Vsftpd faq Chinese version (2.0.3)

This document is an unofficial version of the vsftpd 2.0.3 faq. Official faq: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.3/FAQ

Now the latest version is vsftpd 2.3.2, corresponding faq address: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.2/FAQ

Q1) Can I restrict a user to his home directory?

A) YES. Set chroot_local_user = YES.

BKJIA recommended topics: getting started with vsftpd-installation, configuration, cases, and FAQs

Q2) Why does symlink not work after chroot_local_user = YES is set?

A) This is the result of how the security mechanism chroot () works. (Optional) Take A Look At hard links, or use the "modern" Linux and the powerful "mount -- bind" command.

Q3) Does vsftpd support limit the number of user connections?

A1) Yes, indirectly. Vsftpd is an inetd-based service. If you use the popular xinetd, it supports the connection restrictions of per-service per-IP. The "EXAMPLE" directory contains an EXAMPLE.

A2) If you run vsftpd in standalone mode (set listen = YES), you can study settings such as max_clients = 10.

Q4) Help! I got the error message "refusing to run with writable anonymous root.

A) vsftpd does not allow "dangerous (Insecure)" configurations. This error message is usually caused by incorrect owner permissions in the home directory of ftp. The owner of the home directory should not be an ftp user, and the ftp user cannot have the write permission. The solution is:

Chown root ~ Ftp; chmod-w ~ Ftp

Q5) Help! I got the error message "str_getpwnam.

A) The most likely reason is that there is no user (generally 'nobody') configured as 'nopriv _ user' in your system '). Vsftpd must run with the lowest permissions.

Q6) Help! Local users cannot log on.

A) There are several possible problems that cause logon failure.

A1) by default, vsftpd only allows anonymous users (anonymous) to log on. Add local_enable = YES to your/etc/vsftpd. conf configuration file to allow local users to log on.

A2) vsftpd needs to contact PAM (Run "ldd vsftpd" to check whether libpam exists in the result ). if vsftpd requires PAM support, you must prepare a PAM file for the vsftpd service. in the "RedHat" directory, there is an example of preparing the PAM file for the RedHat system, put it in/etc/pam. d directory.

A3) if PAM is not required for vsftpd, this may be caused by many reasons. Is your shell in the/etc/shells file? If you use shadow passwd, is there any shadow. h file in the include path?

A4) if PAM is not used, vsftpd will use its own method to check whether the user's shell is legal. if you want to use an illegal shell so that users can only log on via FTP), you can add check_shell = NO in the configuration file.

Q7) Help! "500 Unknown command." is reported for uploading or other "write" commands .".

A) by default, "write" commands for uploading and creating Directories) are disabled. this is a safe method. to allow writing a command, you must add the command in the configuration file/etc/vsftpd. add write_enable = YES to conf.

Q8) Help! What are the security risks in the chroot_local_user option?

A) First, note that other ftp servers have the same risks. This is a general question. This problem is not very serious, but it is like this: Some people give untrusted ftp accounts full shell access permissions. If these accounts can upload files, there is a risk. A bad user can control the root directory of the file system as its home directory. The FTP process may access some configuration files, such as/etc/some_file. With chroot (), this file is under the control of this user. Vsftpd is very concerned about these security issues. However, the system libc may want to open the language configuration file or other configuration ......

Q9) Help! The permission for uploaded files is-rw -------.

A1) modify the local_umask or anon_umask option based on whether the upload user is a local user or an anonymous user. For example, set anon_umask = 022 to specify the permission to upload files anonymously as-rw-r --. Note that the value of 0 in front of 22 cannot be less.

A2) you can also check the New Option file_open_mode in the man help of vsftpd. conf.

Q10) Help! How can I integrate LDAP User Logon?

A) Use vsftpd with PAM to configure PAM to use LDAP authentication.

Q11) Help! Can vsftpd be configured as virtual hosting?

A1) Yes. If you use xinetd to run vsftpd, You can bind xinetd to several different IP addresses. For each IP address, xinetd uses different configuration files to start vsftpd. In this way, you can configure different vsftpd services on each IP address.

A2) You can also run multiple vsftpd instances in standalone mode. Use listen_address = x. x to set the virtual IP address.

Q12) Help! Does vsftpd support virtual users?

A) Yes. It is integrated with PAM. Set guest_enable = YES in/etc/vsftpd. conf. The effect is that the successful logon of all non-anonymous users is mapped to the local user specified by guest_username. Then, you can use PAM and Its pam_userdb module, for example, to improve the authentication based on the external user library that does not use/etc/passwd. Note: When guest_enable takes effect, a restriction is imposed, that is, the local user is also mapped to guest_username Translator: that is, the virtual user and the local user cannot be used at the same time ). The EXAMPLE directory contains an EXAMPLE of virtual user configuration.

Q13) Help! Does vsftpd support different configurations for different users?

A) supported and powerful. Check the user_config_dir option in man's help.

Q14) Help! Can I limit vsftpd data connection to data connections?

A) Yes. Check the configuration options pasv_min_port and pasv_max_port.

Q15) Help! I see information like "OOPS: chdir.

A) if an anonymous user is logged on, check whether the Home Directory of the System user ftp is correct. If you use the anon_root option, check whether the option is correct.

Q16) Help! Vsftpd displays GMT instead of local time!

A) This can be solved by setting use_localtime = YES.

Q17) Help! Can I disable some FTP commands?

A) Yes. There are some separate options such as dirlist_enable), or you can use the cmds_allowed option to specify the allowed command set.

Q18) Help! Can I change the working port of vsftpd?

A1) Yes. If you run vsftpd in standalone mode, you can use the listen_port option in vsftpd. conf to specify the port ).

A2) Yes. If vsftpd is run in inetd or xinetd mode, inetd or xinetd is responsible for this problem. You must modify the configuration file of inetd or xinetd, which may be/etc/inetd. conf or/etc/xinetd. d/vsftpd ).

Q19) Help! Can vsftpd be verified using the LDAP server? Or use the Mysql database?

A) Yes. Vsftpd can be verified using PAM, so you need to configure PAM to use the pam_ldap or pam_mysql module. This includes installing the PAM module, and then editing the PAM Configuration File of vsftpd may be/etc/pam. d/vsftpd ).

Q20) Help! Does vsftpd support per-IP limits?

A1) Yes. If you run vsftpd in standalone mode, you can use the max_per_ip option.

A2) Yes. If you run vsftpd in xinetd mode, you can use the xinetd configuration parameter per_source.

Q21) Help! Does vsftpd support bandwidth restrictions?

A) supported. See the "anon_max_rate" and "local_max_rate" options in man help vsftpd. conf.5.

Q22) Help! Does vsftpd support IPIP-based Access Control?

A1) can be combined with tcp_wrappers. The premise is that tcp_wrappers is added for compilation ). Enable tcp_wrappers = YES.

A2) Run vsftpd in xinetd mode. xinetd can be combined with tcp_wrappers.

Q23) Help! Does vsftpd support IPv6?

A) It is supported from version 1.2.0. See the man help of vsftpd. conf.

Q24) Help! Vsftpd compilation failed. The error is-lcapunable to find-lcap cannot be found ).

A) install libcap package and try again. It seems that Debian users have encountered more problems.

Q25) Help! My configuration file is/etc/vsftpd. conf, but it does not seem to work!

A) The RedHat user will encounter this problem-in some RedHat versions, the vsftpd configuration file is/etc/vsftpd. conf.

Q26) Help! Vsftpd compilation fails, and sysutil. c contains incomplete types of types ).

A) Your system may not support IPv6. You can either use earlier versions of vsftpd such as v1.1.3 in a modern system that supports IPv6.

Q27) Help! When downloading, especially a large number of small files), you can see a lot of such information: "500 OOPS: vsf_sysutil_bind ".

A) The vsftpd-1.2.1 has solved this problem.

Q28) Help! Can vsftpd hide or deny access to certain files?

A) Yes. Look at the hide_file and deny_file options in the man help of vsftpd. conf.

Q29) Help! Does vsftpd support FXP?

A) supported. The FTP server supports FXP without special configuration. However, due to the security restrictions of vsftpd on IP addresses, you may not succeed. To relax this restriction, check out the pasv_promiscuous and port_promiscuous options in the man help (vsftpd. conf.5) of vsftpd. conf.

Q30 )......

A) To learn more about vsftpd, read the man help and configuration example of vsftpd. conf.