Quickly setting up an FTP server is a common service used for file exchange, and it is currently used by large and small companies.

This time it is mainly based on the construction and configuration of vsftpd.

1. Introduction to vsftpd:

vsftpd is an FTP server running on a UNIX-like operating system. It can run on Linux, BSD, Solaris, HP-UNIX and other operating systems. It is a completely free ftp server software with source code development. You can find vsftpd in mainstream Linux distributions.

It has the following characteristics:

The program is small and light and easy to install. Security and stability have greatly improved compared to earlier FTP. The configuration is simple.

Second, learn to install and configure vsftpd:

Experimental environment: Centos 5.8 x86_64

Turn off the firewall and selinux in the test environment.

service iptables stop setenforce 0

1. Install vsftpd

yum -y install vsftpd

2. The directories and configuration files related to vsftpd

/ usr / sbin / vsftpd vsftpd main program. /etc/init.d/vsftpd vsftpd service control script. /etc/pam.d/vsftpd This is the configuration file when vsftpd uses the PAM module. It is mainly used to verify the identity of the FTP user account. / etc / vsftpd / Configuration file directory. /etc/vsftpd/vsftpd.conf vsftpd service main configuration file, use method: parameter = setting value. / etc / vsftpd / ftpusers is used in conjunction with the configuration file of the PAM module. It mainly fills in FTP user accounts, one per line. The / etc / vsftpd / user_list vsftpd service's own user account control file is related to the userlist_enable and userlist_deny parameters in the vsftpd.conf configuration file. / var / ftp / The default anonymous user root directory.

3. Detailed explanation of the main configuration file vsftpd.conf

The setting value more relevant to the server environment connect_from_port_20 = YES (NO) The port number of the FTP server used for active connection is the port number of FTP-date. listen_port = 21 vsftpd control port. dirmessage_enable = YES (NO) When the user enters a directory, whether to display the contents that need to be paid attention to in the directory, the file for displaying information is .message by default. message_file = .message When dirmessage_enable = YES, you can modify the file name of the default display message file. listen = YES (NO) Set to YES to start the server in stand alone mode, set to NO to start the server in super deamon mode. pasv_enable = YES (NO) To start passive mode, it must be set to YES. use_localtime = YES (NO) enable local time, generally need to be set to YES. Because vsFTPd defaults to GMT Greenwich Mean Time, which is 8 hours earlier than the time in the East Eight District, it will confuse the file time attribute on the server. write_enable = YES (NO) Whether to allow users to upload data. connect_timeout = 60 In the active mode of data connection, if the connection signal sent does not get a response from the client within 60 seconds, the connection is forced to be disconnected. accept_timeout = 60 When the user transmits data in PASV passive mode, if the host starts the passive port and waits for the client to respond for more than 60 seconds, it will force a disconnection. data_connection_timeout = 300 When the data connection between the client and the server has been established, if the data transmission cannot be successfully completed within 300 seconds, the client connection will be forcibly disconnected by vsFTPd. idle_session_timeout = 300 If the user has no command operation within 300 seconds, the connection is disconnected. max_clients = 0 When vsFTPd is running in stand alone mode, this parameter determines the number of connections allowed by the server with the same IP and the same time. max_per_ip = 0 is similar to max_clients above, here is how many connections can be allowed in the same IP at the same time? pasv_min_port = 0, pasv_max_port = 0 These two parameters specify the range of port numbers used in pasv mode, 0 means no limit. ftpd_banner = Some texts indicate that when logging in to FTP, the welcome message displayed can be set to display less content. Banner_file = / path / file This parameter can make up for the shortcomings of the FTPd_banner parameter, especially when more text information needs to be displayed on the server (such as site description, welcome text, etc.). The setting value guest_enable = YES (NO) that is more relevant to the physical user is to enable the guest user. If it is enabled, all non-anonymous users will be assumed to be guest guests. By default, visitors use FTP account-related permission settings, but can be modified by the parameter guest_username. guest_username = ftp takes effect only after guest_enable = YES is turned on, and is used to specify the identity of the guest. local_enable = YES (NO) Whether to allow physical user accounts in / etc / passwd to log in to vsFTPd server. local_max_rate = 0 The transmission speed limit of physical users, in bytes / second, 0 means no limit. chroot_local_user = YES (NO) Restrict physical users to their own home directory. The default value is NO. chroot_list_enable = YES (NO), chroot_list_file = / etc / vsftpd.chroot_list These two parameters need to be used together to limit the users listed in the chroot_list file to their default directories. userlist_enable = YES (NO), userlist_deny = YES (NO), userlist_file = / etc / vsftpd / user_list parameter userlist_enable = YES means to use the blocking mechanism of vsFTPd to deal with some unwelcome accounts listed in the user_list file; when userlist_deny = YES, the account in the user_list file will be rejected, when userlist_deny = NO, it means that the account in user_list is allowed to log in to the server; the setting value of anonymous login anonymous_enable = YES (NO) Whether to allow anonymous account anonymous login, the following parameters are all Take effect when allowed. anon_world_readable_only = YES (NO) Whether to allow anonymous users to have read-only permissions. anon_other_write_enable = YES (NO) Whether to allow the anonymous account to have write permission. anon_mkdir_write_enable = YES (NO) Whether to allow anonymous users to have permission to create directories. anon_upload_enable = YES (NO) Whether to allow anonymous users to have permission to upload files. deny_email_enable = YES (NO) If this function is activated, you must provide a file / etc / vsftpd / banner_emails with the content of email address. If you use anonymous login, you will be asked to enter the email address. If the entered email address is in this file, you will not be allowed to enter. The default value is NO. banned_email_file = / etc / vsftpd / banned_emails If deny_email_enable = YES, you can use this setting item to specify which email address is not allowed to log in to our vsftpd! In the file set above, enter an email address on one line! no_anon_password = YES (NO) This file is used to input email address. This file will be used only when deny_email_enable = YES. If you use anonymous login, you will be asked to enter the email address. If the entered email address is in this file, you will not be allowed to enter. anon_max_rate = 0 Set the maximum transmission speed used by anonymous login, the unit is B / s, 0 means no speed limit. The default value is 0. anon_umask = 077 sets the umask value when anonymous loginers add or upload files. The default value is 077, and the corresponding authority for newly created files is 700. Some settings regarding system security ascii_download_enable = YES (NO) Set whether to enable ASCII mode to download data. The default value is NO. ascii_upload_enable = YES (NO) Set whether to enable ASCII mode to upload data. The default value is NO one_process_model = YES (NO) Whether to use single process mode tcp_wrappers = YES (NO) Set whether vsftpd is combined with tcp wrapper to control access to the host. The default value is YES. If enabled, the vsftpd server will check the settings in /etc/hosts.allow and /etc/hosts.deny to determine whether the host requesting connection is allowed to access the FTP server. These two files can serve as a simple firewall function. xferlog_enable = YES (NO) Whether to enable upload / download logging. If enabled, the uploaded and downloaded information will be completely recorded in the file defined by xferlog_file. The default is on. xferlog_file = / var / log / xferlog Set the log file name and path, the default value is /var/log/vsftpd.log. xferlog_std_format = YES (NO) If enabled, the log file will be written in the standard format of xferlog, just like wu-ftpd. The default is off. dual_log_enable = YES, vsftpd_log_file = / var / log / vsftpd.log If this option is enabled, two similar log files will be generated, by default in the / var / log / xferlog and /var/log/vsftpd.log directories. The former is a wu-ftpd type transfer log, which can be analyzed using standard log tools; the latter is a Vsftpd type log. nopriv_user = nobody presets the running account of vsftpd service. pam_service_name = vsftpd sets the name used by PAM, the default value is /etc/pam.d/vsftpd.

4. Configuration example

Based on anonymous user configuration:

cd / etc / vsftpd / vim vsftpd.conf

write_enable = YES anonymous_enable = YES no_anon_password = YES anon_upload_enable = YES anon_mkdir_write_enable = YES anon_other_write_enable = YES anon_root = / data / vsftpd anon_world_readable_only = NO syslog_enable = YES connect_from_port_20 = YES vam_service

mkdir -p / data / vsftpd / upload chmod 777 / data / vsftpd / upload

Based on local user configuration:

cd / etc / vsftpd / vim vsftpd.conf

anonymous_enable = NO local_enable = YES write_enable = YES local_umask = 022 dirmessage_enable = YES xferlog_enable = YES connect_from_port_20 = YES xferlog_std_format = YES pam_service_name = vsftpd userlist_enable = YES listen = YES tcp_wrappers = YES userlist_deny = NO

useradd test echo test | passwd --stdin test echo "test" >> user_list

Virtual user-based configuration:

yum -y install db4-utils cd / etc / vsftpd / vim virtual_userlist.txt

test1 123456 test2 123456

db_load -T -t hash -f /etc/vsftpd/virtual_userlist.txt /etc/vsftpd/virtual_userlist.db chmod 600 /etc/vsftpd/virtual_userlist.db vim /etc/pam.d/vsftpd.vu

auth required /lib64/security/pam_userdb.so db = / etc / vsftpd / virtual_userlist account required /lib64/security/pam_userdb.so db = / etc / vsftpd / virtual_userlist

useradd virtual_user -d / data / vsftpd chmod 700 / home / ftpsite chown virtual_user.virtual_user / data / vsftpd / vim /etc/vsftpd/vsftpd.conf

anonymous_enable = NO local_enable = YES xferlog_enable = YES connect_from_port_20 = YES xferlog_std_format = YES listen = YES listen_port = 21 userlist_enable = YES guest_enable = YES guest_username = virtual_user pam_service_name = vsftpd.vu virtual_use_local_privs = YES ftpd_enable = en ftpd_enable = yes ftpd = NO anon_world_readable_only = NO anon_upload_enable = YES anon_mkdir_write_enable = YES anon_other_write_enable = YES local_umask = 022 download_enable = Yes local_root = / data / vsftpd

About server control:

service vsftpd {start | stop | restart | condrestart | status}

Client operation:

How to quickly build an FTP server?

Youth Utv

Youth Utv,Youth Side By Side Utv,Youth Utv Vehicle,Youth Electric Utv

Binzhou Daowang Power Co.,Ltd , https://www.dwutv.com