yesascii_download_enable is enabled, data is downloaded in ASCII mode, if Noascii_upload_enable is enabled by default, data will be uploaded in ASCII mode. if Noasync_abor_enable is enabled by default, a special ftp command will be enabled, similar to 'async' abor', whether to allow the client to use rsync, if Nobackground is enabled by default, vsftp is started in listen Mode. by default, Nocheck_shell only works when PAM is not embedded in vsftp. if not, vsftp does not check the shell of the local user in/etc/shells. by default, if Yeschmod_enable is enabled, the 'site chmod' command is allowed. This command is only valid for local users, invalid for anonymous users. If Yeschown_uploads is enabled by default, all anonymous users ........................ if chroot_list_enable is enabled, you need to provide a local user list to specify who is in chroot (). if chroot_local_user is set to Yes, this list indicates which users are not in chroot, the default list file is/etc/vsftpd. chroot_list, you can also reset it through the chroot_list_file parameter. If Nochroot_local_user is enabled by default, local users use chroot () by default. Noconnect_from_port_20 controls whether to use PORT 20 for data connections in PORT mode. If Nodebug_ssl is enabled by default, openssl connection diagnostics are recorded in vsftp logs. if Nodelete_failed_uploads is enabled by default, all uploaded files will be deleted. by default, Nodeny_email_enable dirlist_enable is disabled, all the column directory commands are forbidden. if Yesdirmessage_enable is enabled by default, the files in this directory are displayed when the user first enters a directory. message file content information. you can reset the file settings through message_file. by default, if Nodownload_enable dual_log_enable is enabled, two log files will be generated at the same time, /var/log/xferlog and/var/log/vsftpd. log. The former is a log of the wu-ftpd type, and the latter is a log of the vsftp style. if Noforce_dot_files is enabled by default, use '. 'files and directories starting with 'are listed. even if the mark (ls-a) is not used, the hidden files are displayed. by default, Noforce_anon_data_ssl is valid only when ssl_enable is active, if yes, all anonymous users are forced to use ssl to send and receive data. by default, Noforce_anon_logins_ssl is valid only when ssl_enable is active. If yes, all anonymous users are forced to use ssl to send passwords. by default, Noforce_local_data_ssl is valid only when ssl_enable is active. If yes, all non-anonymous users are forced to use ssl to send and receive data. by default, Yesforce_local_logins_ssl is valid only when ssl_enable is active. If yes, all non-anonymous users are forced to use ssl to send passwords. if Yesguest_enable is enabled by default, all non-anonymous users log on with 'guest, it is mapped to the user in the specified file guest_username. if Nohide_ids is enabled by default, all user and group information is displayed in the directory as ftp. if Noimplicit_ssl listen is enabled by default, vsftp runs in standalone mode. by default, Nolisten_ipv6 is similar to listen, but IPv6 socket is used instead of IPv4, and the listen parameter is mutually exclusive. by default, Nolocal_enable controls whether to allow local logon. If enabled, users in/etc/passwd can log on. by default, if Nolock_upload_files is enabled, all Upload processes will have a write lock when uploading files, all download processes share the read lock when downloading files. if Yeslog_ftp_protocol is enabled by default, if the xferlog_std_format parameter is not enabled, all ftp requests and responses will be recorded in the log. if Nols_recurse_enable is enabled by default, you are allowed to use the 'ls-R' command. by default, if Nomdtm_write is enabled, MDTM is allowed to modify the file access time. by default, Yes no_anon_password is enabled to prevent vsftp from querying the anonymous user password, anonymous users log on directly. if Nono_log_lock is enabled by default, vsftp is prevented from obtaining the filelock when writing the log file. Nopasswd_chroot_enable pasv_addr_resolve is the default. if you want to use the hostname in pasv mode, set, nopasv_enable by default. if you want to disable PASV mode, set no. the default value is Yespasv_promiscuous. if you want to disable the security check in PASV mode (it ensures that the data connection and control connection come from the same ip address ), it can be set to yes, and the default value is Noport_enable. if you want to disable the PORT method from getting data connections, you can set it to No, yes port_promiscuous by default. if you want to disable the PORT mode security check (ensure that the outgoing data connection can be connected to the client), you can set it to Yes. if Norequire_cert is set to yes by default, A client certificate is required for ssl connections to all clients. if Nosyslog_enable is enabled by default, all certificates are recorded in/var/log/vsftpd. log logs are recorded in system log. if Notcp_wrappers is enabled by default, vsftp supports tcp_wrappers. if Notext_userdb_names tilde_user_enable use_localtime is enabled by default, vsftp displays your local time in the directory, by default, Nouse_sendfile is a parameter used internally to test the sendfile () system call effect. by default, Yesuserlist_deny checks this option if the userlist_enable option is enabled. if it is set to no, only the user specified in userlist_file is allowed to log on. if Yesuserlist_enable is enabled by default, vsftp loads the user list specified in userlist_file. if the user logs on with the user name in the list, the user is denied, by default, if Novalidate_cert is enabled, all ssl client certificates must be OK verified, while self-signed certificates will not pass authentication. by default, Novirtual_use_local_privs is enabled, virtual users have the same permissions as local users. by default, virtual users and anonymous users have the same permissions. by default, Nowrite_enable allows FTP commands to change the file system. these commands are: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE. if Noxferlog_enable is enabled by default, a log file maintains the upload and download details, the default value is/var/log/vsftpd. log, which can be reset through vsftpd_log_file. if Noxferlog_std_format is enabled by default, logs are transmitted in the standard xferlog format. the default format is/var/log/xferlog, which can be reset through xferlog_file, the default value is No numeric options accept_timeout. when the remote client uses PASV mode, the timeout time for establishing a data connection. the default value is 60sanon_max_rate, and the default value is 0 (unlimited) anon_umask: specifies the umask value of a file created by an anonymous user. the default value is 077chown_upload_mode. the mode value of the file uploaded by an anonymous user. the default value is 0600connect_timeout. when the remote client uses the PORT mode, the response time, the default value is 60sdata_connection_timeout, which indicates a rough time-out period for data transmission. the default value is 300sdelay_failed_login. the default value is 300sdelay_failed_login. the default value is 1, the default PORT is 0666ftp_data_port PORT. the default PORT is 20idle_session_timeout, which is the idle time between two input ftp commands. the default PORT is 300slisten_port. if vsftp works in standalone mode, the PORT listens to the connection, the default value is 21local_max_rate. the default value is 0 (unlimited). local_umask: the local user creates an umask with a file lock. the default value is 077max_clients. if vsftp works in standalone mode, number of users can connect in. the default value is 0 (unlimited). after the number of failed logons in max_login_fails, kill the connection. the default value is 3max_per_ip. if vsftp works in standalone mode, the maximum number of connections allowed from the same ip source address. the default value is 0 (unlimited). pasv_max_port can be allocated to the maximum port number of the data connection in PASV mode. the default value is 0 (any port can be used) in PASV mode, pasv_min_port can be assigned to the minimum port number of the data connection. the default value is 0 (any port can be used). trans_chunk_size generally does not change the value of this parameter, but you can set it to 8192, the default value is 0 string options anon_root. after an anonymous user successfully logs on to the directory, the system jumps to the directory. the default value is nonebanned_email_file. Which of the following anonymous email passwords does not allow logon? if deny_email_enable is enabled, this parameter is checked. the default value is/etc/vsftpd. banned_emailsbanner_file: The information displayed after a user logs on. If this file is set, the name of the CA file loaded by noneca_certs_file will be overwritten, by default, nonechown_username is the owner of the file uploaded by anonymous users. it is valid only when chown_uploads is set. by default, root chroot_list_file contains local users who use chroot (), it takes effect only when chroot_list_enable is enabled. if chroot_local_user is enabled, the list file becomes the user who does not use chroot (). The default value is/etc/vsftpd. chroot_listcmds_allowed this option uses commas to separate a list of ftp commands that can be executed (for example, in POST mode, cmds_allowed = USER, PASS, QUIT ), nonecmds_denied by default. this option is separated by commas (,) into a list of ftp commands that cannot be executed. by default, nonedeny_file sets a file name mode, and the matched files are not allowed to be accessed. for example, deny_file = {*. mp3 ,*. mov ,. private}. by default, the location of the DSA file used in the nonedsa_cert_file ssl encrypted connection is the default location of the nonedsa_private_key_file DSA private key. by default, noneftp_username uses this account to process anonymous logins, by default, ftpftpd_banner can use this option to replace the default welcome statement displayed during the first login. by default, noneguest_username maps a real user to the guest user. the default value is ftphide_file listen_address, you can use this option to replace the default listening address. the default nonelisten_address6 is the same as listen_address. after the 6local_root user logs on, vsftp jumps to the directory. the default value is nonemessage_file, this option sets the default Information File, default. messagenopriv_user has no privilege. by default, nobodypam_service_name is the name of the PAM service used by vsftp. by default, vsftpdsecure_chroot_dir sets an empty directory name, which cannot be written by ftp users, this directory acts as a secure chroot () environment, vsftp does not require the file system to access it ssl_ciphers ssl encryption algorithm, the default DES-CBC3-SHAuser_config_dir allows you to override any option in the configuration file, it is based on the configuration of each user. if you set user_config_dir to/etc/vsftpd_user_conf, when you log on with the user chris, vsftp applies to load the/etc/vsftpd_user_conf/chris file during this session period. not all parameters take effect in the personal configuration file. by default, noneuser_sub_token www.2cto.com is used to connect to the virtual account, it automatically generates a home directory for each virtual account. for example, set guest_username to/home/virtual/$ USER and user_sub_token to $ USER. when a fred virtual account logs on, the home directory of fred is/home/virtual/fred. the default value is noneuserlist_file. when userlist_enable is enabled, files set for this parameter will be loaded. the default value is/etc/vsftpd. user_listvsftpd_log_file when xferlog_enable is set and xferlog_std_format is not set, specify the file to which vsftp-style logs are written. if syslog_enable is set, the logs are written to the system log file, default value:/var/log/vsftpd. logxferlog_file when xferlog_enable and xferlog_std_format are set, which file is written by the wu-ftpd-style transfer log, default/var/log/xferlog

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.