First of all, the most basic configuration, please see my /etc/vsftpd/vsftpd.conf
######################################################################################################################################################################################################################################################################################################## ########################################################################################################################################################################################################################################################################################################## User Local_Nable = YES
# You can upload (global control). If you want an anonymous user, you can upload anony_upload_enable = yes. If you want an anonymous user to create a directory, you need to set anony_mkdir_write_enable = YES. It is forbidden to upload anonymous users, so do not set these two items. .write_enable = YES # local user upload file umasklocal_umask = 022
# Use the upload / download log, the log file defaults to /var/log/vsftpd.log, you can modify the xferlog_enable = YES # log using the XFerLog_File Options = YES # log_std_format = YES
#Login Welcome Information FTPD_BANNER = Welcome To Kingarthur's FTP Service. # Settings The above FTPD_BANNER settings, the user login will display / etc / vsftpd / banner banner_file = / etc / vsftpd / banner # is YES Display the contents of the text file (, default to .message) specified by the message_file option when entering the directory DirMessage_enable = yes # Local User Login, if this is set, the local user login will be in his HOME Directory (/ ETC / Passwd's sixth field). The corresponding option for anonymous users is anon_rootlocal_root = / var / ftp
# Set to YES The following control is effective chroot_list_enable = yes # If no No, the file recorded in the chroot_list_file option (default is /etc/vsftpd.chroot_list) will be written in the directory in the login after logging in. Leave. If you are YES, the recorded user will not be chroot. Here, you can choose Yes.chroot_local_user = YES
# If you are set to yes, the user will not be login in the userlist_file option specifying the file (default /etc/vsftpd.user_list) will not be login, and the following UserList_deny option userList_enable = yes # is only recorded in UserList_File Option Specifies the login request of the user in the file (default is /etc/vsftpd.user_list). If YES does not accept the request for these users. ISERLIST_DENY = no # Note !!! VSFTPD also to check the /etc/vsftpd.ftpusers file The user recorded in this file will not be login !!
# The server runs in Standalong mode, which can perform the following control listen = yes # anonymous transmission ratio (b / s) anon_max_rate = 51200 # Local user's transmission ratio (b / s) local_max_rate = 512000 # acceptable maximum client Number MAX_CLIENTS = 100 # Maximum number of clients per IP MAX_PER_IP = 5
Connect_From_Port_20 = yestcp_wrappers = yespam_service_name = vsftpd
######################################################################################################################################################################################################################################################################################################## #####################
Here is my /etc/vsftpd.user_list######################################################################################################################################################################################################################################################################################## ################################### ftpuseranonymous
######################################################################################################################################################################################################################################################################################################## ########################################################################################################################################################################################################################################################################################################## Then establish the system user ftpuser, add him to the FTP group and change the last field of the / etc / passwd to the last field of his record to / sbin / nologin (for disabling local login). Setting / var / ftp owner and all groups for root , Permission is 755 set / var / ftp / pub owner is root, all groups are FTP, permission is 775
The basic configuration of this VSFTPD is complete. Here we accept anonymous user anonymous and local user FTPUSER requests. Anonymous can only download, FTPUSER can download and upload. They are logged in and unable to leave this directory ( By Chroot) .ftpuser can establish a directory and upload file in the / var / ftp / pub directory, the permission to upload file is 755 (set Local_umask = 022). Anonymous user's transmission ratio is 50kb / s, the transfer ratio of FTPuser For the maximum number of customers connected to 100, the maximum number of customers connected to each IP is 5. If you need to make the local user ftpput can login, just need to add him to /etc/vsftpd.user_list, to make him Uploaded, just join him to the FTP group. Next we can establish the .message file under the / var / ftp, including / var / ftp, so that the user enters this directory to display. Message content, you You can write welcome information or precautions in this. You can edit / etc / vsftpd / banner to create login, welcome your FTP more personalized.
Below we use Quota to add disk limits for FTPuser, avoid malicious users with spam filled with your hard drive. Suppose / var / ftp In the root partial area / (/ dev / hda5), record / etc / fstab recorded The fourth field is changed to Defaults, USRQUOTA, so this record looks like this: label = / / ext3 defaults, USRQUOTA 1 1 After restart the system, enter the following command: quotacheck -Acu # Check the file system that enables the quota, and Create a current disk for each file system Quotacheck -avu # Generates the current disk of each enabled file system EDQUOTA FTPUSER # for the user FTPUSER Setting disk quota At the default text editor ( VI) Open quota files, showing like this: Disk quotas for user ftpuser (Uid 501): FileSystem Blocks Soft Hard Inodes Soft HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD HARD / DEV / HDA5 0 0 0 0 0 The first column is the name of the file system that enables quota . The second column shows the number of blocks currently used. Then two columns are used to set the soft and hard block limits that the user is on the file system. The Inodes column shows the number of I nodes currently used. The last two columns are used to set the soft hard I node limit of the user on the file system. The hard limit is the absolute maximum of the disk space you can use by the user or group. After the limit is reached, the disk space cannot be used by the user or group. The maximum disk space that can be used by a soft definition. Unlike hard limits, the soft limit can be exceeded during a period of time. This period is called a transition period (GRACE PERIOD). The transition period can be represented by seconds, minutes, hours, days, numbers, numbers, or months. If any of the above values is set to 0, then the limit will not be set. Press your needs to modify the launch. To verify that the user's quota is set, use the following command: Quota Testuser then use Edquota -T To set the transition period, this command will also open the current file system quota in the text editor: GRACE Period Before Enforcing Soft Limits for Users: Time Units May Be: days, hours, minutes OR SecondsFilesystem Block Grace Period Inode Grace Period / Dev / HDA5 7DAYS 7DAYS Press your needs to modify the repository to exit So we successfully add disk quotas for FTPUSER. And a relatively complete FTP site is also configured.
