VSFTPD Service Configuration

I. Overview
1. Working mode:
Active mode: The server actively initiates a connection to the client
Passive mode: The server opens the appropriate port, waiting for the client to initiate the connection
2. Active mode port: Control 21 Transmit data 20
3. Passive Mode port: Random

Second, installation
1. Service Name: VSFTPD
2. Main configuration file:/etc/vsftpd/vsftpd.conf
3. Verification Method:
Anonymous access
Local User access
Virtual User Access
4. Software:
Server-side VSFTPD client FTP
Third, anonymous users

Anonymous_enable=yes: Enable anonymous access anon_umask=022: The permission mask for files uploaded by anonymous users (no this, default) Anon_root=/var/ftp: The FTP root of anonymous users Anon_upload_ Enable=yes: Allow files to be uploaded (both server and directory permissions need to be set) Anon_mkdir_write_enable=yes: Allow directory creation anon_other_write_enable=yes: Open Other write rights anon_ Max_rate=0: Limit Maximum transfer rate (Bytes/sec)

Iv. Local Users

Local_enable=yes: Whether to enable Local System user local_umask=022: Permission mask for files uploaded by local Users local_root=/var/ftp: Set the FTP root of the local user chroot_local_user= YES: Whether to imprison the user in the home directory local_max_rate=0: Limit the maximum transfer rate (Bytes/sec)

Common Global Configuration items:

listen_address=192.168.4.1: Set the IP address of the listener listen_port=21: Set the port number that listens to the FTP service Write_enable=yes: Write permission is enabled Download_ Enable=yes: Whether to allow download of files Max_clients=0: Limit concurrent client connections Max_per_ip=0: Limit the number of concurrent connections to the same IP address pasv_min_port=50000 change the client's data connection port to Pasv_max Between _port=60000 50000-60000)

Access Restrictions:

Userlist_enable=yes: Whether to enable User_list list file Userlist_deny=yes: Disable user userlist_deny=no in user_list;

Additional security options:

Connect_timeout=60accept_timeout=60data_connection_timeout=300idle_session_timeout=300ftpd_banner=xxx and Banner_ File=/path/filetcp_wrappers=yes

V. Access control

Userlist_enable=yesuserlist_deny=yes users who appear in the/etc/vsftpd/user_list file will be denied access to the FTP server Userlist_enable=yesuserlist_ Deny=no only allow users who appear in the/etc/vsftp/user_list file to log in to the FTP server/etc/vsftpd/ftpusers users who appear in the file, all deny access to the FTP server, regardless of user_list do any settings

VI, virtual users     
     Features:
        a, reduce data for system users, Improve system security
        b, set different access rights according to different users
Create account data:
1. Establish the account database file for the virtual FTP user
2. System user creating FTP root and virtual user mappings
3. Establish a PAM authentication file that supports virtual users
Add virtual user support
4. Add support configuration in the vsftpd.conf file
5. Create a separate profile for individual virtual users
Start the service and test
6. Reload VSFTPD Configuration
7. Access test using Virtual FTP account

[Email protected]]# vi/etc/vsftpd/vusers.list #建立虚拟用户zhangsan123lisi456 [[Email protected]]# cd/etc/vsftpd/[[email P Rotected] vsftpd]# db_load-t-t hash-f vusers.list vusers.db #建立虚拟FTP用户的帐号数据库文件 [[email protected] vsftpd]# file VUser S.db #查看数据库文件vusers. Db:berkeley db (Hash, version 8, native byte-order) [[email protected] vsftpd]# chmod 600/etc/vsft Pd/vusers.*[[email protected] vsftpd]# ls-lh/etc/vsftpd/vusers.*-rw-------1 root root 12K 02-26 08:51/etc/vsftpd/vuser S.DB-RW-------1 root root 02-26 08:48/etc/vsftpd/vusers.list

2. Create FTP root and virtual user mappings for system users

[Email protected]]# useradd-d/var/ftproot-s/sbin/nologin virtual[[email protected]]# chmod 755/var/ftproot/

3. Establish a PAM authentication file that supports virtual users

[Email protected]]# vi/etc/pam.d/vsftpd.vu#%pam-1.0auth required pam_userdb.so Db=/etc/vsftpd/vusersaccount Required Pam_userdb.so Db=/etc/vsftpd/vusers

4. Add the support configuration in the vsftpd.conf file

[Email protected] ~]# vi/etc/vsftpd/vsftpd.conf......local_enable=yeswrite_enable=yesanon_umask=022guest_enable= Yesguest_username=virtualpam_service_name=vsftpd.vu

5. Create separate profiles for different virtual users
Adding User Configuration directory support in the vsftpd.conf file
User_config_dir=/etc/vsftpd/vusers_dir
Create separate configuration directories and files for user Mike and John
The configuration file name is the same as the user name

[[email protected] ~]# mkdir/etc/vsftpd/vusers_dir/[[email protected] ~]# Cd/etc/vsftpd/vusers_dir/[[email protected] vusers_dir]# vi zhangsananon_upload_enable=yesanon_mkdir_write_enable=yes[[email protected] vusers_dir]# touch Lisi

This article is from the "stand in the Cloud" blog, be sure to keep this source http://9827789.blog.51cto.com/9817789/1664445

VSFTPD Service Configuration