VSFTPD Master profile resolution in FTP server

/etc/vsftpd/vsftpd.conf

#################Anonymous permission Control###############
Anonymous_enable=yes #是否启用匿名用户
No_anon_password=yes #匿名用户login时不询问口令

The following four main statements control the uploading, downloading, creating, deleting, and renaming of this file and folder.
Anon_upload_enable= (yes/no); #控制匿名用户对文件 (non-directory) upload permissions.
Anon_world_readable_only= (yes/no); #控制匿名用户对文件的下载权限
Anon_mkdir_write_enable= (yes/no); #控制匿名用户对文件夹的创建权限
Anon_other_write_enable= (yes/no); #控制匿名用户对文件和文件夹的删除和重命名

Note: Anonymous user download is using nobody this user, so the corresponding o this location to have R permission to be downloaded. To allow anonymous users to upload and delete permissions, you must set the
Write_enable=yes #全局设置, whether to allow write (whether anonymous or local users, to enable upload permissions, it is necessary to open him)
Anon_root= (None) #匿名用户主目录
Anon_max_rate= (0) #匿名用户速度限制
anon_umask= (077) #匿名用户上传文件时有掩码 (this is set to 073 if you want to allow anonymous users to upload files directly to the anonymous download)
Chown_uploads=yes #所有匿名上传的文件的所属用户将会被更改成chown_username
Chown_username=whoever #匿名上传文件所属用户名

#################Local user Rights control###############
Write_enable=yes #可以上传 (Global control) Delete, rename
local_umask=022 #本地用户上传文件的umask
Userlist_enable=yes #限制了这里的用户不能访问
Local_root = (/user/ftp) #设置一个本地用户登录后进入到的目录, the default is to go to the local user's home directory
User_config_dir #设置用户的单独配置文件, which account is used to name the login
Download_enable= (Yes|no) #限制用户的下载权限
Chown_uploads=yes #所有匿名上传的文件的所属用户将会被更改成chown_username
Chown_username=whoever #匿名上传文件所属用户名
Chroot_list_enable=yes #如果启动这项功能, all users who are listed in Chroot_list_file cannot change the root directory
Chroot_list_file=/etc/vsftpd/chroot_list #指定限制的用户文件
User_config_dir= #后面跟存放配置文件的目录. Used to implement different permissions for different users.
Add this sentence #在vsftpd. conf file,
#在相应的目录里面, create your own profile for each user to implement different permissions
You can control the user to switch directories by using the following three configuration files.
Chroot_list_enable=yes/no #设置是否启用chroot_list_file配置项指定的用户列表文件.
#如果启动这项功能, all users listed in Chroot_list_file cannot change the root directory. The default value is yes.


Chroot_list_file=/etc/vsftpd/chroot_list #指出被锁定在自家目录中的用户的列表文件.
Chroot_list_enable=yes

The following effects can be achieved by pairing with chroot_local_user=yes/no:
1, when Chroot_list_enable=yes,chroot_local_user=yes, in the/etc/vsftpd.chroot_list file listed in the user, you can switch to a different directory, not listed in the file users, You cannot switch to a different directory.
2. When Chroot_list_enable=yes,chroot_local_user=no, users listed in the/etc/vsftpd.chroot_list file cannot switch to a different directory, and users who are not listed in the file You can switch to a different directory.
3, when Chroot_list_enable=no,chroot_local_user=yes, all users can not switch to other directories.
4, when Chroot_list_enable=no,chroot_local_user=no, all users can switch to other directories.

###################Access Control Settings###################

two kinds of control methods: one control the host access, another control user access.
1, control the host access:
Tcp_wrappers=yes/no
Sets whether VSFTPD is combined with TCP wrapper for host access control. The default value is yes. If enabled, the VSFTPD server checks the settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection is allowed access to the FTP server. These two files can play a simple firewall function.
For example: To allow only 192.168.10.1-192.168.10.254 users to connect to an FTP server,
Then in
/etc/hosts.allow
/etc/hosts.deny
File, add the following:

The format is as follows:
Restricted Services: IP (network segment)
vsftpd:192.168.1.
vsftpd:192.168.1.12
vsftpd:192.168.1.0/255.255.255.0 can't be written 192.168.1.0/24 here.

2. Control user access:
vsftpd.ftpusers#用于保存不允许进行FTP登录的本地用户帐号. Is the blacklist of vsftp users.
vsftpd.user_list
(1) Set prohibit user login in Vsftpd.user_list file: To modify the following two items in the master profile vsftpd.conf,
Userlist_enable=yes
Userlist_deny=yes
Description: After configuration, other FTP users can log in except for FTP users logged in vsftpd.ftpusers files and vsftpd.user_list files that cannot log on to the VSFTP service.
(2) Settings allow only users in the Vsftpd.user_list file to log in; the same is true for the vsftpd.conf in the main configuration file, modify the following two items:
Userlist_enable=yes
Userlist_deny=no
Description: After configuration, only FTP users logged in the Vsftpd.user_list file are allowed to log in to the VSFTP service, and no other FTP users can log on.

################## #超时设置 ##################
idle_session_timeout=600 #空闲连接超时
data_connection_timeout=120 #数据传输超时
Accept_timeout=60 #PAVS请求超时
Connect_timeout=60 #PROT模式连接超时

################Server Feature Options###############

Xferlog_enable=yes #开启日记功能
Xferlog_std_format=yes #使用标准格式
Xferlog_file=/var/log/xferlog #日志文件的位置
Log_ftp_protocol=no #当xferlog_std_format关闭且本选项开启时, logging all FTP requests and replies, when debugging is more useful.
Dual_log_enable=no #是否启用vsftpd自己的日志
vsftpd_log_file= #默认是/var/log/vsftpd.log
Syslog_enable=no #是否写入/var/log/messages

Pasv_enable=yes #允许使用pasv模式
Pasv_promiscuous+no #关闭安全检查, be careful.
Port_enable=yes #允许使用port模式
Prot_promiscuous #关闭安全检查
Tcp_wrappers=yes #开启tcp_wrappers支持
PAM_SERVICE_NAME=VSFTPD the name used by the #定义PAM, preset to VSFTPD.
Nopriv_user=nobody #当服务器运行于最底层时使用的用户名
Pasv_address= (None) #使vsftpd在pasv命令回复时跳转到指定的IP地址. (server join jump?)

################ #服务器性能选项 ##############
Ls_recurse_enable=yes #是否能使用ls-r command to prevent wasting large amounts of server resources
One_process_model #是否使用单进程模式
Listen=yes bound to the port specified by Listen_port, since it is bound to be open every time, that's what standalone mode
Text_userdb_names=no #当使用者登入后使用ls-al such as the command to query the management of the file, the default will appear the owner's UID, not the owner of the file name #称. If you want the name of the owner to appear, turn this feature on.
Use_localtime=no #显示目录清单时是用本地时间还是GMT时间, can achieve the same effect by MDTM command
#use_sendfile =yes #测试平台优化

############### #信息类设置 ################
Ftpd_banner=welcome to FTP. #login时显示欢迎信息. If Banner_file is set, this setting is not valid
Dirmessage_enable=yes #允许为目录配置显示信息 to display the contents of the Message_file file below each directory
Setproctitle_enable=yes #显示会话状态信息, Off!

############## file Definition ##################
Chroot_list_file=/etc/vsftpd/vsftpd.chroot_list #定义不能更改用户主目录的文件
Userlist_file=/etc/vsftpd/vsftpd.user_list #定义限制/files that allow users to log on
Banner_file=/etc/vsftpd/banner #定义登录信息文件的位置
Banned_email_file=/etc/vsftpd.banned_emails #禁止使用的匿名用户登陆时作为密码的电子邮件地址
Xferlog_file=/var/log/vsftpd.log #日志文件位置
Message_file=.message #目录信息文件

############## Directory Definition #################
User_config_dir=/etc/vsftpd/userconf #定义用户配置文件的目录
Local_root=webdisk #此项设置每个用户登陆后其根目录为/home/username/webdisk
#定义本地用户登陆的根目录, note that defining a root directory can be a relative path or an absolute path. Relative paths are #来说的 for the user home directory.
Anon_root=/var/ftp #匿名用户登陆后的根目录

############ #用户连接选项 #################

max_clients=100 #可接受的最大client数目
Max_per_ip=5 #每个ip的最大client数目
Connect_from_port_20=yes #使用标准的20端口来连接ftp
listen_address=192.168.0.2 #绑定到某个IP, other IP cannot be accessed
listen_port=2121 #绑定到某个端口
ftp_data_port=2020 #数据传输端口
Pasv_max_port=0 #pasv连接模式时可以使用port the upper bound of the range, 0 means arbitrary. The default value is 0.
Pasv_min_port=0 #pasv连接模式时可以使用port the lower bound of the range, 0 means arbitrary. The default value is 0.

############# #数据传输选项 #################
anon_max_rate=51200 #匿名用户的传输比率 (b/s)
local_max_rate=5120000 #本地用户的传输比率 (b/s)

############# #安全选项 #################
idle_session_timeout=600 # (10 minutes after user session is idle)
DATA_CONNECTION_TIMEOUT=120 # (The data connection is idle for 2 minutes)
ACCEPT_TIMEOUT=60 # (Disconnect the client after 1 minutes of inactivity)
CONNECT_TIMEOUT=60 # (Interrupt 1 minutes and reconnect)
local_max_rate=50000 # (Local user transfer rate 50K)
anon_max_rate=30000 # (anonymous user transfer rate 30K)
pasv_min_port=50000 # (change the client's data connection port to
pasv_max_port=60000 #50000-60000)
MAX_CLIENTS=200 # (Maximum number of connections to FTP)
Max_per_ip=4 # (maximum number of connections per IP)
LISTEN_PORT=5555 # (data connection from Port 5555)

VSFTPD Master profile resolution in FTP server