Vsftpd configuration file details, vsftpd configuration file

Vsftpd configuration file details, vsftpd configuration file
VsftpdConfiguration file details1.Default Configuration:1> allow anonymous users and local users to log on. Anonymous_enable = YES local_enable = YES2> the logon name for anonymous users is ftp or anonymous. The password is blank. anonymous Users cannot leave the anonymous user's home directory/var/ftp, and can only download and cannot upload. 3> the login name of the local user is the local user name, And the password is the password of the local user. The local user can perform read and write operations in his/her home directory; local users can switch from their own directories to other directories with access permissions, and upload/download files with permission. Write_enable = YES4> the local user in the/etc/vsftpd. ftpusers file cannot log on.2.Configuration File Format:The content of vsftpd. conf is very simple, and each line is set. If it is a blank line or a line starting with #, it will be ignored. There is only one format for the content, as shown below option = value. Note that no blank space is allowed on both sides of the equal sign.3.Anonymous user (anonymous) settingsAnonymous_enable = YES/NO(YES)Checks whether anonymous users are allowed to log on. YES indicates that anonymous users are allowed to log on, and NO indicates that anonymous users are not allowed. The default value is YES.Write_enable = YES/NO(YES)Whether logon users are permitted to write data. It is a global setting. The default value is YES.No_anon_password = YES/NO(NO)If this function is enabled, no password is asked when anonymous logon is used. The default value is NO.Ftp_username = ftpDefines the name of the anonymous login user. The default value is ftp.Anon_root =/var/ftpThe directory used for anonymous logon. The default value is/var/ftp. Note that the ftp directory cannot be a 777 permission attribute, that is, the anonymous user's home directory cannot have 777 permissions.Anon_upload_enable = YES/NO(NO)If set to YES, anonymous logon users are allowed to upload files (non-Directories). This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.Anon_world_readable_only = YES/NO(YES)If it is set to YES, anonymous login users are allowed to download readable files (which can be downloaded to the Local Machine for reading and cannot be opened directly on the FTP server ). The default value is YES.Anon_mkdir_write_enable = YES/NO(NO)If it is set to YES, anonymous logon users are permitted to add directories. This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO.Anon_other_write_enable = YES/NO(NO)If it is set to YES, anonymous login users are allowed to upload or create permissions outside the directory, such as deleting or renaming. (If anon_upload_enable = NO, anonymous users cannot upload files, but can delete or rename existing files. If anon_mkdir_write_enable = NO, anonymous users cannot upload or create folders, however, you can delete or rename an existing folder .) The default value is NO.Chown_uploads = YES/NO(NO)Set whether to change the owner of the File Uploaded by anonymous users (non-directory. The default value is NO.Chown_username = usernameSet the owner name of the File Uploaded by an anonymous user (non-directory. We recommend that you do not set it to root.Anon_umask = 077Set the umask value when the anonymous login adds or uploads files. The default value is 077, and the corresponding permission for creating a new file is 700.Deny_email_enable = YES/NO(NO)If this function is enabled, a file/etc/vsftpd/banner_emails must be provided with the email address. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter. The default value is NO.Banned_email_file =/etc/vsftpd/banner_emailsThis file is used to enter the email address. This file is used only when deny_email_enable = YES. If anonymous login is used, you are required to enter the email address. If the input email address is in this file, it is not allowed to enter.4.Local user settingsLocal_enable = YES/NO(YES)Check whether local users are allowed to log on. YES indicates that local users are allowed to log on, and NO indicates that local users are not allowed. The default value is YES.Local_root =/home/usernameWhen a local user logs on, it is replaced with a defined directory. The default value is the home directory of each user.Write_enable = YES/NO(YES)Whether logon users are permitted to write data. It is a global setting. The default value is YES.Local_umask = 022Umask value when a local user adds a file. The default value is 077.File_open_mode = 0755The permission of the local user to upload files is the same as that used by chmod. The default value is 0666.5.Welcome Speech settingsDirmessage_enable = YES/NO(YES)If this option is enabled, the first time the user enters a directory, the user will check whether there is any. message, if any, the contents of this file will appear. Usually, this file contains welcome words or descriptions of this directory. The default value is enable.Message_file =. messageSets the directory message file to write the information to be displayed to this file. The default value is. message.Banner_file =/etc/vsftpd/bannerWhen a user logs in, the file content of this setting is displayed, which is usually a welcome word or description. The default value is none. Use this configuration item if you have more welcome information.Ftpd_banner = Welcome to BOB's FTP serverHere is the string used to define the welcome discourse. banner_file is the file format, while ftpd_banner is the string format. Default Value: none.6.Controls whether users are allowed to switch to the parent directoryBy default, after logging on to FTP, a local user can use the cd command to switch to another directory, which brings security risks to the system. You can use the following three configuration files to control user directory switching.Chroot_list_enable = YES/NO(NO)Sets whether to enable the user list file specified by the chroot_list_file configuration item. The default value is NO.Chroot_list_file =/etc/vsftpd. chroot_listSpecifies the user list file, which is used to control which users can switch to the parent directory of the user's home directory.Chroot_local_user = YES/NO(NO)Specifies whether the user in the user list file can switch to the upper-level directory. The default value is NO.The following effects can be achieved through combination:①When chroot_list_enable = YES, chroot_local_user = YES, in/etc/vsftpd. users listed in the chroot_list file can switch to other directories. Users not listed in the file cannot switch to other directories.②When chroot_list_enable = YES, chroot_local_user = NO, in/etc/vsftpd. users listed in the chroot_list file cannot switch to other directories. Users not listed in the file can switch to other directories.③When chroot_list_enable = NO, chroot_local_user = YES, all users cannot switch to other directories.④When chroot_list_enable = NO, chroot_local_user = NO, all users can switch to other directories.7.Data Transmission Mode settingsYou can use the binary mode or the ASCII mode to upload or download data during FTP data transmission.Ascii_upload_enable = YES/NO(NO)Set whether to enable the ASCII mode to upload data. The default value is NO.Ascii_download_enable = YES/NO(NO)Set whether to enable ASCII mode to download data. The default value is NO.8.Access control settingsTwo control modes: one is to control host access and the other is to control user access.① Control host access:Tcp_wrappers = YES/NO(YES)Set whether vsftpd is combined with tcp wrapper to control access to the host. The default value is YES. If it is enabled, the vsftpd server checks the settings in/etc/hosts. allow and/etc/hosts. deny to determine whether to allow access to the FTP server. These two files can provide simple firewall functions. For example, to allow only 192.168.0.1-192.168.0.254 users to connect to the FTP server, add the following content to the/etc/hosts. allow file: vsftpd: 192.168.0.: allowall: all: deny② Control user access:You can use the vsftpd. user_list and ftpusers Files in the/etc directory to control user access.Userlist_file =/etc/vsftpd. user_listControls the user's access to the FTP file, which contains the user name. A row of user names.Userlist_enable = YES/NO(NO)Whether to enable the vsftpd. user_list file.Userlist_deny = YES/NO(YES)Determines whether users in the vsftpd. user_list file can access the FTP server. If YES, users in the vsftpd. user_list file are not allowed to access FTP. If NO, only users in the vsftpd. user_list file can access FTP./Etc/vsftpd/ftpusersFile is used to define a list of users that are not allowed to access the FTP server (Note:: If userlist_enable = YES, userlist_deny = NO, if it is in vsftpd. if a user exists in both user_list and ftpusers, the user cannot access FTP, that is, the ftpusers has a higher priority ). By default, vsftpd. user_list and ftpusers Files are pre-configured with system internal accounts that do not allow access to the FTP server. If the system does not have these two files, create these two files and add them to the system.9.Access Rate SettingsAnon_max_rate = 0Sets the maximum transmission speed used by anonymous logon users. The unit is B/s. 0 indicates no speed limit. The default value is 0.Local_max_rate = 0The maximum transmission speed used by local users. The unit is B/s. 0 indicates no speed limit. The default value is 0.10.Timeout settingsAccept_timeout = 60Set the timeout time for establishing an FTP connection, in seconds. The default value is 60.Connect_timeout = 60The timeout time for establishing a data connection in the PORT mode, measured in seconds. The default value is 60.Data _ connection_timeout = 120Set the timeout time for establishing an FTP data connection, in seconds. The default value is 120.Idle_session_timeout = 300If you do not perform any operation on the FTP server for a specified period of time, the FTP connection is disconnected, in seconds. The default value is 300.11.Log File SettingsXferlog_enable = YES/NO(YES)Whether to enable upload/download logging. If enabled, the upload and download information is recorded in the file defined by xferlog_file. It is enabled by default.Xferlog_file =/var/log/vsftpd. logSet the log file name and path. The default value is/var/log/vsftpd. log.Xferlog_std_format = YES/NO(NO)If enabled, the log file will be written as the standard format of xferlog, just like wu-ftpd. The default value is disabled.Log_ftp_protocol = YES | NO(NO) 
If this option is enabled, all FTP requests and responses are recorded in the log. The default log file is/var/log/vsftpd. log. When this option is enabled, xferlog_std_format cannot be activated. This option is helpful for debugging. The default value is NO.12.Define User Configuration FileIn vsftpd, you can define a user configuration file to implement different configurations for different users.User_config_dir =/etc/vsftpd/userconfSet the directory where the user configuration file is located. After this configuration item is set, after you log on to the server, the system will go to the/etc/vsftpd/userconf directory to read the file with the same user name as the current one, and according to the configuration commands in the file, further configure the current user. For example, if user_config_dir =/etc/vsftpd/userconf is defined and the host has users test1 and test2, we will add two files named test1 and test2 in the user_config_dir directory. If you log on to test1, the settings in the file test1 under user_config_dir will be read. The default value is none. The user configuration file can be used to control the access speed of different users. You can define local_max_rate = XX in each user configuration file.13. FTPWorking Method and port settingsFTP can work in two ways: port ftp (active mode) and pasv ftp (passive mode)Listen_port = 21Set the port on which the FTP server establishes a connection. The default value is 21.Connect_from_port_20 = YES/NOSpecify FTP port 20 for data transmission. The default value is YES.Ftp_data_port = 20Set the PORT used for FTP data connection in PORT mode. The default value is 20.Pasv_enable = YES/NO(YES)If it is set to YES, PASV working mode is used; if it is set to NO, PORT mode is used. The default value is YES, that is, PASV mode is used.Pasv_max_port = 0In PASV mode, the maximum port in the port range that data connections can use. 0 indicates any port. The default value is 0.Pasv_min_port = 0In PASV mode, the minimum port in the port range that data connections can use. 0 indicates any port. The default value is 0.14.Connection-related settingsListen = YES/NO(YES)Set whether the vsftpd server runs in standalone mode. Running in standalone mode is a good method. In this case, the listen must be set to YES, which is the default value. We recommend that you do not change the configuration. There are many configuration commands related to server running, which must be effective in this mode. If it is set to NO, vsftpd does not run independently. It is subject to the control of the xinetd service and has limited functions.Max_clients = 0Set the maximum number of connections allowed by vsftpd. The default value is 0, indicating that no limit is imposed. If this parameter is set to 100, 100 connections are allowed at the same time. Otherwise, the connection is rejected. It is valid only when running in standalone mode.Max_per_ip = 0Set the number of connections allowed between each IP address and the FTP server. The default value is 0, indicating no restriction. It is valid only when running in standalone mode.Listen_address = IPAddressSet the FTP server to listen for user FTP requests on the specified IP address. If this parameter is not set, all IP addresses bound to the server are listened. It is valid only when running in standalone mode.Setproctitle_enable = YES/NO(NO)Set whether each connection to the FTP server is expressed by a different process. The default value is NO. In this case, only one vsftpd process is available using ps aux | grep ftp. If it is set to YES, each connection will have a vsftpd process.15.Virtual user settingsThe virtual user uses the PAM Authentication Method.Pam_service_name = vsftpdSet the name used by PAM. The default value is/etc/pam. d/vsftpd.Guest_enable = YES/NO(NO)Enable virtual users. The default value is NO.Guest_username = ftpThis is used to map virtual users. The default value is ftp.Virtual_use_local_privs = YES/NO(NO)When this parameter is activated (YES), the virtual user uses the same permissions as the local user. When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ).16.Other settingsText_userdb_names = YES/NO(NO)Set whether to display UID, GID, or specific user name and group name when executing commands such as ls-la. The default value is NO, which is displayed as UID and GID. If you want to display the user name and group name, set it to YES.Ls_recurse_enable = YES/NO(NO)If this function is enabled, the user is allowed to use the ls-R command (you can view files in subdirectories in the current directory. The default value is NO.Hide_ids = YES/NO(NO)If this function is enabled, the owner and group of all archives are ftp, that is, the user logs on to commands such as ls-al, and the owner and group of all archives are ftp. The default value is disabled.Download_enable = YES/NO(YES)If it is set to NO, all files cannot be downloaded to the local device, and folders are not affected. The default value is YES.
Vsftpd service in LINUX

Vsftpd configuration file description 1. Default Configuration: 1> allow anonymous users and local users to log on. Anonymous_enable = YES local_enable = YES 2> the logon name for anonymous users is ftp or anonymous. The password is blank. anonymous Users cannot leave the anonymous user's home directory/var/ftp, you can only download files and cannot upload files. 3> the login name of the local user is the local user name, And the password is the password of the local user. The local user can perform read and write operations in his/her home directory; local users can switch from their own directories to other directories with access permissions, and upload/download files with permission. Write_enable = YES 4> the local user in the/etc/vsftpd. ftpusers file cannot log on. 2. Configuration File Format: The content of vsftpd. conf is very simple, and each row is set as one. If it is a blank line or a line starting with #, it will be ignored. There is only one format for the content, as shown below option = value. Note that no blank space is allowed on both sides of the equal sign. 3. for anonymous users (anonymous), set anonymous_enable = YES/NO (YES) to control whether anonymous users are allowed to log on. If YES, anonymous Users are allowed to log on and NO is not allowed. The default value is YES. Write_enable = YES/NO (YES) whether the login user can have the write permission. It is a global setting. The default value is YES. No_anon_password = YES/NO (NO) If this function is enabled, the password will not be asked during anonymous login. The default value is NO. Ftp_username = ftp defines the name of the anonymous login user. The default value is ftp. Anon_root =/var/ftp the directory to which you log on when using anonymous logon. The default value is/var/ftp. Note that the ftp directory cannot be a 777 permission attribute, that is, the anonymous user's home directory cannot have 777 permissions. Anon_upload_enable = YES/NO (NO) If set to YES, the anonymous login user is allowed to upload files (non-Directories). This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO. Anon_world_readable_only = YES/NO (YES) if it is set to YES, anonymous logon users are allowed to download readable files (you can download the files to your local computer for reading, but not directly open the files on the FTP server ). The default value is YES. Anon_mkdir_write_enable = YES/NO (NO) if it is set to YES, the anonymous logon user is allowed to have the permission to add a directory. This option is valid only when write_enable = YES. Of course, anonymous users must have the write permission to the upper-level directory. The default value is NO. Anon_other_write_enable = YES/NO (NO) if it is set to YES, more anonymous login permissions are allowed, such as deleting or renaming, for uploading or creating directories. (If anon_upload_enable = NO, anonymous users cannot upload files, but can delete or rename existing files. If anon_mkdir_write_enable = NO, anonymous users cannot upload or create folders, however, you can delete or rename an existing folder .) The default value is NO. Chown_uploads = YES/NO (NO) Specifies whether to change the owner of the File Uploaded by an anonymous user (non-directory. The default value is NO. Chown_username = username sets the owner name of the File Uploaded by an anonymous user (non-directory. We recommend that you do not set it to root. Anon_umask = 077 ...... remaining full text>

Details of the configuration file of the Vsftpd Server

Vsftpd Configuration
In Red Hat Linux 9.0, vsftpd has three configuration files:
Vsftpd. ftpusers: located in the/etc directory. It specifies which user accounts cannot access the FTP server, such as root.
Vsftpd. user_list: located in the/etc directory. The user account in this file cannot access the FTP server by default. Access is allowed only when the userlist_enable = NO option is enabled in the vsftpd. conf configuration file.
Vsftpd. conf: located in the/etc/vsftpd directory. It is a text file. We can use text editing tools such as Kate and Vi to modify it, to customize FTP server configurations, such as user logon control, user permission control, timeout settings, server function options, server performance options, and server response messages.
(1) User Logon Control
Anonymous_enable = YES, allows anonymous users to log on.
No_anon_password = YES. You do not need to enter a password when logging on as an anonymous user.
Local_enable = YES, allow local users to log on.
Deny_email_enable = YES, you can create a file to save the blacklist of some anonymous emails to prevent these people from using Dos attacks.
Banned_email_file =/etc/vsftpd. banned_emails. When the deny_email_enable function is enabled, the required path for saving the email blacklist is/etc/vsftpd. banned_emails by default ).
(2) user permission Control
Write_enable = YES. enable the global upload permission.
Local_umask = 022. The umask of the local user's uploaded file is set to 022 (the default value is 077. Generally, it can be changed to 022 ).
Anon_upload_enable = YES, which allows anonymous users to have the upload permission. Obviously, you must enable write_enable = YES to use this option. At the same time, we must create a directory that allows ftp users to read and write data (as mentioned earlier, ftp is mapped to user accounts by anonymous users ).
Anon_mkdir_write_enable = YES. Anonymous Users are allowed to create directories.
Chown_uploads = YES. If this option is enabled, the owner of the file to be uploaded anonymously will be changed to another user account. Note that you are advised not to specify the root account as the owner of the file to be uploaded anonymously!
Chown_username = whoever. When chown_uploads = YES is enabled, the specified owner account must be replaced by an appropriate user account.
Chroot_list_enable = YES. You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = YES, the specified users in this list are unrestricted. Do not select
Chroot_list_file =/etc/vsftpd. chroot_list. If chroot_local_user = YES, specify the Save path for the List (chroot_local_user) (/etc/vsftpd. chroot_list by default ).
Nopriv_user = ft1_cure: Specifies a secure User Account to allow the FTP server to be used as an independent user with full isolation and no privileges. This is a recommended option For vsftpd systems.
Async_abor_enable = YES. We strongly recommend that you do not enable this option, otherwise it may cause errors!
Ascii_upload_enable ...... remaining full text>