VSFTPD-CodePudding

1. The default configuration:

1> Allow anonymous users and local user login,

Anonymous_enable=YES

Local_enable=YES

2> Anonymous users that use the land called FTP or anonymous, password is empty. Anonymous users cannot leave the anonymous user home directory/var/FTP, download only and not upload,

3> Local user login called local user name and password for this local user password; Local users can read and write operations in own home directory; Local users can leave his switch to have access to other directory, and in the case of permissions allow to upload/download,

Write_enable=YES

4> Write in the file/etc/VSFTPD. Ftpusers banned logging in the local users,

2. The configuration file format:

VSFTPD. Conf content is very simple, each row is a set, if it is a blank line or a line, beginning to # will be ignored, there is only one kind of the format of the content, as shown in the following

The option value of=

Note that on both sides of the equal sign cannot be blank,

3. The anonymous user (anonymous) setting

Anonymous_enable=YES/NO (YES)

Control whether to allow anonymous users to log in, YES to allow anonymous login, NO is not allowed, the default value is YES,

Write_enable=YES/NO (YES)

Whether to allow land users have write permissions, belongs to the global Settings, the default value is YES,

No_anon_password=YES/NO (NO)

If launch this feature, when using anonymous access, do not ask the password, the default value is NO,

Ftp_username=FTP

Definition of anonymous login user name, the default value is FTP,

Anon_root=/var/FTP

When using anonymous login, the login directory, the default value is/var/FTP, pay attention to the FTP directory cannot be 777 permissions attribute, namely the anonymous user's home directory cannot have 777 permissions,

Anon_upload_enable=YES/NO (NO)

If set to YES, then allow anonymous log on who has the authority to upload the file directory (not), only in write_enable=YES, this is valid, of course, the anonymous user has to be written to the right of the upper directory, the default value is NO,

Anon_world_readable_only=YES/NO (YES)

If set to YES, then allow anonymous login download can read files (can be downloaded to the machine to read, can't directly open the reading) in the FTP server, the default value is YES,

Anon_mkdir_write_enable=YES/NO (NO)

If set to YES, then a new directory permissions allow anonymous login, only in write_enable=YES, this is valid, of course, the anonymous user has to be written to the right of the upper directory, the default value is NO,

Anon_other_write_enable=YES/NO (NO)

If set to YES, the person that allow anonymous login more than upload or create the directory permissions, such as delete or rename, (if the anon_upload_enable=NO anonymous user can't upload files, but you can delete or rename the existing files; If anon_mkdir_write_enable=NO, anonymous user can't upload or new folder, but you can delete or rename the folder already exists, the default value is NO,

Chown_uploads=YES/NO (NO)

Set whether to change the anonymous users to upload files (directory) belongs to the Lord, the default value is NO,

Chown_username=username

Sets (not anonymous users to upload files directory) owner name, not recommended set to root,

Anon_umask=077

Set anonymous login the new or the umask value when uploading files, the default value is 077, is a new file corresponding permissions to 700,

Deny_email_enable=YES/NO (NO)

If launch this feature, you must provide a file/etc/VSFTPD/banner_emails, content for email address, if use anonymous login, will be required to enter your email address, if enter email address in this file, are not allowed to enter, the default value is NO,

Banned_email_file=/etc/VSFTPD/banner_emails

This file is used to enter email address, only in deny_email_enable=YES, will only be used to this file, if use anonymous login, will be required to enter your email address, if enter email address in this file, are not allowed to enter,

4. The local user Settings

Local_enable=YES/NO (YES)

Control whether to allow local users to log in, YES to allow local users to log in, NO is not allowed, the default value is YES,

Local_root=/home/username

When local user login, will be replaced to define directory, default values for each user's home directory,

Write_enable=YES/NO (YES)

Whether to allow land users have write permissions, belongs to the global Settings, the default value is YES,

Local_umask=022

Local users the umask value when the new file, the default value is 077,

File_open_mode=0755

Local users to upload files after the file permissions, and the same numerical chmod use, the default value is 0666,

5. Welcome to language Settings

Dirmessage_enable=YES/NO (YES)

If start this option, then the user enter a directory for the first time, it will check whether the directory. The message of this file, if any, will appear the file content, usually this file will be placed welcome speech, or of the directory, the default value is open,

Message_file=. Message

Set the directory message file, but will display information written to the file, the default value is. Message,

Banner_file=/etc/VSFTPD/banner

When the user login, will display the file content, in which the set is usually welcome words or specifications, the default value is no, if the welcome message is more, the use of the configuration items,

Ftpd_banner=Welcome to BOB's FTP server

Here are used to define string, welcome words banner_file is a form of archives, and ftpd_banner is the form of a string, the default is no,

6. Control the user whether to allow the switch to the superior directory

After under the default configuration, the local user login FTP can use the CD command to switch to other directories, it will bring safe hidden trouble, the system can through the following three configuration files to control switch user directory,

Chroot_list_enable=YES/NO (NO)

Set whether to enable chroot_list_file configuration items specified user list file, the default value is NO,

Chroot_list_file=/etc/VSFTPD. Chroot_list

Is used to specify the user list file, the file is used to control which users can switch to the user's home directory superior directory,

Chroot_local_user=YES/NO (NO)

Is used to specify the user list in the file the user is allowed to switch to the superior directory, the default value is NO,

Through the collocation can achieve the following effects:

(1) when chroot_list_enable=YES, chroot_local_user=YES, in the/etc/VSFTPD chroot_list documents listed in the user, you can switch to other directory; Not in the documents listed in the user, not to switch to other directory,

(2) when chroot_list_enable=YES, chroot_local_user=NO, in the/etc/VSFTPD chroot_list documents listed in the user, can't switch to other directory; Not in the documents listed in the user, you can switch to other directory,

(3) when chroot_list_enable=NO, chroot_local_user=YES, all users can't switch to other directories,

(4) when chroot_list_enable=NO, chroot_local_user=NO, all users can switch to other directory,

7. The data transmission mode setting

FTP when transmitting data, you can use the binary mode, you can also use ASCII mode to upload or download data,

Ascii_upload_enable=YES/NO (NO)

Upload data set whether to enable the ASCII mode, the default value is NO,

Ascii_download_enable=YES/NO (NO)

Download data set whether to enable the ASCII mode, the default value is NO,

8. Access control Settings

Two kinds of control mode: a host access control, another user access control,

(1) the control host access:

Tcp_wrappers=YES/NO (YES)

Sets whether VSFTPD combined with TCP wrapper for host access control, the default value is YES, if enabled, the VSFTPD server checks the/etc/hosts. Allow and/etc/hosts. Deny the Settings, to determine the host request connection, whether to allow access to the FTP server, these two files can play a simple firewall functions,

For example, if you want to allow only 192.168.0.1-192.168.0.254 users can connect to the FTP server, in the/etc/hosts. Allow file add the following content:

VSFTPD: 192.168.0. : allow

All: all: deny

(2) to control user access:

Access control for the user through the/etc directory VSFTPD. User_list and ftpusers file,

Userlist_file=/etc/VSFTPD. User_list

Inside control user access to FTP file, the user name, a user name,

Userlist_enable=YES/NO (NO)

Whether to enable VSFTPD. User_list file,

Userlist_deny=YES/NO (YES)

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull