Detailed configuration explanation of vsftpd

Go to http://blog.51cto.com/cuimk/1306637

If the update speed on the development side is faster, countless files or directories will be handed over to the operation and maintenance to update and go online every day, which is more troublesome. Simply give them FTP and let them upload and modify themselves, but there is one problem, that is, the problem of permissions. The company has five There are five directories on the site, and each person is responsible for a different site. How to keep each other from interfering with others, or to "destroy" other people's directories! Solve this problem below!

 

one. Check the installation of vsftpd in Linux.

no more verbose

two. Turn off SELinux in the system, and then restart the computer (you can also modify the label if it is not turned off)

How to turn off SELinux:

Modify SELINUX="" in the /etc/selinux/config file to disabled, then restart.

If you don't want to reboot the system, use the command setenforce 0

Note:

setenforce 1 Set SELinux to enforcing mode

setenforce 0 sets SELinux into permissive mode

Add: selinux=0 to the boot parameters of lilo or grub, you can also turn off selinux

setsebool ftpd_disable_trans 1

 

three. Create a user and specify a directory

Note: To make the corresponding permissions for the directory, it is best to modify it before specifying the ftp home directory

Then change the value of local_umask in the vsftpd.conf configuration file to 000. The default directory is 777, and the file defaults to 666.

#useradd -d /var/www -s /sbin/nologin ftp3

#passwd ftp3

Create user ftp3, and specify its home directory as /var/www, prohibit login

 

#useradd -d /var/web -s /sbin/nologin ftp4

#passwd ftp4

Create user ftp4, and specify its home directory as /var/web, prohibit login

 

In this way, ftp3 and ftp4 users are assigned to the corresponding folders.

 

Four. Modify the vsftpd.conf configuration file

Change anonymous_enable to NO to prevent anonymous uploads

Remove the comments of chroot_list_enable and chroot_list_file to prevent users from accessing upper-level directories

 

Fives. Create a chroot_list file under /etc/vsftpd

After the establishment is completed, add users ftp3 and ftp4 (one per line) to allow access to the specified directory only.

 

six. Start or restart the ftp service.

#service vsftpd restart(start)

 

After the startup is successful, you can access the ftp service.

 

 

Some configurations of vsftpd.conf are attached below

1. Anonymous server connection (standalone server)

Add the following items to the /etc/vsftpd/vsftpd.conf configuration file:

Anonymous_enable=yes (allow anonymous login)

Dirmessage_enable=yes (when switching directories, the contents of .message in the directory are displayed)

Local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (enable data connection for FTP data port)*

Xferlog_enable=yes (enable upload and download logs)

Xferlog_std_format=yes (use standard log format)

Ftpd_banner=XXXXX (welcome message)

Pam_service_name=vsftpd (authentication method)*

Listen=yes (standalone VSFTPD server)*

Function: can only connect to FTP server, can not upload and download

Note: All of them related to the log welcome information are optional, no matter what account is marked with an asterisk, it must be added, which is the basic option of FTP

2. Enable anonymous FTP server upload permission

Just add the following information to the configuration file:

Anon_upload_enable=yes (open upload permission)

Anon_mkdir_write_enable=yes (can create a directory and upload files in this directory)

Write_enable=yes (open local user write permission)

Anon_other_write_enable=yes (anonymous accounts can have delete permissions)

3. Enable anonymous server download permission

Add the following information to the configuration file:

Anon_world_readable_only=no

Note: Pay attention to the attributes of the folder, the anonymous account is the permission for other users to open its read and write execution

(R) Read--Download (W) Write--Upload (X) Execute--If you don't open the FTP directory, you can't enter

4. Connection to a common user FTP server (standalone server)

Add the following information to the configuration file:

Local_enble=yes (local account can log in)

Write_enable=no (local account is not authorized to delete and modify files after logging in)

Function: You can log in to the vsftpd server with a local account, and have the permission to download and upload

Note: After the anonymous login information is prohibited, the anonymous server can still log in but cannot be uploaded or downloaded.

5. User login is restricted to other directories, only its home directory

Set all local users to execute chroot

Chroot_local_user=yes (all local accounts can only be in their own directory)

Set the specified user to execute chroot

Chroot_list_enable=yes (list in file can be called)

Chroot_list_file=/any specified path/vsftpd.chroot_list

Note: vsftpd.chroot_list is not created and needs to be added by yourself. If you want to control the account, you can directly add the account to the file

6. Restrict local user access to FTP

Userlist_enable=yes (use userlistlai to restrict user access)

Userlist_deny=no (people in the list are not allowed access)

Userlist_file=/path where the specified file is stored/ (path where the file is placed)

Note: Open userlist_enable=yes anonymous account cannot log in

7. Security Options

Idle_session_timeout=600(seconds) (10 minutes after user session is idle)

Data_connection_timeout=120 (seconds) (disconnect the data connection idle for 2 minutes)

Accept_timeout=60 (seconds) (interrupt the client after 1 minute of idle time)

Connect_timeout=60 (seconds) (reconnect after 1 minute interruption)

Local_max_rate=50000 (bite) (local user transfer rate 50K)

Anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)

Pasv_min_port=50000 (change the client's data connection port to

Pasv_max_port=60000 between 50000-60000)

Max_clients=200 (maximum number of FTP connections)

Max_per_ip=4 (maximum number of connections per IP)

Listen_port=5555 (data connection from port 5555)

8. See who is logged into FTP and kill its process

ps –xf |grep ftp

kill process ID

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325063285&siteId=291194637