1. vsftpd description:
There are many softwares that implement FTP services under LINUX, the most common ones are vsftpd, Wu-ftpd and Proftp. The default installation in Red Hat Enterprise Linux is vsftpd.
Access to the FTP server requires authentication , only after passing the relevant verification of the FTP server can users access and transfer files. vsftpd provides 3 ftp login forms:
(1) anonymous (anonymous account)
Using anonymous is a widely used FTP server. If If the user does not have an account on the FTP server, the user can log in with anonymous as the user name and his or her email address as the password. When the anonymous user logs in to the FTP server, the login directory is the root directory of the anonymous FTP server /var/ftp .In order to reduce the load on the FTP server, under normal circumstances, the upload function of anonymous accounts should be turned off.
(2) real (real account)
real is also called a local account, which is to log in with a real username and password, but The prerequisite is that the user has his own account on the FTP server. After logging in with a real account, the directory he logs in to is the user's own directory, which is automatically created by the system when the system creates an account.
(3) Guest (virtual account) )
If the user has an account on the FTP server, but this account can only be used for file transfer services, then the account is a guest. Guest is a form of real account. The difference between them is that after geust logs in to the FTP server , cannot access content other than the host directory.
II. FTP related configuration file description
The related configuration files include /etc/vsftpd/vsftpd.conf, /etc/vsftpd.ftpusers, /etc/vsftpd.user_list , when configuring the FTP server, mainly modify the relevant statements in these files.
1.vsftpd.conf file description
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES //Whether anonymous login to the FTP server is allowed, the default is allowed.
#
# Uncomment this to allow local users to log in.
local_enable=YES //Whether local users are allowed to log in to the FTP server, the default is allowed
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES //Whether the user is allowed to have the permission to write in the FTP server file ,The default is allowed
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022 / /Set the file generation mask for local users to 022, the default is 077
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories .
#anon_mkdir_write_enable=YES //Whether anonymous accounts are allowed to create directories in the FTP server
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES //Activate directory information. When the remote user changes the directory, a prompt message will appear
#
# Activate logging of uploads/downloads.
xferlog_enable=YES //Enable upload and download log functions
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES //Enable connection request for FTP data port
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log //Set the file name and storage path of the log file, this is the default
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES//Whether to use the standard ftpd xferlog log file format
#
# You may change the default value for timing out an idle session.
#idle_session_timeout= 600 //Set the idle user session interruption time, the default is 10 minutes
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120//Set the data connection timeout, the default is 120 seconds.
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES //是否允许使用ASCII格式来上传和下载文件
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.//在FTP服务器中设置欢迎登录的信息.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES //如果希望用户登录后不能切换到自己目录以外的其它目录,需要设置该项,如果设置chroot_list_enable=YES,那么只允许/etc/vsftpd.chroot_list中列出的用户具有该功能.如果希望所有的本地用户都执行者chroot,可以增加一行:chroot_local_user=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
pam_service_name=vsftpd //设置PAM认证服务的配置文件名称,该文件存放在/etc/pam.d/目录下.
userlist_enable=YES //用户列表中的用户是否允许登录FTP服务器,默认是不允许
#enable for standalone mode
listen=YES //使vsftpd 处于独立启动模式
tcp_wrappers=YES //使用tcp_wrqppers作为主机访问控制方式
2.vsftpd.ftpusers文件说明
这个文件是用来记录"不允许"登录到FTP服务器的用户,通常是一些系统默认的用户.
下面是该文件中默认的不允许登录的名单:
# Users that are not allowed to login via ftp
root //默认情况下,root和它以下的用户是不允许登录FTP服务器的.可以将不允许登录的用户添加到这里来.但切记每个用户都要单独占用一行.
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
3.vsftpd.user_list文件说明
其实它的内容跟上面那个文件内容一样,只是在系统对文件vsftpd.conf 进行检测时,会检测到"userlist_deny=YES",因此这个文件必须存在.下面是这个文件的内容.
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
更多linux FTP配置详解相关文章请关注PHP中文网!