VSFTP complement
Add 1: How do I choose to limit the user to my home directory? We have to build a document yourself, in the / etc directory #touch /etc/vsftpd.chroot_list Limit in the two users of Beinan and Nanbei in their home directory, while other FTP users do not do this. In the vsftpd.chroot_list this file, add Beinan and Nanbei to the line, pay attention, each user occupies a row. beinannanbei /etc/vsftpd/vsftpd.conf then change the file to find the following two lines # chroot_list_enable = YES # chroot_list_file = / etc / vsftpd.chroot_list # removed in front of the number, i.e. such chroot_list_enable = YESchroot_list_file = / etc / vsftpd .chroot_list If there is no such two lines, you can add it on your own. After setting up, re-vsftpd servers. Supplementary Supplement: How to limit all FTP users in the system in the catalog? ? After the Juliaugong brother, I found the foreign language description of vsftpd, prove that this option is a knife to solve all users can limit that we can limit the vsftpd.conf file, join the following line chroot_local_user = YES to make a formulation file Don't forget to restart the vsftpd server [root @ Linuxsir001 root] # /etc/init.d/vsftpd Restart Close vsftpd: [OK] Start vsftpd for vsftpd: [OK] [root @ Linuxsir001 root] # Supplement 2: Open the VSFTP server Log Function: Try the # number in front of XFerlog_File, that is, turns the VSFTP's log function so that we can view vsftpd.log in / var / log directory. This is VSFTP log function, which is extremely important for us. # xferlog_file = / var / log / vsftpd.log Supplement 3: How to make the binding IP to VSFTP? That is, how to let users access FTP through an IP. In fact, this feature is very interesting. If binding is the IP of the intranet, there is no way to access it outside.
If binding is the external service IP, the intranet can only access the FTP in /etc/vsftpd/vsftpd.conf, as an example of my LAN, please see the first post Operating the environment, so that the external network cannot access my FTP, the intranet may also access ftplisten_address = 192.168.0.2 through 192.168.0.2, to restart the VSFTP server [root @ Linuxsir001 root] # /etc/init.d / vsftpd restart off vsftpd: [OK] Start vsftpd for vsftpd: [OK] [root @ Linuxsir001 root] # Supplement 4: How to make the VSFTP server limit the number of links, and the maximum number of links per IP? ? A: You should change the formulation of the VSFTP server vsftpd.conf, add the following two lines: max_clients = digital max_per_ip = number example: I want my VSFTP to maximize the number of links to 100, each IP, up to 5 Link, so I should add the following two lines in vsftpd.conf: max_clients = 100max_per_ip = 5 changes the formulation file, do not forget to start the VSFTP server. Supplement 5: How to limit the speed of download? Anon_max_rate = Note: This is anonymous download speed local_max_rate = number Note: This is the download speed of ordinary users on the VSFTP server Note: The unit of this number is byte, so we have to calculate. For example, I want an anonymous user and the user on the VSFTP to download 80KB, so this number should be 1024x80 = 81920 so we have to add the following two lines in vsftpd.conf = 81920Local_max_rate = 81920 Don't forget to restart the vsftpd service Supply six: My hard disk space is limited, how do I change my account ftp default path / VAR / FTP? Or, all of my Linux is placed in / root partition, because the space is tight, can I put the default path of the FTP user to another partition? ? Yes, you should do it as follows! First, you should delete the FTP user. # Userdel -r ftp will have an error message, but it is normal. Then we add this user again. For example, I want to set the account ftp home directory in / mnt / ling / ftp, we can do the following [root @ Linuxsir001 root] # mkdir / mnt / ling [root @ Linuxsir001 root] # adduser -d / mnt / ling / ftp -g ftp -s / sbin / nologin ftp is just doing this, because this still can't let anonymous user find its home directory, so we must change / mnt / ling / ftp This directory permission. [root @ linuxsir001 root] # chmod 755 / mnt / ling / ftp / [root @ Linuxsir001 root] # chown -r root.root / mnt / ling / ftp / additional seven: How to customize welcome information, that is, we log in some FTP After that, you will appear: Welcome to LinuxSir FTP, here you will get the most sincere help, if there is any questions and suggestions, please let me know, thank you.
It is not difficult to implement this, we can view the vsftpd.cof file, whether there is this line. DirMessage_enable = yes If you don't add, if DirMessage_enable = YES has ##, you will drop the ##. Then we develop a .message file, write something you want to write, such as. Message content is as follows: Welcome to LinuxSir ftp! Here you will get the most sincere help; if there is any questions and suggestions, please let me know, thank you. We can use the editor to write this. Message, I don't want to say this process. Then we copy the .message file to the home directory of each user. For example, a user of my FTP is Beinan. The home directory where the user is located is / home / beinan, we have to put it in / home / beinan. If the system user ftp, his directory is / var / ftp this directory, this is the default, and when an anonymous user logins is the / var / ftp directory. We want an anonymous user to see welcome information. It is necessary to put it in / var / ftp directory. Other users, nothing more than similar operations. Supplement 8: How to implement a virtual path? For example: / home / a mapping is ftp: // localhost / A / home / b / c is ftp: // localhost / c In fact, this cannot be said to be vsftpd, in fact, we have already touched it, maybe we don't Note that we can be implemented by the following methods. #mount --bind [original directory] [New Directory] For example, my FTP's default directory is / var / ftp, I want to map the / mnt / ling / winsoft folder, map to / var / ftp directory, I Just as follows, we must first build a directory in / var / ftp directory #mkdir / var / ftp / winsoft and then execute the mount command #mount --bind / mnt / ling / winsoft / var / ftp / winsoft this is OK. Supplement Nine: How to get anonymous access, upload, and support download and execute? In the default, VSFTP does not support access to anonymous users, so we have to open the appropriate options yourself. Now I am in response to this problem, we have to open the following options. Anonymous_enable = yes Note: Allow anonymous access anon_upload_enable = yes Note: Allow upload anon_mkdir_write_enable = yes Note: Allow the establishment of the corresponding directory Anon_umask = 022 to change the file or directory change authority uploaded to the FTP, or not, we still want to let Anonymous writes the last level of the file with write rights, with the FTP I did as an example, the directory of the FTP of the FTP is / var / ftp, in VSFTPD, / var / ftp this directory is Cannot let anonymous users have write permissions, this is for security considerations, so we must build a directory in / var / ftp directory, so that this directory has writes. For example: I built a UPLOAD directory in / var / ftp directory, and then set it to 777, so anonymous users can write.
#MKDIR / VAR / FTP / UPLOAD #CHMOD 777 / VAR / FTP / UPLOAD Change a series of files, don't forget to restart the vsftpd server I use Standalone mode, of course, with the following method [root @ Linuxsir001 root] # service vsftpd Restart Close VSFTPD: [OK] Start vsftpd for vsftpd: [OK] [ROOT @ LinuxSir001 root] # If you use the Xinetd mode to start vsftpd, we have to restart the Xinetd server [root @ Linuxsir001 root] # service xinetd Restart Stop xinetd : [OK] Start xinetd: [OK] [root @ Linuxsir001 root] #] Supplement 10: Adding a virtual user through PAM authentication, adding a user with DB_LOAD, is a real virtual user. Now let's introduce, through future learning, we will further add: 1. Create a file ftp [root @ Linuxsir001 root] # touch /etc/pam.d/ftp2 in the /etc/pam.d/ directory. In /etc/pam.d/ftp plus two line auth request /lib/security/pam_userdb.so db = / etc / vsftpd_loginaccount required /lib/security/pam_userdb.so db = / etc / vsftpd_login3. Create a user-friendly user-friendly file logins.txt [root @ Linuxsir001 root] # touch logins.txt In the logins.txt file, enter the following content. You can be your own. For example, I will below. In fact, LinuxSir007 is a virtual user name of FTP. 123456 is the password of LinuxSir007; LinuxSir008 is a virtual user name, 234567 is the password of LinuxSir008, with this type, you want to join a few; the following is the virtual user name I added. password. ............................ Create a real user name LinuxSir006, this LinuxSir006 user, the home directory is scheduled by you. I have said not much here. I am added by the system default. [root @ Linuxsir001 root] # UserAdd LinuxSir0065. Copy / etc / hosts to / home / LinuxSir006, and change its home [root @ Linuxsir001 root] #CP / etc / hosts / home / linuxsir006 / hosts [root @ Linuxsir001 root] #Chown LinuxSir006.LinuxSir006 / Home / LinuxSir006 / Hosts 6. Create a library file of a virtual user via db_load. We built a logins.txt file in front, I am in the / root user directory. So we have to switch the directory to the / root directory to create a library file for the virtual user. [root @ Linuxsir001 root] # db_load -t -t hash -f logins.txt /etc/vsftpd_login.db7.
Change the vsftpd.conf file, add a few lines of PAM_SERVICE_NAME = ftpGuest_enable = yesguest_username = LinuxSir006on_World_Readable_only = NO8. Restart the VSFTPD server; change a series of files, don't forget to restart the vsftpd server, I use Standalone mode, of course, with the following method [root @ Linuxsir001 root] # service vsftpd restart off vsftpd: [OK] to start vsftpd: [ Determine] [root @ Linuxsir001 root] # If you use the xinetd mode to start vsftpd, we have to restart the Xinetd server [root @ Linuxsir001 root] # service xinetd restart XINETD: [OK] Start xinetd: [OK] [root @ LinuxSir001 root] # 9. If you want the user to log in to FTP, log in to successful information, please copy you .Message to your user's home directory, please refer to the previous supplements. 10. Test: [root @ linuxsir001 root] # ftp 192.168.0.1Connected to 192.168.0.1.220 (vsFTPd 1.1.3) 530 Please login with USER and PASS.530 Please login with USER and PASS.KERBEROS_V4 rejected as an authentication typeName (192.168 .0.1: root): Linuxsir007331 please specify the password.password: 230 - Welcome to LinuxSir FTP230 - here, you will get the most sincere help! 230- This site is limited to 30KB! 230- Each IP is limited to four threads 230- Please comply with the relevant provisions of FTP. 230- Thank you! 230-230-LinuxSir management unit 230 Login successful. Have fun.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,0,1,85,171) 150 Here comes the directory listing.- RW-R - R - 1 FTP FTP 174 JUN 01 12:59 HostsdrwxR-XR-X 3 FTP FTP 4096 JUN 01 13:29 LinuxSir008Drwxr-XR-X 2 FTP FTP 4096 Jun 01 13:24 Sun226 Directory Send OK. FTP> Supplement 11: How to install the system defaults in Redhat 9.0, the default vsftpd is started with the Standalone startup mode with the Standalone boot mode? If it is installed with the source package, the XINETD mode is installed after installation. If it is installed with an RPM package, in Redhat 9.0, you should use the following method to solve it.
