Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to install and configure vsftpd under Suse Linux 10. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

First, download

Download address of vsftpd:

Ftp://vsftpd.beasts.org/users/cevans/

Download the vsftpd-2.0.5.tar.gz file of the source code package and extract it:

Tar xzvf vsftpd-2.0.5.tar.gz

Get the folder vsftpd-2.0.5, and I copy it to the / usr/local/src directory.

II. Compilation

In general, vsftpd requires the user nobody, which generally already exists. If it does not exist, use useradd nobody to establish it.

And / usr/share/empty is required for installation as a temporary directory, which generally already exists. But it's not on my system, and I need to build it myself. Look at the Makefile file to learn how to compile, and then compile:

Make vsftpd

Then install:

Make install

When the installation is complete, check the / etc/xinetd.d/ directory for more vsftpd scripts.

III. Configuration

Vsftpd

There are two configuration files commonly used in: / etc/ftpusers and / etc/vsftpd.conf, of which / etc/vsftpd.conf is the most important. But after I installed it,

Later, I found that there was no vsftpd.conf file under / etc. I copied the vsftpd.conf file from the source folder to the / etc directory.

(1) / etc/ftpusers

This configuration file is simple, and FTP cannot be used as long as the user's name is in this file.

(2) main configuration file of / etc/vsftpd.conf:vsftpd

There are many parameters in vsftpd.conf, so let's introduce them one by one:

# if you don't modify this file, you can get an anonymous FTP server with a minimum setting

# default settings only allow login using anonymous

# write_enable=YES

# write_enable=YES allows users to have write permission. The default value is NO

# dirmessage_enable=YES

# when a user enters a directory, if a .message file exists in the directory, the contents of the file are displayed, which is usually used to inform

# this directory stores the information of files. The default is NO.

# nopriv_user=ftpsecure

# specify the account under which vsftpd provides FTP services. The default value is nobody. In this way, even if it is cracker***vsftpd,cracker, it can only get the permission of nobody.

# ls_recurse_enable=YES

The default value of # ls_recurse_enable is YES, which means that ls-Rl / is disabled because this directive consumes a lot of system resources.

# no_anon_password=NO

The default value of # no_anon_password is NO, which means that anonymous can log in to the FTP server without entering a password.

# hide_ids=YES

# default is NO. If set to YES, login to FTP server will find that all files and directories have ftp owners and groups.

#

# Local FTP user Settings

# FTP-related settings for local users (ordinary user account in / etc/passwd)

#

# local_enable=YES

The default value of # local_ support is NO, which means that ordinary users in / etc/passwd cannot use the FTP service.

# local_umask=022

# local-umask means that when Local User uploads a file, the file permissions will be calculated using the specified umask. The default value is 077.

# chroot_local_user=YES

The purpose of # chroot_local_user is to change the user's HOME directory to the root directory after their FTP login, so that all Local User

# you cannot leave the home directory. Its default value is NO.

# chroot_list_enable=YES

# chroot_list_file=/etc/vsftpd.chroot_list

# if you don't want to use chroot_local_user=YES to restrict all local users (Local User) to their home directories

# you can use the chroot_list_enable=YES setting value to limit some accounts to the home directory

# when chroot_list_enable=YES, if the login user name is in / etc/vsftpd.chroot_ list

# will enable the chroot mechanism to limit the user to its home directory.

# the default value of chroot_list_enable is NO,chroot_list_file and the default value is / etc/vsftpd.chroot_list

# local_max_rate=7200

# local_max_rate is used to limit the maximum transmission speed of Local user per second

# its unit is bytes/sec, and the default value is 0, which means there is no limit.

#

# configuration of Anonymous users

#

# anonymous_enable=YES

# anonymous_enable=YES, which allows users to log in to the FTP server with an anonymous (anonymous) or ftp account without a password. The default value is YES.

# anon_world_readable_only=YES

# anon_world_readable_only=YES, which is used to restrict anonymous (anonymous) users from downloading only files with open Other that can be write. The default value is YES.

# anon_upload_enable=YES

# anon_upload_enable is used to restrict whether anonymous (anonymous) users can upload files. The default value is NO.

# anon_umask=022

The meaning of # anon_umask is that when an anonymous (anonymous) user uploads a file, the file permissions are calculated using the specified umask. The default value is 0.77.

# anon_mkdir_write_enable=YES

Whether # anon_mkdir_write_enable allows anonymous users to set up directories. The default value is NO.

# anon_other_write_enable=YES

# whether or not anonymous users are allowed to have write permissions, but remember that after passing the restrictions of anon_other_write_enable

# it also depends on whether the permissions of the directory or file you intend to write allow the anonymous user write.

# chown_uploads=YES

# chown_username=whoever

# chown_uploads users specify whether to change the owner of the file uploaded by the anonymous account.

The default value of # chown_ administrators is NO,chown_username to specify the new owner.

# anon_max_rate=7200

# anon_max_rate is used to limit the maximum transmission speed per second for anonymous users

# its unit is bytes/sec, and the default value is 0, which means there is no limit.

# # #

# Log Settings

# relevant regulations on FTP logs

# # #

# syslog_enable=YES

# syslog_enable=YES will transfer the information that should have been recorded in / var/log/vsftpd.log to syslogd daemon instead

# it is up to syslogd's configuration file to decide where to store it. The default value of syslog_ support is NO.

# log_ftp_protocol=YES

# log_ftp_protocol=YES records all requests and responses related to FTP, and its default value is NO.

# xferlog_enable=YES

# xferlog_enable=YES records detailed information about uploads / downloads, and the default value is NO.

# vsftpd_log_file=/var/log/vsftpd.log

# vsftpd_log_file can be used to specify the log file location of vsftpd.

# xferlog_std_format=YES

The default value of # xferlog_std_format is NO. If set to YES, the log content will be in the standard xferlog format (the format used by the wu-ftpd log file).

# xferlog_file=/var/log/xferlog

# xferlog_file is used to specify the location of log in wu-ftpd format.

# dual_log_enable=YES

The default value of # dual_log_enable is NO. If set to YES, both / var/log/xferlog and / var/log/vsftpd.log record FTP-related logs.

# setproctitle_enable=YES

The default value of # setproctitle_ support is NO. If it is set to YES, the status of the ftp connection will be listed when viewing the system process status.

# for example, execute ps-ef | grep vsftp can see who is connecting.

# nobody 4424... Vsftpd: 127.0.0.1: not logged in

#

# Transfer Settings

# relevant regulations on file transfer

#

# connect_from_port_20=YES

# connect_from_port_20=YES represents a data connection in active mode using port 20, which defaults to NO.

# idle_session_timeout=600

# idle_session_timeout sets how long the FTP client does not perform any ftp instruction operation, and then disconnects it. The default value is 300 seconds.

# data_connection_timeout=120

# the number of seconds for idle when data transfer is allowed. The default is 300 seconds.

# async_abor_enable=YES

The default value of # async_abor_enable is NO, and the FTP client must have a mechanism that supports async_abort before it can be opened.

# ascii_upload_enable=YES

The default value of # ascii_upload_enable is NO. If set to YES, users can upload data in ascii mode. However, enabling this parameter may cause

# causes Dos***, to use the default value.

# ascii_download_enable=YES

# same as above, the default value of ascii_download_enable is NO. If set to YES, users can download data in ascii mode. However, if this parameter is enabled, the data may be downloaded.

# causes Dos***, to use the default value.

# pasv_enable=NO

The default value of # pasv_ support is YES, and passive mode FTP cannot be used if it is set to NO,FTP client.

# pam_service_name=vsftpd

# the name of the vsftpd PAM module is stored in the / etc/pam.d/ directory.

# listen=YES

The default value of # listen is NO. If set to YES, vsftpd will be launched in standalone mode.

Start the vsftpd service statement:

# service vsftpd start (restart restart/ and stop stop)

# / etc/init.d/vsftpd start (restart restart/ and stop stop)

Fourth, the question after the installation

But after the installation, there are so many problems that it is impossible to succeed at all: (1)

First, there is the problem of FTP's home directory. Although anonymous users are allowed to upload files in the configuration file, the FTP home directory / srv/ftp does not allow any user to have write permission, so it must be created under this directory.

Create a directory that allows ftp, an anonymous user, to write. I have created two more directories, incoming,pub, under the / srv/ftp/ directory, in which the permissions of the incoming directory allow other

Users read and write, and the pub directory allows other users to read, but not write. (2) if a directory is not allowed to write or read, the files under it are allowed to be written or read, and the files must be changed in order to perform the desired operation.

The authority of. For example, if I want to download a file in the incoming directory that is not allowed to be read by anonymous users, I cannot download it. So I changed the configuration file to change the permissions of files uploaded by anonymous users.

All can be downloaded by anonymous users by changing anon_umask=022. Note that this is an octal number, which is actually 0022. (3) there is also the question of opening ports.

For example, the FTP port I open is 10021, which must be opened in SuseFirewall2, because FTP data transmission uses another connection, in passive mode (personal comparison

Like passive mode, because it can solve some firewall problems), to open a port range (specified by pasv_max_port and pasv_min_port), I for convenience

For the convenience of opening the port for SuseFirewall2, set both values to 50000, so that SuseFirewall2 only needs to open port 50000 again, instead of opening it.

Put it in a range. (4) finally, there is the NAT problem of the router. If the FTP server is built in the local area network with a gateway, the connection to a port of the gateway IP (router external IP) must be forwarded to the corresponding port of the server IP of the internal network. I ended up having vsftpd run as standalone, so listen=YES has to be enabled and passive mode is used, so pasv_enable=YES is enabled.

After reading the above, do you have any further understanding of how to install and configure vsftpd under Suse Linux 10? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.