Using vsftp to build an FTP server under Linux (with parameter description)

introduce

This chapter mainly introduces the process of building an FTP server in Linux. The key point to master is the reasonable configuration of the configuration file.

Knowledge Points

The FTP used in Linux is vsftp
FTP can have three login methods:

• Anonymous login: No user password required
• Local user login: Log in using a local user and password
• Virtual user mode: also use the user and password to log in, but the user is not the user created in Linux
  

Install FTP

Install using YUM

yum -y install vsftpd

File Configuration

After installation, there will be three configuration files in the /etc/vsftpd/ path.

vsftpd.conf: main configuration file

ftpusers: Specifies which users cannot access the FTP server. The users here include some important users such as root.

user_list: Whether the specified users can access the FTP server is determined by the userlist_deny configuration in the vsftpd.conf file. userlist_enable=YES, userlist_deny=YES, userlist_file=/etc/vsftpd/user_list. These three configurations allow users in the file to access FTP.

View the default configuration of the main configuration file

cat /etc/vsftpd/vsftpd.conf |grep -v '^#';

anonymous_enable=YES #Allow anonymous users

local_enable=YES #Allow login using local user account

write_enable=YES #Allow ftp users to write data

connect_from_port_20=YES #Transmit data through port 20

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES

pam_service_name=vsftpd
tcp_wrappers=YES
chroot_local_user=yes

Some other parameter descriptions include:

ftpd_banner=welcome to ftp service : Set the welcome message after connecting to the server

idle_session_timeout=60: After limiting the remote client connection, the control connection established will be disconnected after a certain period of time without any operation (in seconds)

data_connection_timeout=120: Set the idle data interruption time when the client is transmitting data

accept_timeout=60 sets the time after which a connection is automatically established

connect_timeout=60 sets the maximum activation time of the data connection, how long it takes to disconnect and be used by others;

max_clients=200 indicates that the total number of concurrent client connections to the server is 200

max_per_ip=3 indicates that the maximum number of connections per client is 3

local_max_rate=50000 (50kbytes/sec) local user maximum transmission rate limit

anon_max_rate=30000 The maximum transmission rate limit for anonymous users

pasv_min_port=Port

pasv-max-prot=The port number defines the maximum and minimum ports, and 0 means any port; it specifies the port for the client connection;

listen_address=IP address sets the address that the ftp service listens to, which address the client can use to connect;

listen_port=port number sets the port number for FTP work, the default is 21

local_root=path defines the home directory of the login account for any user who can log in. If not specified, each user enters the personal home directory;

chroot_local_user=yes/no whether to lock the local system account user home directory (all); after locking, the user can only access the user's home directory /home/user;

chroot_list_enable=yes/no Enable not locking the list of users in the home directory

chroot_list_file=/etc/vsftpd/chroot_list specifies the list file

userlist_enable=YES/NO whether to load the user list file;

userlist_deny=YES means the users loaded above are allowed to log in;

userlist_file=/etc/vsftpd/user_list specifies the list file

Create an FTP connection user

Create user ftpuser
useradd ftpusr

Set the user to only have FTP access but not login
usermod -s /sbin/nologin ftpuser

Set User Password
passwd ftpusr

The user's default home directory is under /home, and the current user can only access the home directory.

Change the user's home directory to /mnt

usermod -d /mnt ftpuser

Start FTP Service

service vsftpd start

test

Create a test file in the /mnt directory

touch /mnt/test

Connect FTP

Solve the problem of common FTP login failure

Linux has a security mechanism by default. You cannot connect to the ftp server using the ordinary ftp port 21, but you can use sftp. At this time, you need to turn off selinux, and modify the configuration file to restart the server.

vim /etc/sysconfig/selinux

Change to selinux=disabled

Method without restarting the server:

setenforce 0

setenforce 1 : Set SELinux to enforcing mode
setenforce 0 : Set SELinux to permissive mode

Check SELinux status

/usr/sbin/sestatus -v

Summarize

There are some other configuration methods that are not listed here for the time being. If you are interested, you can go and study them in depth.