Shulou(Shulou.com)06/01 Report--

This article introduces you how to configure FTP in the CentOS system, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Check the ftp service when installing, and the CentOS system will install the ftp server vsftpd and mark it as a system service.

Start the command: / etc/rc.d/init.d/vsftpd start

At this point, you can use the ftp client connection.

The permissions of vsftpd seem to be linked to system permissions.

The following is the copied configuration to explain the configuration of vsftpd

Vsftpd.ftpusers: located in the / etc directory. It specifies which user accounts cannot access the FTP server, such as root, etc.

Vsftpd.user_list: located in the / etc directory. User accounts in this file also do not have access to the FTP server by default, only if the userlist_enable=NO option is enabled in the vsftpd .conf configuration file.

Vsftpd.conf: located in the / etc/vsftpd directory. Customize the configuration of FTP servers such as user login control, user rights control, timeout settings, server function options, server performance options, server response messages, etc.

(1) user login control in CentOS system

Anonymous_enable=YES, allowing anonymous users to log in.

No_anon_password=YES, anonymous users do not need to enter a password when logging in.

Local_enable=YES, which allows local users to log in.

Deny_email_enable=YES, you can create a file to save some anonymous email blacklist to prevent these people from using Dos attacks.

Banned_email_file=/etc/vsftpd.banned_emails, when deny_email_enable is enabled, the required email blacklist save path (default is / etc/vsftpd.banned_emails).

(2) user privilege control of CentOS system

Write_enable=YES, enable global upload permission.

Local_umask=022, the umask of uploaded files for local users is set to 022 (the default is 077, generally it can be changed to 022).

Anon_upload_enable=YES, which allows anonymous users to upload, obviously, write_enable=YES must be enabled to use this. We must also create a directory that allows ftp users to read and write (as mentioned earlier, ftp is a mapped user account for anonymous users).

Anon_mkdir_write_enable=YES, which allows anonymous users the right to create directories.

Chown_uploads=YES, enable this, the master user who uploads files anonymously will be changed to another user account. Note that it is not recommended to specify the root account as the master user who uploads files anonymously!

Chown_username=whoever, when chown_uploads=YES is enabled, the specified primary user account, where the whoever should be replaced by an appropriate user account.

Chroot_list_enable=YES, you can use a list to define which local users can only be active in their own directory. If chroot_local_user=YES, then the users specified in this list are unlimited.

Chroot_list_file=/etc/vsftpd.chroot_list, if chroot_local_user=YES, specifies the path to save the list (chroot_local_user) (default is / etc/vsftpd.chroot_list).

Nopriv_user=ftpsecure, which specifies a secure user account, allows the FTP server to act as a completely isolated and unprivileged user. This is the recommended option for vsftpd system.

Async_abor_enable=YES, it is strongly recommended that you do not enable this option, or it may cause an error!

Ascii_upload_enable=YES;ascii_download_enable=YES, by default, the server pretends to accept ASC Ⅱ mode requests but actually ignores such requests. Enabling the above two options allows the server to actually implement ASC Ⅱ mode transmission.

Note: enabling the ascii_download_enable option will cause malicious remote users to consume the FTP server's IBO resources with instructions such as "SIZE/big/file" in ASC Ⅱ mode.

These ASC Ⅱ mode settings are divided into upload and download options, so that we can allow ASC Ⅱ mode uploads (which can prevent malicious files such as upload scripts from crashing) without the risk of a denial of service attack.

(3) CentOS system user connection and timeout options

Idle_session_timeout=600, you can set the default idle timeout, after which users will be kicked out of the server if they do not act.

Data_connection_timeout=120, which sets the default data connection timeout.

(4) CentOS system server log and welcome information

Dirmessage_enable=YES, which allows you to configure display information for directories, displaying the contents of message_file files under each directory.

Ftpd_banner=Welcome to blah FTP service, you can customize the welcome message that FTP users see when they log in to the server.

Xferlog_enable=YES, enable recording upload / download activity log function.

Xferlog_file=/var/log/vsftpd.log, you can customize the save path and file name of the log file. The default is / var/log/vsftpd.log.

On how to configure FTP in the CentOS system to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.