1, vsFTPd, the current suite of commonly used FTP server;
vsFTPd is a Linux distribution in the most respected FTP server program; characterized by small, light, security, ease of use; allow the characteristics of its own to play and master was made, but also ran the most important thing is to use;
Open-source operating system currently used mainly FTPD package ProFTPD, PureFTPd and wuftpd and so on; As to which better FTP server package, which is that you are most familiar with, which is the best;
2, ftp user management guide;
FTP server on the user's management, in the case of default is based on / etc / passwd and / etc / group to carry out, so we must understand the Linux system user and user group management, user and user group management for all applications the basis of some brothers do not want to understand the basis of what good would like to step into a variety of rack servers, facts have proven that this learning method is the most unwise; While you may in a few minutes to start the ftp server, but in cases of the problem, you may not be able to know where the error; so the foundation is extremely important;
Recommended article: "Linux users (user) and user group (group) Management Overview"
2.1, anonymous ftp users and user groups to understand;
When we visit the major FTP access, you may think we do not by any logged in, if he allow anonymous FTP, then login; such as we enter the browser;
ftp://mirrors.kernel.org
Or
ftp://ftp:ftp @ mirrors.kernel.org
We will find the final two lines of the above can be visited, and the results show exactly the same, skip to the end ftp://mirrors.kernel.org address; then we access the FTP, it is not so user and password? Yes, is the need, but the server side to allow anonymous access, and anonymous access the user name and password are ftp, anonymous access is only because we did not feel that he just a username and password. The second is the address to ftp user, ftp password is to visit ftp://mirrors.kernel.org;
If we connect to ftp command mirrors.kernel.org, we will find that users need to enter ftp, password to access ftp;
In the FTP server, the anonymous user's user name and password are ftp; the users on your operating system's / etc / passwd in能找得到; may be similar to the following line;
ftp:x:14:50:FTP User: / var / ftp: / sbin / nologin
Description:
/ etc / passwd is the user's configuration file; / etc / group is the user group profile, you can "Linux user (user) and user group (group) Management Overview" and related documents to understand the management of some users some basic knowledge;
Ftp user in this line, we can see that the seven fields, each field was used between the field: No. partition;
ftp is the user name
x is the password field is hidden;
14 is the user's UID field, you can set up their own, do not and other users the same UID, otherwise it will create problem of system security;
50 user group with GID, can be set, and other user groups do not share the FTP of the GID, otherwise it will create system-wide problem of the whole;
FTP User is the user that the field;
/ var / ftp is a ftp user's home directory, you can define its own;
/ sbin / nologin This is the User Login SHELL, this is also the definition of, / sbin / nologin said that he could not log on to the system; System Virtual Account (also known as pseudo-users) are generally set up so. For example, we ftp user / sbin / nologin replace / bin / bash, so ftp user tools through local or remote ssh or telnet to the real user logged into the system. To do so the system is unsafe; If you believe a user is not much need to log on to the system, we can only give him the authority FTP account, meaning that only FTP permissions to him, rather than to his SHELL set to / bin / bash, etc.;
Ftp user group on the understanding:
We look at / etc / group time, you will find that such a;
ftp:x:50:
/ etc / group is the management of user group profile, above this line that the user group ftp, x is the password above, 50 is the GID; we were in the / etc / passwd line of the ftp user that the ftp is ftp user group because the ftp user that line ftp user GID and group GID is the same;
2.2, anonymous ftp user and ftp user group can delete
Under normal circumstances, can not put / etc / passwd and / etc / group in the ftp users and groups to delete the line, because the FTP server is the need for them to come to the realization of the FTP user management, in the case of default.
Although it can not be deleted, but the / etc / passwd and / etc / group of the ftp user and ftp users to group a number of things can be modified; ftp instance, we can remove the user's home directory, users can also ftp UID changed ... ... the assumption that you understand the user management, user management system is the basis of all applications, one of the brothers may be novice Linux users do not understand the importance of management, but slowly you will found the truth;
3, vsFTPd installation;
In the latest major release of vsFTPd have to install the package after you release with the corresponding provision of the package can be installed on the management tools; of course, you can go to the major release of the FTP mirror to find the vsftpd package; of course, the package management tools can be installed online; vsftpd package would have little time to spend not more than two minutes it is enough; because This is the beginners course, I seriously recommend that you use release software to install, is not recommended to compile your own installation package source;
If you are using Fedora or Redhat systems, you can use the following command-line installation;
[root @ localhost ~] # yum install vsftpd
If it is debian type system can be installed using apt online;
[root @ localhost ~] # apt-get install vsftpd
If you are the RPM system, but also can find package vsftpd-xxxx.rpm through the rpm command to install;
[root @ localhost ~] # rpm-ivh vsftpd *. rpm
You can download the source packages to install
For instance, we download the vsftpd-2.0.3.tar.gz;
[root @ localhost ~] # tar zxvf vsftpd-2.0.3.tar.gz
[root @ localhost ~] # cd vsftpd-2.0.3
[root @ localhost ~] # make; make install
[root @ localhost ~] # cp vsftpd.conf / etc
And then modify / etc / vsftpd.conf, in the configuration file of the last line by adding the following line;
listen = yes
Installation methods, source packages, if your system is RPM package management system, you can delete / etc / xinetd.d / vsftpd this document; and then restart xinetd server;
[root @ localhost ~] # / etc / init.d / xinetd restart
Stop xinetd: [to determine]
Restart xinetd: [to determine]
vsFTPd run, there are two models in the RPM package management review of the Department of Manpower, mostly from Fedora / Redhat development from such a system for the server said xinted; for non-RPM package management system, the general said there is no xinted . In order to ensure the unity of this document, we do not use xinetd mode operation mode with initd to start and manage the server, which is an independent operating mode; What is xinted and inted mode, you can refer to "vsFTPd from aircraft using Linux network installation server "
4, vsFTPd server start-up and shut down;
vsFTPd start-up and shut down the server is extremely easy; we can run directly to the server running in the background; it is almost all the server management operation mode;
4.1, vsFTPd server start-up and closure of the common methods;
Vsftpd running order, use the root privileges, if you have the current operation is not user root, can use su to switch to root authority; root privileges on the switch, you have two ways, one is su, the other is the sudo; Please refer to: "Linux system, the super powers of control"
vsFTPd server is running;
[root @ localhost ~] # / usr / sbin / vsftpd &
[root @ localhost ~] # / usr / local / sbin / vsftpd &
vsFTPd server is up and running;
Pgrep vsftpd we can to see it up and running vsftpd;
[root @ localhost ~] # pgrep vsftpd
4248
Shown above the vsFTPd server up and running, you can use the ftp command, lftp tools or other gftp or FTP client to test the connection;
vsFTPd server shut down:
We kill pkill vsftpd to vsftpd process, so they shut down vsFTPd with psgrep vsftpd to see the process, if there is no process that has been switched off vsFTPd; of course, have to use root permissions.
[root @ localhost ~] # pkill vsftpd
[root @ localhost ~] # pgrep vsftpd
4.2, in the Fedora / Redhat / CentOS server vsFTPd of start-up and shut down:
In Fedora / Redhat / CentOS, but also can use the following methods to start vsFTPd; of course, have to use root privileges;
[root @ localhost beinan] # / etc / init.d / vsftpd start
For vsftpd start vsftpd: [to determine]
VsFTPd restart using the following command;
[root @ localhost beinan] # / etc / init.d / vsftpd restart
Shut down vsftpd: [to determine]
For vsftpd start vsftpd: [to determine]
VsFTPd turn off the server, should use the following command;
[root @ localhost beinan] # / etc / init.d / vsftpd stop
Shut down vsftpd: [to determine]
5, vsFTPd servers and firewalls and the relationship between the SELINUX; (important)
I saw some at the forum said vsFTPd brothers to start a normal server, but it can not access or users can not upload files, I feel it should be a firewall or a matter SELINUX; FTPD server may be a firewall or anti-security mechanism SELINUX lived. Therefore, you must let the firewall through the ftp, of course, SELINUX let us in through the ftp server;
In Fedora / Redhat / CentOS, you need to set up a firewall you can turn off the firewall, or custom of allowing ftp "through the" firewall;
[root @ localhost ~] # system-config-securitylevel-tui
Click or run the following command to remove the firewall rules (general);
[root @ localhost beinan] # iptables-F
Commentary on SELINUX server may be an old hand or novice SELINUX a little bit of trouble, we recommend that you SELINUX; or to start SELINUX Skip vsFTPd server; that is to say to use 4.1, vsFTPd server start-up and shut down the general method;; this in Fedora / Redhat / CentOS server vsFTPd start in this way is valid;
Of course you can also turn off the SELINUX, in the / etc / selinux / config configuration file is as follows;
/ etc / selinux / config
# This file controls the state of SELinux on the system.
# SELINUX = can take one of these three values:
# Enforcing - SELinux security policy is enforced.
# Permissive - SELinux prints warnings instead of enforcing.
# Disabled - SELinux is fully disabled.
SELINUX = Disabled # so they turn off the SELINUX server, please restart the system;
# SELINUXTYPE = type of policy in use. Possible values are:
# Targeted - Only targeted network daemons are protected.
# Strict - Full SELinux protection.
SELINUXTYPE = targeted
6,500 OOPS: vsftpd: refusing to run with writable anonymous root
If we had a good start vsFTPd server, but the log will appear similar test is the following tips;
500 OOPS: vsftpd: refusing to run with writable anonymous root
This means that the ftp user's home directory permissions do not, we should turn over only;
[root @ localhost ~] # more / etc / passwd | grep ftp
ftp:x:1000:1000:FTP User: / var / ftp: / sbin / nologin
We found that ftp user's home directory in / var / ftp, is this / var / ftp is not the result of the authority, the authority this directory is not open to all privileges; that you run chmod 777 / var / ftp-induced; if no ftp user home directory, of course, you want to own a building;
The following FTP user's home directory is not for all users, user groups, and other user groups completely open;
[root @ localhost ~] # ls-ld / var / ftp
drwxrwxrwx 3 root root 4096 2005-03-23 / var / ftp
Fix the error, the following approach should be used;
[root @ localhost ~] # chown root: root / var / ftp
[root @ localhost ~] # chmod 755 / var / ftp
Some brothers may say that it's readable anonymous users can download, how to upload to do? This is also simple, in the / var / ftp to build under a directory, the permissions are 777 on the list, and then on OK a simply vsftpd.conf; there is no difficulty;
vsFTPd For security reasons, are not allowed to let ftp user's home directory permissions has no restrictions, you can read the document click on the vsFTPd understand; otherwise can not be referred to as the most secure FTP servers, and is not ?
7, on the description of vsFTPd profile;
vsftpd.conf is vsFTPd server configuration file, this file is usually / etc / vsftpd.conf or / etc / vsftpd / vsftpd.conf, let the system prevail. .
vsftpd.conf profile is vsFTPd overall control file server, this configuration file, each line should be counted as a rule; with the # in front of the server does not explain, which is similar to apache's configuration file; # after the next content is generally descriptive, or the option to switch off certain functions;
vsftpd.conf the configuration file does not include all the features you want to achieve, the realization of some functions, we have to solve it yourself, we have to learn how to search documents and FAQ's vsFTPd and so on, although in English, but they are relatively simple ; we used to see foreign language documents, Why? Linux is because foreigners have been formidable, heavyweight software are foreigners. Oh, brother do not complain, Who we are behind them?
Note: End of configuration files modified after vsFTPd must restart server to take effect, remember ~ ~
8, on the server vsFTPd the realization of some commonly used functions;
8.1, on the realization of anonymous uploading and downloading;
From on anonymous, is also relatively simple, we need to make some corrections vsftpd.conf, this file is located in / etc / directory may be / etc / vsftpd.conf, it may be / etc / vsftpd / vsftpd.conf document. Your system environment to prevail;
First of all: we have to change the vsftpd.conf, to ensure that the following lines;
anonymous_enable = YES
anon_upload_enable = YES
anon_mkdir_write_enable = YES
anon_umask = 022
Second: In the ftp user home directory under a folder to build, and modify its permission for the completely open;
ftp user's home directory in which? We have already said, there should be / etc / passwd to see; finger ftp can also be to see;
[root @ localhost beinan] # finger ftp
Login: ftp Name: FTP User
Directory: / var / ftp Shell: / sbin / nologin
This shows that ftp user's home directory in / var / ftp, we need to build in this directory a directory, and then set his permissions for any user can write readable executable on the list; normal circumstances, in the release , there is a / var / ftp / pub directory, and if not, you can also build a; the improved configuration file, just the / var / ftp directory under the authority of any open, can be used on an anonymous Communication and download;
For example, you want anonymous users to upload and download are in the / var / ftp / pub, will be able to / var / ftp / pub authority to open, if there is no such a directory, you have to build a;
[root @ localhost ~] # mkdir / var / ftp / pub
[root @ localhost ~] # chmod 777 / var / ftp / pub
From the time this reached the pub directory on OK, right? ?
8.2, for the insertion of a local user to read and write permissions and open the sample;
FTP users can not log on to the system in general, and this is also for safety. In the system, without permission of the user logged on to the system in general has also been referred to as a virtual user; virtual users is to be written into the / etc / passwd in; it is only a virtual user, but it is not true that the virtual user only SHELL him permission to remove the registry, so he can not afford to log on to the system;
If we want to beinan positioning in the user directory / opt / beinan this directory and can not log on to the system; we should operate as follows
[root @ localhost ~] # adduser-d / opt / beinan-g ftp-s / sbin / nologin beinan
[root @ localhost ~] # passwd beinan
Changing password for user beinan.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root @ localhost ~] #
In fact, this is not enough to change the configuration file vsftpd.conf, to ensure that the local virtual users can read and write permissions;
local_enable = YES
write_enable = YES
local_umask = 022
8.4, how to achieve a virtual path?
For example:
/ home / a map ftp://localhost/a
/ home / b / c compared with ftp://localhost/c
In fact, this can not be said to vsFTPd, in fact we had already come into contact with, perhaps we do not pay attention, we can adopt the following approach to achieve.
[root @ localhost ~] # mount - bind [the original directory] [new directory]
For example, my default ftp directory is / var / ftp, I want to / mnt / LinG / WinSoft folder mapped to the / var / ftp directory, I have the following operation
We have in / var / ftp directory to build a directory
[root @ localhost ~] # mkdir / var / ftp / WinSoft
Then run the command mount
[root @ localhost ~] # mount - bind / mnt / LinG / WinSoft / var / ftp / WinSoft
This has been OK.
8.5, open vsFTP server log function;
To below the # xferlog_file to swap, that is to open vsftp the log function, so that we will be able to / var / log directory to see vsftpd.log. This is vsFTP log feature, which for us is of paramount importance.
xferlog_file = / var / log / vsftpd.log
8.6, how to customize welcome message;
How to customize welcome message, that is, after we sign some FTP, there will be something like this: Welcome to LinuxSir FTP, here, you will be the most sincere help, and if I have any questions and suggestions, please contact us Thank you.
Is not difficult to achieve this, we can see vsftpd.conf document, whether there was a line.
dirmessage_enable = YES
message_file =. message
If there is no plus, if dirmessage_enable = YES before the #, they removed the #. In fact, the default is the FTP information. Message, we can not message_file = to specify. Also specify their own line, no matter;
Then we develop a. Message file, write what you want to write, for example, is. Message of the content is as follows:
- Welcome to LinuxSir FTP!
- Here, you will be helping the most sincere;
- If you have any questions and suggestions, please contact us Thank you.
We can use this editor to write. Message, I would like this process would not have said it.
Then we have. Message of the paper copy to each user's home directory. For example, one of my FTP users are beinan, the user's home directory is / opt / beinan
We should. Message on the / opt / beinan this directory. If the system user ftp, he is the directory / var / ftp to this directory, this is the default, when the anonymous user login is on a visit to / var / ftp to this directory. We want anonymous users to see the welcome message. We should. Message on / var / ftp directory. Other users, but also nothing more than a similar operation.
8.7, hard disk space is limited, how to ftp account to change the default home directory to somewhere else?
My hard disk space is limited, how to ftp account the default path / var / ftp change elsewhere? Or is that my linux directory are all on the / root partition, because the space of tension, I can ftp to the user's default path on the other partition? ?
Ftp user for the management of this, we should see / etc / passwd, and then modify that line ftp users;
ftp:x:14:50:FTP User: / var / ftp: / sbin / nologin
For example, we want to ftp user's home directory changed to / opt / ftp, while similar to the last line should read
ftp:x:14:50:FTP User: / opt / ftp: / sbin / nologin
Then we have to set up a new ftp user's home directory;
[root @ localhost ~] # mkdir / opt / ftp
[root @ localhost ~] # chmod 755 / opt / ftp
[root @ localhost ~] # chown root: root / opt / ftp
If the default ftp disk space of tension, in fact, we can also use the virtual path to solve the mapping; is mount - bind option; look at the situation now, which is the best way to fit;
8.8, how to link a number of restrictions vsFTP server, as well as links to each of the largest number of IP?
VsFTPd server should be prepared to document vsftpd.conf, by adding the following two lines:
max_clients = the number of
max_per_ip = the number of
For example: I want my vsFTP for maximum support link 100, each IP, support for up to five links, so I should add vsftpd.conf the following two lines:
max_clients = 100
max_per_ip = 5
Improved the preparation of documents, do not forget to start vsftp server.
8.9, how to limit the transfer speed?
anon_max_rate = the number of
Note: This is the speed of anonymous
local_max_rate = the number of
Note: This is a local user vsFTP server speed
Note: This figure is the unit of byte, so we have to calculate. For example, I want anonymous users and users on the vsFTP to 80KB download, so this figure should be 1024x80 = 81920
Therefore, we must add the following vsftpd.conf two lines
anon_max_rate = 81920
local_max_rate = 81920
8.10, how to have a choice to limit the home directory of users as well?
We want to build a document, in the / etc directory or / etc / vsftpd directory (if you are on the vsftpd configuration file, then this directory);
# touch / etc / vsftpd.chroot_list
Nanbei to beinan and limited to two users in their home directory, while others limit FTP users do this.
In this paper vsftpd.chroot_list to add beinan and opinions on the line nanbei, note that each user line.
beinan
nanbei
Then change / etc / vsftpd / vsftpd.conf documents, looking for the following two lines
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd.chroot_list
If there are no such two lines, you can add up the same.
Set up after the re-vsFTPD server.
To add a supplementary: how the system of all restrictions on the FTP user home directory as well? ? Juliaugong prompted by the elder brother, I find the foreign language vsFTPd note that this option is the size-fits-all solution to all the users home directory can be restricted
Vsftpd.conf we can change the document by adding the following line
chroot_local_user = YES
End to the preparation of documents, do not forget to restart the server vsFTPd;
8.11, how to bind IP to vsFTPd?
How to bind IP to vsFTPd? In other words, how to allow users to only a certain IP to access FTP. In fact, this feature is very interesting. If the binding is within the network of IP, there is no way outside visit. If the binding of the external services IP, in network services only through the external IP to access FTP
China and Canada in his vsftpd.conf to my local area network as an example, see the first with the operating environment, so that outside the network will not be able to access my FTP, and may also be passed within the network 192.168.0.2 to access the FTP;
listen_address = 192.168.0.2
vsFTPd is a Linux distribution in the most respected FTP server program; characterized by small, light, security, ease of use; allow the characteristics of its own to play and master was made, but also ran the most important thing is to use;
Open-source operating system currently used mainly FTPD package ProFTPD, PureFTPd and wuftpd and so on; As to which better FTP server package, which is that you are most familiar with, which is the best;
2, ftp user management guide;
FTP server on the user's management, in the case of default is based on / etc / passwd and / etc / group to carry out, so we must understand the Linux system user and user group management, user and user group management for all applications the basis of some brothers do not want to understand the basis of what good would like to step into a variety of rack servers, facts have proven that this learning method is the most unwise; While you may in a few minutes to start the ftp server, but in cases of the problem, you may not be able to know where the error; so the foundation is extremely important;
Recommended article: "Linux users (user) and user group (group) Management Overview"
2.1, anonymous ftp users and user groups to understand;
When we visit the major FTP access, you may think we do not by any logged in, if he allow anonymous FTP, then login; such as we enter the browser;
ftp://mirrors.kernel.org
Or
ftp://ftp:ftp @ mirrors.kernel.org
We will find the final two lines of the above can be visited, and the results show exactly the same, skip to the end ftp://mirrors.kernel.org address; then we access the FTP, it is not so user and password? Yes, is the need, but the server side to allow anonymous access, and anonymous access the user name and password are ftp, anonymous access is only because we did not feel that he just a username and password. The second is the address to ftp user, ftp password is to visit ftp://mirrors.kernel.org;
If we connect to ftp command mirrors.kernel.org, we will find that users need to enter ftp, password to access ftp;
In the FTP server, the anonymous user's user name and password are ftp; the users on your operating system's / etc / passwd in能找得到; may be similar to the following line;
ftp:x:14:50:FTP User: / var / ftp: / sbin / nologin
Description:
/ etc / passwd is the user's configuration file; / etc / group is the user group profile, you can "Linux user (user) and user group (group) Management Overview" and related documents to understand the management of some users some basic knowledge;
Ftp user in this line, we can see that the seven fields, each field was used between the field: No. partition;
ftp is the user name
x is the password field is hidden;
14 is the user's UID field, you can set up their own, do not and other users the same UID, otherwise it will create problem of system security;
50 user group with GID, can be set, and other user groups do not share the FTP of the GID, otherwise it will create system-wide problem of the whole;
FTP User is the user that the field;
/ var / ftp is a ftp user's home directory, you can define its own;
/ sbin / nologin This is the User Login SHELL, this is also the definition of, / sbin / nologin said that he could not log on to the system; System Virtual Account (also known as pseudo-users) are generally set up so. For example, we ftp user / sbin / nologin replace / bin / bash, so ftp user tools through local or remote ssh or telnet to the real user logged into the system. To do so the system is unsafe; If you believe a user is not much need to log on to the system, we can only give him the authority FTP account, meaning that only FTP permissions to him, rather than to his SHELL set to / bin / bash, etc.;
Ftp user group on the understanding:
We look at / etc / group time, you will find that such a;
ftp:x:50:
/ etc / group is the management of user group profile, above this line that the user group ftp, x is the password above, 50 is the GID; we were in the / etc / passwd line of the ftp user that the ftp is ftp user group because the ftp user that line ftp user GID and group GID is the same;
2.2, anonymous ftp user and ftp user group can delete
Under normal circumstances, can not put / etc / passwd and / etc / group in the ftp users and groups to delete the line, because the FTP server is the need for them to come to the realization of the FTP user management, in the case of default.
Although it can not be deleted, but the / etc / passwd and / etc / group of the ftp user and ftp users to group a number of things can be modified; ftp instance, we can remove the user's home directory, users can also ftp UID changed ... ... the assumption that you understand the user management, user management system is the basis of all applications, one of the brothers may be novice Linux users do not understand the importance of management, but slowly you will found the truth;
3, vsFTPd installation;
In the latest major release of vsFTPd have to install the package after you release with the corresponding provision of the package can be installed on the management tools; of course, you can go to the major release of the FTP mirror to find the vsftpd package; of course, the package management tools can be installed online; vsftpd package would have little time to spend not more than two minutes it is enough; because This is the beginners course, I seriously recommend that you use release software to install, is not recommended to compile your own installation package source;
If you are using Fedora or Redhat systems, you can use the following command-line installation;
[root @ localhost ~] # yum install vsftpd
If it is debian type system can be installed using apt online;
[root @ localhost ~] # apt-get install vsftpd
If you are the RPM system, but also can find package vsftpd-xxxx.rpm through the rpm command to install;
[root @ localhost ~] # rpm-ivh vsftpd *. rpm
You can download the source packages to install
For instance, we download the vsftpd-2.0.3.tar.gz;
[root @ localhost ~] # tar zxvf vsftpd-2.0.3.tar.gz
[root @ localhost ~] # cd vsftpd-2.0.3
[root @ localhost ~] # make; make install
[root @ localhost ~] # cp vsftpd.conf / etc
And then modify / etc / vsftpd.conf, in the configuration file of the last line by adding the following line;
listen = yes
Installation methods, source packages, if your system is RPM package management system, you can delete / etc / xinetd.d / vsftpd this document; and then restart xinetd server;
[root @ localhost ~] # / etc / init.d / xinetd restart
Stop xinetd: [to determine]
Restart xinetd: [to determine]
vsFTPd run, there are two models in the RPM package management review of the Department of Manpower, mostly from Fedora / Redhat development from such a system for the server said xinted; for non-RPM package management system, the general said there is no xinted . In order to ensure the unity of this document, we do not use xinetd mode operation mode with initd to start and manage the server, which is an independent operating mode; What is xinted and inted mode, you can refer to "vsFTPd from aircraft using Linux network installation server "
4, vsFTPd server start-up and shut down;
vsFTPd start-up and shut down the server is extremely easy; we can run directly to the server running in the background; it is almost all the server management operation mode;
4.1, vsFTPd server start-up and closure of the common methods;
Vsftpd running order, use the root privileges, if you have the current operation is not user root, can use su to switch to root authority; root privileges on the switch, you have two ways, one is su, the other is the sudo; Please refer to: "Linux system, the super powers of control"
vsFTPd server is running;
[root @ localhost ~] # / usr / sbin / vsftpd &
[root @ localhost ~] # / usr / local / sbin / vsftpd &
vsFTPd server is up and running;
Pgrep vsftpd we can to see it up and running vsftpd;
[root @ localhost ~] # pgrep vsftpd
4248
Shown above the vsFTPd server up and running, you can use the ftp command, lftp tools or other gftp or FTP client to test the connection;
vsFTPd server shut down:
We kill pkill vsftpd to vsftpd process, so they shut down vsFTPd with psgrep vsftpd to see the process, if there is no process that has been switched off vsFTPd; of course, have to use root permissions.
[root @ localhost ~] # pkill vsftpd
[root @ localhost ~] # pgrep vsftpd
4.2, in the Fedora / Redhat / CentOS server vsFTPd of start-up and shut down:
In Fedora / Redhat / CentOS, but also can use the following methods to start vsFTPd; of course, have to use root privileges;
[root @ localhost beinan] # / etc / init.d / vsftpd start
For vsftpd start vsftpd: [to determine]
VsFTPd restart using the following command;
[root @ localhost beinan] # / etc / init.d / vsftpd restart
Shut down vsftpd: [to determine]
For vsftpd start vsftpd: [to determine]
VsFTPd turn off the server, should use the following command;
[root @ localhost beinan] # / etc / init.d / vsftpd stop
Shut down vsftpd: [to determine]
5, vsFTPd servers and firewalls and the relationship between the SELINUX; (important)
I saw some at the forum said vsFTPd brothers to start a normal server, but it can not access or users can not upload files, I feel it should be a firewall or a matter SELINUX; FTPD server may be a firewall or anti-security mechanism SELINUX lived. Therefore, you must let the firewall through the ftp, of course, SELINUX let us in through the ftp server;
In Fedora / Redhat / CentOS, you need to set up a firewall you can turn off the firewall, or custom of allowing ftp "through the" firewall;
[root @ localhost ~] # system-config-securitylevel-tui
Click or run the following command to remove the firewall rules (general);
[root @ localhost beinan] # iptables-F
Commentary on SELINUX server may be an old hand or novice SELINUX a little bit of trouble, we recommend that you SELINUX; or to start SELINUX Skip vsFTPd server; that is to say to use 4.1, vsFTPd server start-up and shut down the general method;; this in Fedora / Redhat / CentOS server vsFTPd start in this way is valid;
Of course you can also turn off the SELINUX, in the / etc / selinux / config configuration file is as follows;
/ etc / selinux / config
# This file controls the state of SELinux on the system.
# SELINUX = can take one of these three values:
# Enforcing - SELinux security policy is enforced.
# Permissive - SELinux prints warnings instead of enforcing.
# Disabled - SELinux is fully disabled.
SELINUX = Disabled # so they turn off the SELINUX server, please restart the system;
# SELINUXTYPE = type of policy in use. Possible values are:
# Targeted - Only targeted network daemons are protected.
# Strict - Full SELinux protection.
SELINUXTYPE = targeted
6,500 OOPS: vsftpd: refusing to run with writable anonymous root
If we had a good start vsFTPd server, but the log will appear similar test is the following tips;
500 OOPS: vsftpd: refusing to run with writable anonymous root
This means that the ftp user's home directory permissions do not, we should turn over only;
[root @ localhost ~] # more / etc / passwd | grep ftp
ftp:x:1000:1000:FTP User: / var / ftp: / sbin / nologin
We found that ftp user's home directory in / var / ftp, is this / var / ftp is not the result of the authority, the authority this directory is not open to all privileges; that you run chmod 777 / var / ftp-induced; if no ftp user home directory, of course, you want to own a building;
The following FTP user's home directory is not for all users, user groups, and other user groups completely open;
[root @ localhost ~] # ls-ld / var / ftp
drwxrwxrwx 3 root root 4096 2005-03-23 / var / ftp
Fix the error, the following approach should be used;
[root @ localhost ~] # chown root: root / var / ftp
[root @ localhost ~] # chmod 755 / var / ftp
Some brothers may say that it's readable anonymous users can download, how to upload to do? This is also simple, in the / var / ftp to build under a directory, the permissions are 777 on the list, and then on OK a simply vsftpd.conf; there is no difficulty;
vsFTPd For security reasons, are not allowed to let ftp user's home directory permissions has no restrictions, you can read the document click on the vsFTPd understand; otherwise can not be referred to as the most secure FTP servers, and is not ?
7, on the description of vsFTPd profile;
vsftpd.conf is vsFTPd server configuration file, this file is usually / etc / vsftpd.conf or / etc / vsftpd / vsftpd.conf, let the system prevail. .
vsftpd.conf profile is vsFTPd overall control file server, this configuration file, each line should be counted as a rule; with the # in front of the server does not explain, which is similar to apache's configuration file; # after the next content is generally descriptive, or the option to switch off certain functions;
vsftpd.conf the configuration file does not include all the features you want to achieve, the realization of some functions, we have to solve it yourself, we have to learn how to search documents and FAQ's vsFTPd and so on, although in English, but they are relatively simple ; we used to see foreign language documents, Why? Linux is because foreigners have been formidable, heavyweight software are foreigners. Oh, brother do not complain, Who we are behind them?
Note: End of configuration files modified after vsFTPd must restart server to take effect, remember ~ ~
8, on the server vsFTPd the realization of some commonly used functions;
8.1, on the realization of anonymous uploading and downloading;
From on anonymous, is also relatively simple, we need to make some corrections vsftpd.conf, this file is located in / etc / directory may be / etc / vsftpd.conf, it may be / etc / vsftpd / vsftpd.conf document. Your system environment to prevail;
First of all: we have to change the vsftpd.conf, to ensure that the following lines;
anonymous_enable = YES
anon_upload_enable = YES
anon_mkdir_write_enable = YES
anon_umask = 022
Second: In the ftp user home directory under a folder to build, and modify its permission for the completely open;
ftp user's home directory in which? We have already said, there should be / etc / passwd to see; finger ftp can also be to see;
[root @ localhost beinan] # finger ftp
Login: ftp Name: FTP User
Directory: / var / ftp Shell: / sbin / nologin
This shows that ftp user's home directory in / var / ftp, we need to build in this directory a directory, and then set his permissions for any user can write readable executable on the list; normal circumstances, in the release , there is a / var / ftp / pub directory, and if not, you can also build a; the improved configuration file, just the / var / ftp directory under the authority of any open, can be used on an anonymous Communication and download;
For example, you want anonymous users to upload and download are in the / var / ftp / pub, will be able to / var / ftp / pub authority to open, if there is no such a directory, you have to build a;
[root @ localhost ~] # mkdir / var / ftp / pub
[root @ localhost ~] # chmod 777 / var / ftp / pub
From the time this reached the pub directory on OK, right? ?
8.2, for the insertion of a local user to read and write permissions and open the sample;
FTP users can not log on to the system in general, and this is also for safety. In the system, without permission of the user logged on to the system in general has also been referred to as a virtual user; virtual users is to be written into the / etc / passwd in; it is only a virtual user, but it is not true that the virtual user only SHELL him permission to remove the registry, so he can not afford to log on to the system;
If we want to beinan positioning in the user directory / opt / beinan this directory and can not log on to the system; we should operate as follows
[root @ localhost ~] # adduser-d / opt / beinan-g ftp-s / sbin / nologin beinan
[root @ localhost ~] # passwd beinan
Changing password for user beinan.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root @ localhost ~] #
In fact, this is not enough to change the configuration file vsftpd.conf, to ensure that the local virtual users can read and write permissions;
local_enable = YES
write_enable = YES
local_umask = 022
8.4, how to achieve a virtual path?
For example:
/ home / a map ftp://localhost/a
/ home / b / c compared with ftp://localhost/c
In fact, this can not be said to vsFTPd, in fact we had already come into contact with, perhaps we do not pay attention, we can adopt the following approach to achieve.
[root @ localhost ~] # mount - bind [the original directory] [new directory]
For example, my default ftp directory is / var / ftp, I want to / mnt / LinG / WinSoft folder mapped to the / var / ftp directory, I have the following operation
We have in / var / ftp directory to build a directory
[root @ localhost ~] # mkdir / var / ftp / WinSoft
Then run the command mount
[root @ localhost ~] # mount - bind / mnt / LinG / WinSoft / var / ftp / WinSoft
This has been OK.
8.5, open vsFTP server log function;
To below the # xferlog_file to swap, that is to open vsftp the log function, so that we will be able to / var / log directory to see vsftpd.log. This is vsFTP log feature, which for us is of paramount importance.
xferlog_file = / var / log / vsftpd.log
8.6, how to customize welcome message;
How to customize welcome message, that is, after we sign some FTP, there will be something like this: Welcome to LinuxSir FTP, here, you will be the most sincere help, and if I have any questions and suggestions, please contact us Thank you.
Is not difficult to achieve this, we can see vsftpd.conf document, whether there was a line.
dirmessage_enable = YES
message_file =. message
If there is no plus, if dirmessage_enable = YES before the #, they removed the #. In fact, the default is the FTP information. Message, we can not message_file = to specify. Also specify their own line, no matter;
Then we develop a. Message file, write what you want to write, for example, is. Message of the content is as follows:
- Welcome to LinuxSir FTP!
- Here, you will be helping the most sincere;
- If you have any questions and suggestions, please contact us Thank you.
We can use this editor to write. Message, I would like this process would not have said it.
Then we have. Message of the paper copy to each user's home directory. For example, one of my FTP users are beinan, the user's home directory is / opt / beinan
We should. Message on the / opt / beinan this directory. If the system user ftp, he is the directory / var / ftp to this directory, this is the default, when the anonymous user login is on a visit to / var / ftp to this directory. We want anonymous users to see the welcome message. We should. Message on / var / ftp directory. Other users, but also nothing more than a similar operation.
8.7, hard disk space is limited, how to ftp account to change the default home directory to somewhere else?
My hard disk space is limited, how to ftp account the default path / var / ftp change elsewhere? Or is that my linux directory are all on the / root partition, because the space of tension, I can ftp to the user's default path on the other partition? ?
Ftp user for the management of this, we should see / etc / passwd, and then modify that line ftp users;
ftp:x:14:50:FTP User: / var / ftp: / sbin / nologin
For example, we want to ftp user's home directory changed to / opt / ftp, while similar to the last line should read
ftp:x:14:50:FTP User: / opt / ftp: / sbin / nologin
Then we have to set up a new ftp user's home directory;
[root @ localhost ~] # mkdir / opt / ftp
[root @ localhost ~] # chmod 755 / opt / ftp
[root @ localhost ~] # chown root: root / opt / ftp
If the default ftp disk space of tension, in fact, we can also use the virtual path to solve the mapping; is mount - bind option; look at the situation now, which is the best way to fit;
8.8, how to link a number of restrictions vsFTP server, as well as links to each of the largest number of IP?
VsFTPd server should be prepared to document vsftpd.conf, by adding the following two lines:
max_clients = the number of
max_per_ip = the number of
For example: I want my vsFTP for maximum support link 100, each IP, support for up to five links, so I should add vsftpd.conf the following two lines:
max_clients = 100
max_per_ip = 5
Improved the preparation of documents, do not forget to start vsftp server.
8.9, how to limit the transfer speed?
anon_max_rate = the number of
Note: This is the speed of anonymous
local_max_rate = the number of
Note: This is a local user vsFTP server speed
Note: This figure is the unit of byte, so we have to calculate. For example, I want anonymous users and users on the vsFTP to 80KB download, so this figure should be 1024x80 = 81920
Therefore, we must add the following vsftpd.conf two lines
anon_max_rate = 81920
local_max_rate = 81920
8.10, how to have a choice to limit the home directory of users as well?
We want to build a document, in the / etc directory or / etc / vsftpd directory (if you are on the vsftpd configuration file, then this directory);
# touch / etc / vsftpd.chroot_list
Nanbei to beinan and limited to two users in their home directory, while others limit FTP users do this.
In this paper vsftpd.chroot_list to add beinan and opinions on the line nanbei, note that each user line.
beinan
nanbei
Then change / etc / vsftpd / vsftpd.conf documents, looking for the following two lines
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd.chroot_list
If there are no such two lines, you can add up the same.
Set up after the re-vsFTPD server.
To add a supplementary: how the system of all restrictions on the FTP user home directory as well? ? Juliaugong prompted by the elder brother, I find the foreign language vsFTPd note that this option is the size-fits-all solution to all the users home directory can be restricted
Vsftpd.conf we can change the document by adding the following line
chroot_local_user = YES
End to the preparation of documents, do not forget to restart the server vsFTPd;
8.11, how to bind IP to vsFTPd?
How to bind IP to vsFTPd? In other words, how to allow users to only a certain IP to access FTP. In fact, this feature is very interesting. If the binding is within the network of IP, there is no way outside visit. If the binding of the external services IP, in network services only through the external IP to access FTP
China and Canada in his vsftpd.conf to my local area network as an example, see the first with the operating environment, so that outside the network will not be able to access my FTP, and may also be passed within the network 192.168.0.2 to access the FTP;
listen_address = 192.168.0.2
0 评论:
发表评论