I. Foundation
The 1. configuration file is located in/etc//etc /etc/vsftpd/vsftpd.conf
/etc/vsftpd.ftpusers
/etc/vsftpd.user_list
2. Background process: vsftpd
3。 Use 2 1. 20 port
2 1 is used for control and 20 is used for data transmission.
4。 Log:
/var/log/vsftpd.log xferlog
Only the transmission data information is recorded
5。 Ftpcount ftpwho tool, little effect.
Second, the configuration parameters
1。 Allow anonymous login?
# Allow anonymous FTP?
Anonymous _ Enabled = No.
2。 Login timeout control
# You can change the default value of idle session timeout.
Idle session timeout =600
3。 Data transmission timeout control
# You can change the default value of data connection timeout.
# Data connection timeout = 120
4。 Customize welcome information
# You can completely customize the login banner string:
Ftpd _ banner = Welcome to Youhongyu FTP service.
Third, access control key configuration method
1。 Modify in vsftpd.conf (* * * control chroot**** *).
Chroot _ list _ enable = Yes
Chorot _ list _ file =/etc/vsftpd.chroot _ list (if not, you need to create it).
Users in /etc/vsftpd.chroot_list are users who can't chroot, which means that these users can only be in their own (/home) directory.
2。 Control access to user files
/etc/vsftpd.ftpusers
All users in this file cannot access ftp.
However, different from what will be described below, during the visit, it is not reported that 530 permission is denied, but that 530 login is incorrect.
3。 Control access to user files (note that vsftpd.conf needs to be configured).
/etc/vsftpd.user_list
Remember: to make this file work, you must configure userlist_enable=yes, otherwise it will not work (it is open by default).
Then when userlist_enable=yes and userlist_deny=yes (it needs to be added manually), users in /etc/vsftpd.user_list cannot access ftp.
When userlist_enable=yes and userlist_deny=no (manual addition is required), only users in /etc/vsftpd.user_list can access ftp.
Number two and number three. If the same user is involved and applied according to the principle of or, deny is needed as long as there is one file.
Third, improve
1。 Change port
You need to add a sentence to the configuration file.
listen_port=2 12 1
If the client machine is windows, it needs to specify the port as 2 12 1.
If you want to use ftp command under linux, you need to change the ftp port number in the /etc/services file to 2 12 1.
ftp 2 12 1/tcp
ftp 2 12 1/udp fsp fspd
2。 (Use the hosts.allow restriction)
If the reader wants to define the allowed or denied source address directly in /etc/hosts.allow,
The following steps can be performed. This is a simple firewall setting.
Step 1. Ensure that tcp_wrappers in /etc/vsftpd/vsftpd.conf is set to YES.
Tcp _ wrappers = Yes
This is the default value of RedHat9, and basically does not need to be modified.
Step two. Restart vsftpd.
[root @ home vsftpd]#/sbin/service vsftpd restart
Closing vsftpd: OK]
Starting vsftpd for vsftpd: OK]
Step three. Set /etc/hosts.allow, for example, provide11.22.33.4 and10./.1to10.6544.
Line, you can make the following settings:
vsftpd: 1 1 1 . 22 . 33 . 4 10. 1. 1。 : Allow
All: All: Rejected.
/****
Self-experimental situation
Restricted domain name
Host. Allow
Vsftpd:.cyy.net: Allow
Host. Rejected
vsftpd:ALL:deny
: The error report is
Connect to cyy.net.
42 1 service is unavailable.
***/
3。 (Speed limit) * * * Pay attention to the compilation of different strategies for different users * * * *
Limit file transfer speed: the maximum speed of local users is 200KBytes, and they log in anonymously.
The maximum speed that users can use is 50 kilobytes/second.
Step 1. Modify/etc//etc /etc/vsftpd/vsftpd.conf
Add the following two lines.
Maximum anonymous rate =50000
Local maximum ratio =200000
Step two. Restart vsftpd.
[root @ home vsftpd]#/sbin/service vsftpd restart
Closing vsftpd: OK]
Starting vsftpd for vsftpd: OK]
The speed unit here is bytes per second, where anonymous login is limited by anon_max_rate.
Users, and local_max_rate is limited to local users. Speed limitation of VSFTPD
System, the range is about 80% to 120%, that is, we limit the maximum speed to 100KBytes/s,
But the actual speed may be between 80KBytes/s and120 kbytes/s. Of course, if the bandwidth is insufficient,
, which will be below this limit.
3.2.8. Restrict different speeds for different users: Suppose that the highest speed that can be used by test 1 is
250kb/s, and the maximum speed that test2 can use is 500kb/s. ..
Step 1. Modify/etc//etc /etc/vsftpd/vsftpd.conf
Add the next line
user _ config _ dir =/etc/vsftpd/userconf
Step two. Add a directory: /etc/vsftpd/userconf.
mkdir /etc/vsftpd/userconf
Step three. Add a new file named test 1 under /etc/vsftpd/userconf.
Add a line to the content:
Local maximum rate =250000
Step four. Add a new file named test2 under /etc/vsftpd/userconf.
Add a line to the content:
Local maximum ratio =500000
Step five. Restart vsftpd.
[root @ home vsftpd]#/sbin/service vsftpd restart
Closing vsftpd: OK]
Starting vsftpd for vsftpd: OK]