Shulou(Shulou.com)06/01 Report--

Ubuntu how to use VSFTP to build FTP server, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

1. Install vsftpd

Terminal input sudo apt-get install vsftpd

After installation, a ftp directory is created under / home/, and you can visit the ftp space where you can see a blank content.

Anonymous users are required by default and cannot log in

2. Set up the vsftpd.conf file

It is best to back up this file before you modify it: sudo cp / etc/vsftpd.conf / etc/vsftpd.conf.old

Parameter meaning:

Anonymous_enable=yes (anonymous login allowed)

Dirmessage_enable=yes (displays the contents of .message under the directory when changing directories)

Local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (enable data connection for FTP data port) *

Xferlog_enable=yes (activate uploaded and downloaded logs)

Xferlog_std_format=yes (using standard log format)

Ftpd_banner=XXXXX (Welcome message)

Pam_service_name=vsftpd (authentication method) *

Listen=yes (stand-alone VSFTPD server) *

Function: can only connect to FTP server, not upload or download

Note: all the welcome messages related to the log are optional. No matter what account is marked with an asterisk, it is a basic option for FTP.

Enable anonymous FTP server upload permission:

Anon_upload_enable=yes (anonymous account opens upload permission)

Anon_mkdir_write_enable=yes (anonymous account can create a directory while uploading files in this directory)

Write_enable=yes (open local user write permissions)

Anon_other_write_enable=yes (anonymous account can have permission to delete)

Anon_world_readable_only=no (enable the permission to download from anonymous server)

Normal user FTP server connection (stand-alone server) configuration:

Local_enble=yes (local account can log in)

Write_enable=no (local account has no right to delete and modify files after logging in)

Function: you can log in to the vsftpd server with a local account and have the permission to download and upload

Note: after the anonymous login information is prohibited, the anonymous server can still log in, but can not upload or upload.

User login is restricted to other directories and can only be accessed in its home directory:

Set all local users to execute chroot

Chroot_local_user=yes (all local accounts can only be in their own directory)

Set the specified user to execute chroot

Chroot_list_enable=yes (list in the file can be called)

Chroot_list_file=/ any specified path / vsftpd.chroot_list

Note: vsftpd.chroot_list is not created and needs to be added by yourself. If you want to control the account, you can directly add the account in the file.

Restrict local user access to FTP:

Userlist_enable=yes (use userlistlai to restrict user access)

Userlist_deny=no (people on the list are not allowed to access)

Userlist_file=/ specifies the path where the file is stored / (the path where the file is placed)

Note: userlist_enable=yes anonymous account cannot be logged in.

Security option

Idle_session_timeout=600 (seconds) (10 minutes after the user session is idle)

Data_connection_timeout=120 (seconds) (idle data connection for 2 minutes)

Accept_timeout=60 (seconds) (disconnect the client after idle for 1 minute)

Connect_timeout=60 (seconds) (reconnect after 1 minute interruption)

Local_max_rate=50000 (bite) (local user transfer rate 50K)

Anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)

Pasv_min_port=50000 (change the client's data connection port to

Between Pasv_max_port=60000 5000000 and 60000)

Max_clients=200 (maximum number of connections for FTP)

Max_per_ip=4 (maximum connections per IP)

Listen_port=5555 (data connection from port 5555)

See who logged in to FTP and killed it in the process

Ps-xf | grep ftp

Kill process number

3. Configure FTP for local group access

First create the home directory of the user groups test and FTP

Groupadd test

Mkdir / tmp/test

Then create a user

Useradd-G test-d / tmp/test-M usr1

Note: G: the group in which the user belongs

D: indicates that the location of the user's own directory is specified.

M: do not set up a default home directory, that is to say, you do not have your own directory under / home

Useradd-G test-d / tmp/test-M usr2

Then change the owner and permissions of the folder

Chown usr1.test / tmp/test-this means that the owner of / tmp/test is usr1

Chmod 750s / tmp/test-7 means wrx 5 means rx 0 means no permissions

The purpose of this experiment is that usr1 has the permission to upload, delete and download, while usr2 only has the permission to download, not upload and delete.

The main configuration file vsftpd.conf to make sure that local_enable=yes, write_enable=yes, chroot_local_usr=yes these three options are available!

4. Configure the non-port standard mode of the server of independent FTP for data connection

Add Listen_port=33333 to VSFTPD_CONF

5. Configure a separate virtual FTP, use the virtual FTP user, and have different permissions in the four accounts established

(two have the permission to read the directory, one has the permission to browse, upload and download, and the other has the permission to browse, download, delete and change the file name)

1 > configure the network card

The address of the first network card is 10.2.3.4. The mask is 255.255.0.0.

Ifconfig eth0:1 211.131.4.253 netmask 255.255.255.0 up

2 > write to / etc/sysconfig (in order not to lose the IP address after restart)

Cd / etc/sysconfig/network-scripts

Cp ifcfg-eth0 ifcfg-eth0:1

Vi ifcfg-eth0:1 modifies the content as follows

DEVICE=eth0:1

BROADCAST=211.131.4.255

HWADDR= the MAC address of the network card

IPADDR=211.131.4.253

NETMASK=255.255.255.0

NETWORK=211.131.4.0

ONBOOT=yes

TYPE=Ethernet

Wq exit

3 > enter the folder cp vsftpd.conf vsftpd2.conf where vsftpd.conf is located

Modify vsftpd.conf to add the following information

Listen_address=10.2.3.4

Modify vsftpd2.conf to add the following information

Listen_address=211.131.4.253

Ftpd_banner=this is a virtual ftp test

To this virtual FTP server has been set up

4 > set up logins.txt

Vi / tmp/logins.txt

Add the following information:

Longlei- user name

Longlei- password

Zhangweibo

Zhangweibo

Jinhui

Jinhui

Lxp

Lxp

Format: one user name, one password

5 > create the password library file for the visitor, and then modify its permissions

Db_load-T-t hash-f / tmp/logins.txt / etc/vsftpd_login.db

6 > create in such as / etc/pam.d/

Add the following information in

Auth required / lib/security/pam_userdb.so db=/etc/vsftpd_login

Account required / lib/security/pam_userdb.so db=/etc/vsftpd_login

7 > create a directory in / var/ftp/ and change its properties and its owner

Useradd-d / var/ftp/test qiang

Chmod 700 / var/ftp/test

Add test_file test files to the directory

8 > enter vsftpd2.conf to modify the information in it (can be)

Listen_yes

Anonymous_enable=no

Local_enable=yes

Write_enable=no

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Anon_other_write_enable=no

Chroot_local_user=yes

Guest_enable=yes- initiates virtual users

Guest_username=qiang- maps virtual users to local users

Listen_port=5555

Max_client=10

Max_per_ip=1

Ftpd_banner=this is a virtual server and users

Pam_service_name=ftp.vu

Note: the lower the permissions given in the main configuration file, the greater the space for the user's permissions to be divided into user management later, because the service with the highest restrictions on the main profile reads the main profile first, and then reads the user's profile.

When the configuration is complete, execute / etc/init.d/vsftpd restart to restart the ftp server

At this point, the virtual USER is built.

9 > create a virtaul file directory in the same directory as VSFTPD_CONF, and create a configuration file named after your user name in the files directory

Longlei zhangweibo jinhui lxp

Add to the longlei:

Anon_world_readable_only=no

Add in lxp

Anon_world_readable_only=no

In this way, the two users have the right to browse the directory.

Add in jinhui

Anon_world_readable_only=no

Write_enable=yes

Anon_upload_enable=yes

This user has the permission to upload, download and browse.

Add in zhangweibo

Anon_world_readable_only=no

Write_enable=yes

Anon_upload_enable=yes

Anon_other_write_enable=yes

This user has permission to upload, download, delete file directories, modify file names and browse

10 > modify vsftpd2.conf

Join the directory where user_config_dir=/vsftpd.conf is located / virtual

Restart the server and it's done.

All configuration information in VSFTPD_CONF

Anonymous_enable=yes (anonymous login allowed)

Dirmessage_enable=yes (displays the contents of .message under the directory when changing directories)

Local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (enable data connection for FTP data port) *

Xferlog_enable=yes (activate uploaded and downloaded logs)

Xferlog_std_format=yes (using standard log format)

Ftpd_banner=XXXXX (Welcome message)

Pam_service_name=vsftpd (authentication method) *

Listen=yes (stand-alone VSFTPD server) *

Anon_upload_enable=yes (open upload permission)

Anon_mkdir_write_enable=yes (you can create a directory while uploading files in this directory)

Write_enable=yes (open local user write permissions)

Anon_other_write_enable=yes (anonymous account can have permission to delete)

Anon_world_readable_only=no (let go of anonymous user browsing rights)

Ascii_upload_enable=yes (enables ASCII transmission of uploads)

Ascii_download_enable=yes (enable ASCII transport for download)

Banner_file=/var/vsftpd_banner_file (the welcome message after the user connects uses the relevant information in this file)

Idle_session_timeout=600 (seconds) (10 minutes after the user session is idle)

Data_connection_timeout=120 (seconds) (idle data connection for 2 minutes)

Accept_timeout=60 (seconds) (disconnect the client after idle for 1 minute)

Connect_timeout=60 (seconds) (reconnect after 1 minute interruption)

Local_max_rate=50000 (bite) (local user transfer rate 50K)

Anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)

Pasv_min_port=50000 (change the client's data connection port to

Between Pasv_max_port=60000 5000000 and 60000)

Max_clients=200 (maximum number of connections for FTP)

Max_per_ip=4 (maximum connections per IP)

Listen_port=5555 (data connection from port 5555)

Local_enble=yes (local account can log in)

Write_enable=no (local account has no right to delete and modify files after logging in)

This is a group.

Chroot_local_user=yes (all local accounts can only be in their own directory)

Chroot_list_enable=yes (list in the file can be called)

Chroot_list_file=/ any specified path / vsftpd.chroot_list (if chroot_local_user=no)

This is another group.

Userlist_enable=yes (users in the specified file cannot access it)

Userlist_deny=yes

Path specified by Userlist_file=/ / vsftpd.user_list

I started to be single again.

Banner_fail=/ path / file name (displays the contents of the file when the connection fails)

Ls_recurse_enable=no

Async_abor_enable=yes

One_process_model=yes

Listen_address=10.2.2.2 (bind a virtual service to a port)

Guest_enable=yes (virtual users can log in)

User name set by Guest_username= (map virtual user to local user)

User_config_dir=/ any specified path / folder created for the user policy itself (specify the path of different virtual user profiles)

Another group.

Chown_uploads=yes (change the owner of the uploaded file to root)

Chown_username=root

Another group.

Deny_email_enable=yes (is it allowed to prohibit anonymous users from using certain email addresses)

Banned_email_file=// any specified path / xx/

It's single again.

Pasv_enable=yes (server side in passive mode)

User_config_dir=/ any specified path / / any file directory (specify the path where the virtual user stores the configuration files)

If you need to log in to the local user and close the guest user, you must set the following command:

Anonymous_enable=no

Guest_enable=no

Local_enable=yes

Write_enable=yes

Local_umask=022

Chroot_list_enable=yes

Chroot_list_file=/etc/vsftpd.chroot_list (if not, create your own) (enter the local user name you need to log in to in etc/vsftpd.chroot_list)

6. Solve the problem of Chinese garbled code in vsftpd

First install the vsfpd in the source, then configure all the functions, and then solve the problem of Chinese garbled.

Because its / init.d/vsftpd and / vsftpd.conf will not be deleted after deleting the source vsftpd, which can pave the way for us, otherwise you will find it very helpless! If you are compiling and installing directly, my init.d/vsftpd and vsftpd.conf files will be given in the attachment. Overwrite them under / etc!

Start to prepare for compilation and prepare the library packages needed by the compilation environment

Sudo apt-get build-dep vsftpd

Use here to install the vsftpd in the source first, and then uninstall it

Sudo apt-get install vsftpd

Apt-get remove vsftpd

Download the attachment and extract the package

Tar-zxvf vsftpd-2.0.6

Cd vsftpd-2.0.6

Sudo su: start compilation with root users

Make # compilation command. If no error occurs, it is successful.

Make install # installation

If the directory cannot be found in the installation, just set up the missing directory

Basically, you will be prompted that the / man8 and / man5 directories are missing, and re-make install after establishment.

The following is to test the effect, modify the configuration file, and add

Charset_filter_enable=YES # enables character filtering

Charset_client=GB2312 # client characters are set to simplified Chinese

All right, now turn on the service and test it.

Sudo / etc/init.d/vsftpd restart

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.