Install and Configure VSFTPD

[root@bigboy tmp]# service vsftpd start
[root@bigboy tmp]# service vsftpd stop
[root@bigboy tmp]# service vsftpd restart

To configure VSFTPD to start at boot, use the chkconfig command:
[root@bigboy tmp]# chkconfig vsftpd on

TESTING THE STATUS OF VSFTPD [root@bigboy root]# netstat -a | grep ftp
tcp 0 0 *:ftp *:* LISTEN
[root@bigboy root]#

 

 THE VSFTPD.CONF FILE

 

 VSFTPD runs as an anonymous FTP server: Unless you want any
remote user to log into to your default FTP directory using a username of
anonymous and a password that’s the same as their e-mail address, I suggest
turning this off. You can set the configuration file’s anonymous_enable
directive to no to disable this feature. You’ll also need to simultaneously
enable local users to be able to log in by removing the comment symbol
(#) before the local_enable instruction.

VSFTPD allows only anonymous FTP downloads to remote
users, not uploads from them: You can change this by modifying the
anon_upload_enable directive shown later.

 VSFTPD doesn’t allow anonymous users to create directories on
your FTP server: You can change this by modifying the
anon_mkdir_write_enable directive.
☞ VSFTPD logs FTP access to the /var/log/vsftpd.log log file: You can
change this by modifying the xferlog_file directive.
☞ VSFTPD expects files for anonymous FTP to be placed in the
/var/ftp directory: You can change this by modifying the anon_root
directive. There is always the risk with anonymous FTP that users will
discover a way to write files to your anonymous FTP directory. You run
the risk of filling up your /var partition if you use the default setting. It is
best to make the anonymous FTP directory reside in its own dedicated
partition.
The configuration file is fairly straightforward as you can see in the snippet:
# Allow anonymous FTP?
anonymous_enable=YES
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
# (Needed even if you want local users to be able to upload files)
write_enable=YES
# Uncomment to allow the anonymous FTP user to upload files. This only
# has an effect if global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to
create
# new directories.
#anon_mkdir_write_enable=YES
# Activate logging of uploads/downloads.
xferlog_enable=YES
# You may override where the log file goes if you like.
# The default is shown# below.
#xferlog_file=/var/log/vsftpd.log
# The directory which vsftpd will try to change
# into after an anonymous login. (Default = /var/ftp)
#anon_root=/data/directory
To activate or deactivate a feature, remove or add the # at the beginning
of the appropriate line.

 

Other vsftpd.conf Options
There are many other options you can add to this file:
☞ Limiting the maximum number of client connections (max_clients)
☞ Limiting the number of connections by source IP address (max_per_ip)
☞ Setting the maximum rate of data transfer per anonymous login
(anon_max_rate)
☞ Setting the maximum rate of data transfer per non-anonymous login
(local_max_rate)
Descriptions on this and more can be found in the vsftpd.conf man
pages.
 

FTP Users with Read-Only Access to a Shared Directory In this example, anonymous FTP is not desired, but a group of trusted users need
to have read-only access to a directory for downloading files. Here are the steps:
1. Disable anonymous FTP. Comment out the anonymous_enable line in the
vsftpd.conf file:
# Allow anonymous FTP?
# anonymous_enable=YES
2. Enable individual logins by making sure you have the local_enable line
uncommented in the vsftpd.conf file:
# Uncomment this to allow local users to log in.
local_enable=YES
3. Start VSFTP.
[root@bigboy tmp]# service vsftpd start
4. Create a user group and shared directory. In this case, use /home/ftpusers
and a user group name of ftp-users for the remote users:
[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs
5. Make the directory accessible to the ftp-users group:
[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs
6. Add users, and make their default directory /home/ftp-docs:
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user2
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user3
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user4
[root@bigboy tmp]# passwd user1
[root@bigboy tmp]# passwd user2
[root@bigboy tmp]# passwd user3
[root@bigboy tmp]# passwd user4
7. Copy files to be downloaded by your users into the /home/ftp-docs
directory.
8. Change the permissions of the files in the /home/ftp-docs directory to
read-only access by the group:
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/*
[root@bigboy tmp]# chmod 740 /home/ftp-docs/*

 

 Users should now be able to log in via FTP to the server using their new
usernames and passwords. If you absolutely don’t want any FTP users to
be able to write to any directory, then you should set the write_enable line
in your vsftpd.conf file to no:
write_enable = NO
Remember, you must restart VSFTPD for the configuration file changes
to take effect.
Sample Login Session to Test Functionality
Here is a simple test procedure you can use to make sure everything is working
correctly:
1. Check for the presence of a test file on the FTP client server.
[root@smallfry tmp]# ll
total 1
-rw-r–r– 1 root root 0 Jan 4 09:08 testfile
[root@smallfry tmp]#
2. Connect to Bigboy via FTP:
[root@smallfry tmp]# ftp 192.168.1.100
Connected to 192.168.1.100 (192.168.1.100)
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.100:root): user1
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
As expected, you can’t do an upload transfer of testfile to bigboy:
ftp> put testfile
local: testfile remote: testfile
227 Entering Passive Mode (192,168,1,100,181,210)
553 Could not create file.
ftp>
But we can view and download a copy of the VSFTPD RPM on the FTP
server bigboy:
ftp> ls
227 Entering Passive Mode (192,168,1,100,35,173)
150 Here comes the directory listing.
-rwxr—– 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm

 

 226 Directory send OK.
ftp> get vsftpd-1.1.0-1.i386.rpm vsftpd-1.1.0-1.i386.rpm.tmp
local: vsftpd-1.1.0-1.i386.rpm.tmp remote: vsftpd-1.1.0-
1.i386.rpm
227 Entering Passive Mode (192,168,1,100,44,156)
150 Opening BINARY mode data connection for vsftpd-1.1.0-
1.i386.rpm (76288 bytes).
226 File send OK.
76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)
ftp> exit
221 Goodbye.
[root@smallfry tmp]#
As expected, an anonymous FTP fails:
[root@smallfry tmp]# ftp 192.168.1.100
Connected to 192.168.1.100 (192.168.1.100)
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.100:root): anonymous
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
[root@smallfry tmp]#
Now that testing is complete, you can make this a regular part of your
FTP server’s operation.

 

 

 

 

 

 

 

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: