VSFTPD (FTP)
Server Version information
- Tencent Cloud server, CentOS7
Delete VSFTPD
1. View the installation package
rpm -qa | grep vsftpd
Copy the code
2, remove,
RPM -e vsftpd-3.0.2-9.el7.x86_64 or run the rm -rf file to manually clear the vsftpd-3.0.2-9.el7.x86_64 fileCopy the codeIf I look again, I won’t use this file
The installation
Install via YUM
yum install vsftpd
Copy the code2. The default installation directory is /etc/vsftp/
File Directory Description
- Ftpusers — Cannot access the list of FTP users
- Manually configure a certain user cannot access – belongs to a separate restricted blacklist
- User_list – Cannot access the FTP user list
- This should be in
vsftpd.confcollocationuserlist_deny=NOoruserlist_deny=YES userlist_deny=NOanduser_listUsers are allowed to accessuserlist_deny=YESanduser_listThe user configured in
- This should be in
- Vsftpd. conf — Primary configuration file
Summary: If you want to configure inftpusersConfiguration is convenient
Vsftpd. conf Configuration description
| attribute | Attribute values | meaning |
|---|---|---|
| anonymous_enable | YES/NO | Whether to allow anonymous users to log in to FTP. If this setting is commented, it is allowed by default |
| local_enable | YES/NO | Whether to allow local system users to log in |
| write_enable | YES/NO | Whether to enable any form of FTP write command to upload files |
| local_umask | xxx | The umask setting for the local user, which defaults to 077 if commented, is generally set to 022 |
| anon_upload_enable | YES/NO | Whether to allow anonymous users to upload files. To enable the write_enable function, you must enable write_enable first. In addition, you must have the write permission on the corresponding directory |
| anon_mkdir_write_enable | YES/NO | Whether to allow anonymous users to create new directories |
| dirmessage_enable | YES/NO | Sends a message to the remote user when entering a directory |
| xferlog_enable | YES/NO | Whether to enable upload/download logging |
| connect_from_port_20 | YES/NO | Whether to use port 20 to connect to FTP |
| chown_uploads | YES/NO | Check whether a specified user chown_username owns the files uploaded anonymously |
| chown_username | Valid username | Files uploaded anonymously are owned by the set user |
| xferlog_file | Effective path | Set the location for saving log files. The default location is /var/log/xferlog |
| xferlog_std_format | YES/NO | Whether to use the standard FTPD xferlog log format, which is saved in /var/log/xferlog by default |
| idle_session_timeout | The numerical | Set the timeout period of an idle connection, in seconds |
| data_connection_timeout | The numerical | Set the maximum time to wait for data transfer, in seconds. (DatA_CONNECtion_TIMEOUT and IDLE_SESSION_TIMEOUT are both valid at the same time.) |
| nopriv_user | Valid username | Specify an unprivileged user to run VSFTPD |
| async_abor_enable | YES/NO | Whether asynchronous ABOR requests are supported |
| ascii_upload_enable | YES/NO | Whether to enable the ASCII mode for uploading files |
| ascii_download_enable | YES/NO | Whether to enable the ASCII mode for file downloading |
| ftpd_banner | … | Custom login banner |
| deny_email_enable | YES/NO | For anonymous logins, email addresses are required. If you don’t want some email addresses to have login privileges, you can turn this on and write the corresponding email addresses to the file specified by banned_email_file |
| banned_email_file | The effective documents | When deny_email_enable is enabled, you need to specify a file to save invalid login emails |
| chroot_local_user | YES/NO | Whether to restrict all users to the home directory. When NO is set, FTP users can switch to other directories |
| chroot_list_enable | YES/NO | Whether to enable the restricted user list |
| chroot_list_file | The effective documents | The user list is related to the combination of chroot_local_user and chroot_local_user. For details, see the following table |
| allow_writeable_chroot | YES/NO | Whether to allow the user to have the write permission on the FTP root directory. If the write permission is set to deny, an error occurs when the directory actually has the write permission |
| ls_recurse_enable | YES/NO | Whether to allow the ls-R command to recursively query, recursive query is expensive |
| listen | YES/NO | If YES, VSFTPD runs in standalone mode and listens for IPv4 sockets to process connection requests (this command cannot be used with listen_ipv6) |
| listen_ipv6 | YES/NO | Whether listening on IPv6 sockets is allowed |
| pam_service_name | … | Set the configuration file name of the authentication service provided by the PAM plug-in module, that is, the /etc/pam.d/ VSFTPD file. In this file, file= /etc/vsftp/ftpusers. PAM can block account content from the /etc/vsftp/ftpusers file |
| userlist_enable | YES/NO | Whether to enable the user_list file to control user logins |
| userlist_deny | YES/NO | Whether to deny login to users in user_List. This attribute is valid only when userlist_enable = YES |
| tcp_wrappers | YES/NO | Whether to use tcp_wrappers as host access control |
| max_clients | The numerical | Maximum number of connections allowed at one time |
| max_per_ip | The numerical | Maximum number of connections to an IP client |
| local_root | Effective directory | Root directory of the system user after login |
| anon_root | Effective directory | Root directory of the anonymous user after login |
| user_config_dir | Effective directory | The file name of the user in the directory is the corresponding user name |
The combined functions of chroot_local_user and chroot_local_user are as follows:
| chroot_local_user=YES | chroot_local_user=NO | |
|---|---|---|
| chroot_list_enable=YES | 1. All users are restricted to their home directories. 2chroot_list_fileA list of specified users/etc/vsftpd/chroot_list, these users as “exceptions”, not restricted |
1. All users are not restricted to their home directories. 2chroot_list_fileA list of specified users/etc/vsftpd/chroot_listThese users are restricted as “exceptions” |
| chroot_list_enable=NO | 1. All users are restricted to their home directories. 2chroot_list_fileA list of specified users/etc/vsftpd/chroot_list, without any “exception” users |
1. All users are not restricted to their home directories. 2chroot_list_fileA list of specified users/etc/vsftpd/chroot_list, without any “exception” users |
Configuration file description from: juejin.cn/post/693341…
Check the status
1, the green display is enabled, the default installation is not enabled
Service VSFTPD status -- Check the VSFTPD statusCopy the code
2. The above is the open state, and the below is the open state diagram
Other commands
Systemctl start VSFTPD -- start systemctl stop VSFTPD -- stop systemctl restart VSFTPD -- restart VSFTPD -- /bin/systemctl start vsftpd.service /bin/systemctl stop vsftpd.service /bin/systemctl restart vsftpd.serviceCopy the codeThrow in chicken soup