Vsftpd basic configuration practices anonymous users upload files and Root Login

Vsftp has been established since yesterday. You only need to test the DN and up speed of the Board. there are two issues that do not require much security consideration. anonymous and root users log on and upload files. Everything found on the internet is messy and all attempts fail .. finally, I finally saw an article that is easy to understand .. turn to put ..

Vsftpd basic configuration practices anonymous users upload files and Root Login
Coco volcano 20080411
Http://linux.chinaunix.net/bbs/viewthread.php? Tid = 989486 & extra = & page = 1

Test in centos to allow anonymous users to upload files. All configuration files start from the initial state:
1. File:/etc/vsftpd. conf
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# Has an effect if the above global write enable is activated. Also, you will
# Obviously need to create a Directory Writable By the FTP user.
Anon_upload_enable = Yes
#
# Uncomment this if you want the anonymous FTP user to be able to create
# New directories.
Anon_mkdir_write_enable = Yes
2. After logging on to anonymous, the system still fails to upload and reports a permission error, no matter whether the/directory or/pub. Check/pub permission and find that the permission is low.
[Root @ centos5 pub] # ls-LD/var/FTP/pub/
Drwxr-XR-x 3 Root 4096 Mar 17 00:07/var/FTP/pub/
In this case, you need to create a directory for the user to upload.
[Root @ centos5 pub] # mkdir/var/FTP/incomming
[Root @ centos5 pub] # chmod A + w/var/FTP/incomming
3. Log On As an anonymous user again, and upload files and create directories in/incomming.

The following is a test in centos to allow the root user to log on via ftp. All configuration files start from the initial state:
1. Delete the root row in/etc/vsftpd/user_list.
# Vsftpd userlist
# If userlist_deny = No, only allow users in this file
# If userlist_deny = Yes (default), never allow users in this file, and
# Do not even prompt for a password.
# Note that the default vsftpd Pam config also checks/etc/vsftpd/ftpusers
# For users that are denied.
In this way, root login is not directly deny, but the correct password cannot be entered. View/etc/log/secure to find that Pam has blocked root login.
2. Find/etc/PAM. d/vsftpd and check the/etc/vsftpd/ftpusers configuration file.
The first line of/etc/vsftpd/ftpusers indicates the role of this configuration file.
# Users that are not allowed to login via FTP
After deleting the root row and restarting vsftpd, the root user can log on.

Later: 1. FTP is transmitted in plain text, posing a security risk, not to mention using root to directly log on to FTP.
2. SSH is recommended, that is, you can run commands or upload files.