Transmission system FTP setup reference
The FTP security and concurrent stream used in the transmission system is important, first in a relatively secure VSFTP as a reference.
Commonly used FTP servers:
The main feature of VSFTP is based on security.
WUFTP high concurrent traffic, stable
1. Related description
a) Work mode.
i. Port ftp: The data transfer request is initiated by the server. (21, control port, 20 data port)
Ii. Pasvftp: The client initiates a data transfer request and determines the port used to transfer data. (This will be able to pass through the firewall.
2. Configure the process (the following parameters are in vsftpd_
1.1.3
Upload test pass)
a) Modify the configuration file /etc/vsftpd/vsftp.conf
i. Anonymous_enable = no
(Since it is an internal transmission server, it is disabled from accessing the server with anonymous user)
Ii. Local_umask = 133
(The new file only has the owner of the upload file to read and write, other users can only read)
Iii. Write_enable = YES
(Allow users to upload)
Iv. xferlog_enable = yes
(Record the FTP transmission process,)
v. chroot_local_user = yes
(For security reasons, users are prohibited from moving to other directories, and the default value can be converted.)
vi. local_max_rate = 20480
(Set up the speed of downloading and downloading bytes / secend. In order to improve the ability to access and access, it is recommended to drop
Low load rate, in addition, 20% deviation, such as 20K, actually between 18K to 22K)
Vii. MAX_CLINETS = 200
(Set the maximum number of connections)
Viii. Local_root = / OPT / FTP
(Set the default root directory after the user login)
b) Use different profiles for each user
i. Newly built a directory for saving configuration information
Such as: MKDIR / ETC / VSFTPD / USRCONF
II. Modify VSFTPD Profiles
User_config_dir = / etc / vsftpd / usrconf
III. Establish a configuration file in the username
Such as: echo write_enable = no> test
Summary: After completing the above configuration, login will not be uploaded by user Test. But other users can upload
c) Definitions in multi-network cards use to listen to addresses
i. If there are multiple IPs on the host, all IP connection FTP services can be used by default.
II. Using Listen_address = 202.115.29.94, you can set only one of the IPs can enable FTP services.
note:
1. There is a part of the default configuration parameters in vsftpd.conf, you can take effect in front #, if you don't need new addition
2. When configuring parameters, the equal sign cannot leave a space.
3. The information in vsftpd.conf takes effect after the service is restored, and the user's separate configuration information takes effect after the user is registered.
4. The default anonymous user uses FTP, and the anonymous user will enter the FTP user's work directory 3. Additional information code
110 Restart the tag.
120 Service is Ready for a long time.
125 Data Link Open, ready to transfer.
150 file status is normal, turn on the data connection port.
200 command execution is successful.
202 Command failed.
211 System status or system help response.
The status of the 212 directory.
The status of the 213 file.
214 Help the message.
215 Name System Types.
220 new online service.
221 The control connection of the service is closed and can be logged out.
225 Data connection is open, but no transmission action.
226 Turn off the data connection port, the requested file operation is successful.
227 Enter Passive Mode.
230 user login.
250 The requested file operation is completed.
257 shows the current path name.
The 331 user name is correct and needs a password.
332 Require account information when logging in.
350 The operation of the request requires a command to enter.
421 Unable to provide services, close control links.
425 Unable to turn on the data link.
426 Close online, terminate the transmission.
The operation of the 450 request is not executed.
451 Command Termination: There is a local error.
452 Unexpected command: The disk space is insufficient.
500 Format error, unrecognizable commands.
501 Parameter grammatical error.
502 Command failed.
503 Command order error.
The parameters connected to the 504 command are incorrect.
530 is not logged in.
532 Storage file requires an account to log in.
550 Operation of the requested request.
551 The command is terminated, and the type is unknown.
552 Request file is terminated, and the storage bit overflows.
553 The command of the request is not executed, the name is incorrect
