Demand:
1. Network card eth0 IP address for 173.17.17.1/24, in this address to build can anonymously upload FTP services, prohibit downloading, prohibit system users access
2. Network card eth1 IP address for 192.168.4.1/24, in this address to build system users access to the FTP service, the user is imprisoned in their respective host directory, prohibit anonymous users access
The point is simple:
When the VSFTPD service is started, multiple "*.conf" profiles located in the/etc/vsftpd/configuration directory are automatically read, for example, two files can be created vsftpd1.conf, vsftpd2.conf, which contains different configuration content
The key configuration for file vsftpd1.conf is as follows:
listen_address=173.17.17.1
Listen=yes
Anonymous_enable=yes
Local_enable=no
Write_enable=yes
anon_umask=022
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Download_enable=no
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_std_format=yes
Pam_service_name=vsftpd
Userlist_enable=yes
Tcp_wrappers=yes
The key configuration for file vsftpd2.conf is as follows
listen_address=192.168.4.1
Listen=yes
Anonymous_enable=no
Local_enable=yes
Chroot_local_user=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_std_format=yes
Pam_service_name=vsftpd
Userlist_enable=yes
Tcp_wrappers=yes