VSFTP Server Setup

The difference between active mode and passive mode of 1.FTP:

The biggest difference is that the data port is not always 20,

Pros and cons of active mode and passive mode:

Active FTP is advantageous to the management and security of FTP server, but it is disadvantageous to the management of the client. Because the FTP server attempts to establish a connection to the client's high-level random port, the port is likely to be blocked by the client's firewall. Passive FTP is advantageous to the management of FTP client, but it is disadvantageous to server side management. Because the client is going to establish two connections to the server, one of them is connected to a high-level random port, and the port is likely to be blocked by the server-side firewall.

2. Primary FTP server:

Vsftpd,pureftpd,serv-u,

3. Common commands:

Ftpwho: View connections to server-side users.

Ftpcount; View the number of users connected to the server.

4.FTP configuration file/etc/vsftp/vsftp.cpnfig Detailed:

Anonymous user settings:

Write_enable=yes//Whether write permission is turned on for the logged on user. is a global setting. Default No

Local_enable=yes//Whether Local users are allowed to log on to the FTP server. Default is No

Anonymous_enable=yes//Sets whether anonymous users are allowed to log on to the FTP server. The default is Yes

FTP_USERNAME=FTP//define the account name of the anonymous user, the default value is FTP.

No_anon_password=yes//anonymous user asks for password when logged in. Set to Yes, you do not ask. Implied

Recognition No

Anon_world_readable_only=yes//Whether anonymous users are allowed to download readable documents, the default is YES.

Anon_upload_enable=yes//Whether anonymous users are allowed to upload files. Only if the write_enable is set to

Yes, the configuration item is valid. And anonymous users must have write access to the corresponding directory. The default is No.

Anon_mkdir_write_enable=yes//Whether anonymous users are allowed to create directories. Valid only if the write_enable is set to Yes. and anonymous users have permission to write to the upper directory. The default is No.

Anon_other_write_enable=no//If set to Yes, anonymous users will be allowed to have more than

Permissions to upload and create directories, as well as delete and rename permissions. The default value is No.

directory where the user is logged in:

Local_root=/var/ftp

Sets the directory where the local user is logged on. The entry is not set in the default profile, when the user logs on to the FTP server and the directory is the user's home directory, or the/root directory for the root user.

Anon_root=/var/ftp

Sets the directory where anonymous users are logged on. If not specified, the default is the/var/ftp directory.

Source Document <</span>http://blog.csdn.net/lhq9220/article/details/6544755>

Controls whether the user switches to the parent directory;

In the default configuration, users can use the CD. The name switches to the parent directory. For example, if the directory where the user is logged in is/var/ftp, on the "ftp>" command line, execute "CD.." command, the user will switch to their parent directory/VAR, and if you continue with the command, you can go to the root of the Linux system to operate the entire Linux file system.

If the Write_enable=yes is set, then the user can also overwrite the files in the root directory, which will bring a great security risk to the system, therefore, the user must be prevented from switching to the root directory of Linux, the related configuration items are as follows:

Chroot_list_enable=yes

Sets whether the user list file specified by the Chroot_list_file configuration item is enabled. Set to Yes in addition to the accounts listed in the J/etc/vsftpd/chroot_list file, all logged-in users can enter a directory other than the FTP root directory. Default No

Chroot_list_file=/etc/vsftpd/chroot_list

Lets you specify a user list file that controls which users can switch to the ancestor directory of the FTP site root.

Chroot_local_user=yes

Lets you specify whether users in the user list file are allowed to switch to the parent directory. Default No

Note: To view the effect on a local user, you need to first set the LOCAL_ROOT=/VAR/FTP

Source Document <</span>http://blog.csdn.net/lhq9220/article/details/6544755>

Here are some of the following:

1) When Chroot_list_enable=yes,chroot_local_user=yes, the users listed in the/etc/vsftpd/chroot_list file can switch to the parent directory, the user who is not listed in the file, You cannot switch to the parent directory of the site root directory.

2) When Chroot_list_enable=yes,chroot_local_user=no, the users listed in the/etc/vsftpd/chroot_list file cannot switch to the parent directory of the site root, and users who are not listed in the file You can switch to the parent directory.

3) When Chroot_list_enable=no,chroot_local_user=yes, all users cannot switch to the parent directory.

4) When Chroot_list_enable=no,chroot_local_user=no, all users can switch to the parent directory.

5) When the user is not allowed to switch to the parent directory, the root directory "/" of the FTP site after login is the home directory of the FTP account, the/VAR/FTP directory of the file's system.

Set access control

Set the host to allow or disallow access (see TBP14)

The Tcp_wrappers=yes is used to set the VSFTPD server to be combined with the TCP wrapper for host access control. The default setting for the YES,VSFTPD server checks the settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection will allow access to the FTP server. These two files can play a simple firewall function.

For example, to allow only 192.168.168.1~192.168.168.254 users to access the connected VSFTPD server, you can add the following to the/etc/hosts.allow file:

Vsftpd:192.168.168.0/255.255.255.0:allow

All:all:deny

Set the user allowed or not allowed to access

Access control for users is controlled by the/etc/vsftpd/user_list and/etc/vsftpd/ftpusers files. The relevant configuration commands are as follows:

Userlist_enable=yes

Determines whether the/etc/vsftpd/user_list file is active. Yes is effective and no does not take effect.

Userlist_deny=yes

Determines whether the user in the/etc/vsftpd/user_list file is allowed access or not allowed. If set to Yes, users in the/etc/vsftpd/user_list file will not be allowed access to the FTP server, and if set to No, only users in the Vsftpd.user_list file can access the FTP server

5. Configuration file:

Timeout option: idle-session-timeout=600

Load control: Control the maximum number of connections: max_clients=.

6. Anonymous User: You can generally log on to the server anonymous with anonymity, but you cannot upload files. No_anon_password=yes/no, whether the anonymous user needs a password.

7. Create a new User:

First Use "Useradd-d directory name username" to establish a user account to the FTP directory, and then set the password with passwd

When you modify a configuration file/etc/vsftpd/vsftpd.config

Guest_enable=yes

Guest_username= User Name

Setsebool Ftpd_disable_trans 1

VSFTP Server Setup