Of Stack

The Linux method for configuring the VSFTP server

  • 2020-05-15 03:17:27
  • OfStack

1. Linux FTP server classification:

< 1 > wu-ftp
< 2 > proftp=profession ftp
< 3 > vsftp=very security ftp

Profile:
/ etc vsftpd/vsftpd conf / / the main configuration file
/etc/ vsftpd.ftpusers // is not allowed to log in FTP's user files
/etc/ vsftpd.user_list // allows you to login to FTP's user files

2. Access method

< 1 > Anonymous logins
< 2 > Account login
Start FTP server:
#service vsftpd restart

3. Configure the vsftp server

1. Description of vsftpd. conf parameters: 


#vi /etc/vsftpd/vsftpd.conf
<1>anonymous_enable=YES : controls anonymous login 
<2>local_enable=YES : allow local account to login 
<3>write_enable=YES : controls writable permissions 
<4>local_umask=022 : controls the permission mask of the local file 
<5>anon_upload_enable=YES : controls whether anonymous uploads are allowed ( with anon_mkdir_write_enable=YES Turn on or off at the same time )
<6>anon_mkdir_write_enable=YES : controls permissions to allow anonymous writes and directory creation 
<7>xferlog_enable=YES : controls the logging of uploads or downloads 
<8>connect_from_port_20=YES : controls the connection port 
<9>chown_uploads=YES : whether to allow the upload of the file owner (with chown_username=whoever On or off at the same time) 
<10>chown_username=whoever : allowed to upload the file owner for whoever
<11>xferlog_file=/var/log/xferlog : log the location 
<12>xferlog_std_format=YES : log in, upload and download records in standard format 
<13>data_connection_timeout=120 : transmission time 
<14>nopriv_user=ftpsecure: Using special users ftpsecure
<15>ftpd_banner=Welcome to blah FTP service : login welcome information 
<16>deny_email_enable=YES : rejected email address 
<17>banned_email_file=/etc/vsftpd/banned_emails : list of rejected email addresses 
<18>chroot_list_enable=YES : (with chroot_list_file=/etc/vsftpd/chroot_list On or off at the same time) 
<19>chroot_list_file=/etc/vsftpd/chroot_list : can only access this directory, can not access the superior directory 
<20>userlist_enable=YES Opening: /etc/vsftpd.user_list file

2. Configure anonymous login

#vi /etc/vsftpd/vsftpd.conf
anonymous_enable=YES(default)
Start vsftpd server:
#service vsftpd restart
#service iptables stop
Default directory for anonymous login:
/var/ftp/pub
Open anonymous upload and write permissions:
#vi /etc/vsftpd/vsftp.conf
anon_upload_enable=YES
anon_mkdir_write_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd/chroot_list
Open permissions for the default Shared directory
#chmod 777 /var/ftp/pub
Note: anonymous can be uploaded to download, but can not be deleted;

3. Local account login

< 1 > Disable anonymous login

Modify the configuration file
#vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO

< 2 > Open to those users who can log in and those who can refuse to log in

#vi /etc/vsftpd/vsftpd.conf
userlist_deny=NO (new addition)
If it is #userlist_deny=NO, then by default all users can log in FTP. If you want to limit the user to not be able to log in, add the user name to this file /etc/ vsftpd.ftpusers, then this user name will refuse to log in FTP.
Create the user and add it to the corresponding control file
#useradd us1
#useradd us2
#passwd us1
#passwd us2
Users allowed to log in to FTP:
#echo us1 > > /etc/vsftpd.user_list
#echo us2 > > /etc/vsftpd.user_list
Start FTP server:
#service vsftpd restart
Note: account login FTP, the default is to log in at home directory;
Users who are not allowed to log on to FTP: #echo us3 > > /etc/vsftpd.ftpusers

< 3 > Restrict the logged-in user to the local home directory:

#vi /etc/vsftpd/vsftpd.conf
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
Create a list file for restricted users and add a restricted user name
#vi /etc/vsftpd.chroot_list
us2
Save the exit
#service vsftpd restart

< 4 > Limit the speed of anonymous uploads:

#vi /etc/vsftpd/vsftpd.conf
anon_max_rate=5000 // by default 5000 represents the 5K speed in bytes

< 5 > Limit the upload speed of local accounts:

local_max_rate=5000 // in bytes per second

< 6 > Limit different speeds for different users (this speed first limits the speed of all users) :

#vi /etc/vsftpd/vsftpd.conf
Add the next row
user_config_dir=/etc/vsftpd/userconf
#mkdir /etc/vsftpd/userconf create a directory
# vi/etc/vsftpd/userconf/user1 (user1 is to limit the speed of the user name)
local_max_rate=25000

< 7 > Customized welcome message:

#vi /etc/vsftpd/vsftpd.conf
ftpd_banner=Welcome to Huayu FTP service.

< 8 > Limit the number of server connections and connections to IP

1, max_clients

You can use this parameter to define the maximum total online number. Any more than that will deny you access, with 0 being unlimited. The default value is 0.
2, max_per_ip

Use this parameter to define the number of online connections per ip address. Any more than that will deny you access, with 0 being unlimited. The default value is 0.

< 9 > Virtual FTP user Settings

1. Set up a virtual user password database file

#vi /etc/vsftpd/logins.txt
vuser1 123
vuser2 321
Odd lines in the password library file set the username, and even lines set the password

2. Generate the vsftpd authentication file

# db_load T - t hash - f/etc/vsftpd/logins txt etc/vsftpd/vsftpd_login db # # file generated authentication

3. Set the authentication file to be readable and writable only for root users

# chmod 600 /etc/vsftpd/vsftpd_login.db

4. Set up the PAM configuration file required by the virtual user, and manually set up the vsftpd.vu file

# cat /etc/pam.d/vsftpd.vu
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

5. Set up system user accounts for all FTP virtual user accounts, and set the permissions of the host directory of the account

# useradd -d /home -s /sbin/nologin /ftpsite virtual
# chmod 700 /home/ftpsite

6. Set the vsftpd.conf configuration file

#vi /etc/vsftpd/vsftpd.conf
Add the configuration content of the virtual user to the configuration file
guest_enable=YES
guest_username=virtual
pam_service_name= vsftpd.vu (corresponding to the PAM file you just created)
user_config_dir=/etc/vsftpd/user_config_dir (specify the configuration directory for each virtual user account,)
local_root=/www (this line is not available, the virtual user logs in to /ftpsite)

7. Configure the Settings of the virtual user name

# mkdir-p /etc/vsftpd/user_config_dir (master profile)
# mkdir-p /www/vuser1 (create virtual home directory)
# chmod-R 777 /www/vuser1 (set permissions)
#touch /etc/vsftpd/user_config_dir/vuser1 (for the vuser1 permissions profile)
#echo "anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
local_root=/www/feixiang
anon_mkdir_write_enable=YES" > /etc/vsftpd/user_config_dir/vuser1

8. Restart the vsftpd service program

# service vsftpd restart
You should now be able to log in with your virtual account.

< 9 > Virtual FTP user Settings

1. Set up a virtual user password database file

#vi /etc/vsftpd/logins.txt
vuser1 123
vuser2 321
Odd lines in the password library file set the username, and even lines set the password

2. Generate the vsftpd authentication file

# db_load T - t hash - f/etc/vsftpd/logins txt etc/vsftpd/vsftpd_login db # # file generated authentication

3. Set the authentication file to be readable and writable only for root users

# chmod 600 /etc/vsftpd/vsftpd_login.db

4. Set up the PAM configuration file required by the virtual user, and manually set up the vsftpd.vu file

# cat /etc/pam.d/vsftpd.vu
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

5. Create system user accounts for all FTP virtual user accounts, and set the permissions of the host directory of the account

# useradd -d /home -s /sbin/nologin /ftpsite virtual
# chmod 700 /home/ftpsite

6. Set the vsftpd.conf configuration file

#vi /etc/vsftpd/vsftpd.conf
Add the configuration content of the virtual user to the configuration file
guest_enable=YES
guest_username=virtual
pam_service_name= vsftpd.vu (to correspond to the PAM file you just created)
user_config_dir=/etc/vsftpd/user_config_dir (specify the configuration directory for each virtual user account,)
local_root=/www (not available on this line, virtual user logged in to /ftpsite)

7. Configure the Settings of the virtual user name

# mkdir-p /etc/vsftpd/user_config_dir (master configuration file)
# mkdir-p /www/vuser1 (create virtual home directory)
# chmod-R 777 /www/vuser1 (set permissions)
#touch /etc/vsftpd/user_config_dir/vuser1 (permissions profile for vuser1)
#echo "anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
local_root=/www/feixiang
anon_mkdir_write_enable=YES" > /etc/vsftpd/user_config_dir/vuser1

8. Restart the vsftpd service program

# service vsftpd restart
You should now be able to log in with your virtual account.

Related articles: