VSFTP Installation and Configuration 222

First, installation

# Install vsftpdyum-y installvsftpd# start service vsftpdstart# boot up chkconfig Vsftpdon

Second, the configuration file

anonymous_enable=nolocal_enable=yeswrite_enable=yeslocal_umask=022dirmessage_enable=yesxferlog_enable= Yesconnect_from_port_20=yesxferlog_file=/var/log/vsftpd.logxferlog_std_format=yeslisten=yespam_service_name= vsftpduserlist_enable=yesuserlist_deny=yesuserlist_file=/etc/vsftpd/user_listuse_localtime=yestcp_wrappers= yeslocal_root=/ftpchroot_list_enable=yeschroot_list_file=/etc/vsftpd/chroot_list****************************** Split line *****************************************anonymous_enable=no# prohibit anonymous user anonymous login, default is Yeslocal_enable=yes #允许本地用户登录write_enable =yes# Let the logged in user have Write permission (upload, delete) local_umask=022# default Umask file's permission Mask dirmessage_enable=yes# Open Directory banner, The default is yesxferlog_enable=yes# to open the log, by default, yesconnect_from_port_20=yes# specifies that FTP uses port 20 for data transfer, the default is yes. xferlog_file=/var/log/vsftpd.log# set the log file name and path, and the default value is/var/log/vsftpd.log. xferlog_std_format=yes# if enabled, the log file will be written in Xferlog's standard format listen=yes# set VSFTPD whether the server is running in standalone mode. #若设置为NO, the VSFTPD is not run as a standalone service, and is subject to xinetd service control and limited functionality. #pam_service_name =vsftpd#pam Authentication file name. Pam will be certified according to/ETC/PAM.D/VSFTPD Userlist_enable=yes  #是否借助  vsftpd  's resistance mechanism to deal with some unwelcome accounts, with the following parameters set about userlist_deny=yes# when  userlist_enable =yes  when the setting value is  YES , when the user account is included in the corresponding file,  #在该文件内的使用者将无法登入  vsftpd  server! The file name is related to the following settings (Userlist_file=/etc/vsftpd/user_list). #若设置为YES, the user in the/etc/vsftpd/user_list file does not allow access to FTP, and if set to No, only users in the/etc/vsftpd/user_list file can access FTP. Users in the #/etc/vsftpd/ftpusers file will be prevented from logging in to the FTP server, with priority higher than user_list# detailed reference #http://yuanbin.blog.51cto.com/363003/108262/#http ://blog.chinaunix.net/uid-26495963-id-3538970.html userlist_file=/etc/vsftpd/user_list# controls user access to FTP files, It says the user name, a user name row use_localtime=yes# whether to use the local time,vsftpd  preset use  GMT  time (Greenwich), so the preset  ftp# date will be more than the Chinese late  8  hours, recommended modification is set to  yes tcp_wrappers=yes# if enabled, the VSFTPD server checks/etc/hosts.allow  and/etc/ hosts.deny  #中的设置 to determine whether the host requesting the connection is allowed access to the FTP server local_root=/ftp# lock FTP access directory (not by default) chroot_list_enable=yes# set to Yes, That makes the list of users in the Chroot_list file valid. Sets whether the user list file specified by the Chroot_list_file configuration item is enabled. The default value is No. chroot_list_file=/etc/vsftpd/chroot_list# need to manually establish CHRA oot_list file that specifies the user list file that controls which users can switch to the parent directory of the user's home directory. 

Third, create the user

1. Have read and Write permissions #mkdir /ftp#useradd -s /sbin/nologin -d /ftp -m admin# passwd  adminchanging password for user admin. new unix password: bad password: it is too shortretype new  unix password: passwd: all authentication tokens updated successfully.# CHOWN ADMIN:ADMIN /FTP#CHMOD 755 /FTP2. Have Read permission only #mkdir -p /ftp/test#useradd -s  /sbin/nologin -d /ftp/test -m test# passwd testchanging password  for user test. new unix password: bad password: it is too shortretype new  unix password: passwd: all authentication tokens updated successfully.# Chown test:admin /ftp/test#chmod 575 /ftp/test3. Restrict users from accessing only the directories specified and cannot access other paths enabled chroot_list_enable =yes,chroot_local_user=no,chroot_list_file=/etc/vsftpd/chroot_list. Users that are listed in the/etc/vsftpd.chroot_list file cannot switch to a different directory, and users who are not listed in the file can switch to a different directory. Create and edit the/etc/vsftpd/chroot_list file, add the restricted user, and each user name line Vim /etc/vsftpd/chroot_list add as follows: test /ftp/ Test that the test user cannot switch to a different directory, and the Admin user who is not added to the Chroot_list file can switch. There are four scenarios: ① when Chroot_list_enable=yes,chroot_local_user=yes, users listed in the/etc/vsftpd.chroot_list file can switch to a different directory , users who are not listed in the file cannot switch to a different directory. ② when Chroot_list_enable=yes,chroot_local_user=no (the default), users listed in the/etc/vsftpd.chroot_list file cannot switch to a different directory, and users who are not listed in the file You can switch to a different directory. ③ when Chroot_list_enable=no,chroot_local_user=yes, all users cannot switch to a different directory. ④ when Chroot_list_enable=no,chroot_local_user=no, all users can switch to a different directory. Chroot_local_user=yes/no (NO) Specifies whether users in the user list file are allowed to switch to the parent directory. The default value is No.

Iv. Testing

1. List directories with Admin user

# curl ftp://10.10.60.197 -u admin:admin -s-rw-r--r--    1  503      504              0 Nov 12 01:53 123dr-xrwxr-x    2 501       504          4096 nov 12  02:04 ctripdr-xrwxr-x    2 502      504           4096 Nov 12 02:05 test#  Curl ftp://10.10.60.197/test/ -u admin:admin -s -rw-r--r--    1  503      504              0 Nov 12 02:05 123-rw-r--r--    1 0          0               0 nov  12 01:22 test.file

2. Test upload and download

Client uploads [[email protected] ~]# echo  "123"  > 123[[email protected] ~]#   Use the admin account to upload to the test ftp directory [[email protected] ~]# curl ftp://10.10.60.197/test/  -u admin:admin -t 123  % total    % received  % Xferd  Average Speed   Time    Time      Time  Current                                   Dload  Upload   Total   Spent     Left  Speed100     4    0      0  100     4      0      10 --:--:-- --:--:-- --:--:--    11 uses the admin account to upload to its FTP directory [[email protected] ~]#  curl ftp://10.10.60.197 -u admin:admin -t 123   % total     % received % xferd  average speed   time     Time     Time  Current                                   Dload  Upload    Total   spent    left  speed100     4     0     0  100     4       0     11 --:--:-- --:--:-- --:--:--     12 server-side view [[email protected] ~]# cd /ftp/[[email protected] ftp]# pwd/ftp[[email  Protected] ftp]# lltotal 12-rw-r--r-- 1 admin admin    4  nov 12 03:33 123dr-xrwxr-x 2 test  admin 4096 nov 12  03:29 test[[email protected] ftp]# [[email protected] ftp]# cat  123123[[email protected] ftp]# [[email protected] ftp]# cat test/123123

VSFTP Installation and Configuration 222