Method of configuring FTP under CentOS system

Time:2021-12-4

Check FTP service during installation. CentOS system will help you install vsftpd FTP server and mark it as system service

Start command: / etc / rc.d/init.d/vsftpd start

At this time, you can use FTP client connection

The permissions of vsftpd seem to be linked to the system permissions

The following is the copied configuration to explain the configuration of vsftpd

Vsftpd.ftpusers: located in the / etc directory. It specifies which user accounts cannot access the FTP server, such as root

  vsftpd.user_ List: it is located in the / etc directory. The user account in this file cannot access the FTP server by default. Only when the userlist is enabled in the vsftpd. Conf configuration file_ Access is allowed only when enable = no option

Vsftpd.conf: it is located in the / etc / vsftpd directory. It can customize the configuration of FTP servers such as user login control, user permission control, timeout setting, server function options, server performance options, server response messages, etc

(1) CentOS system user login control

  anonymous_ Enable = yes, allow anonymous users to log in

  no_ anon_ Password = yes, anonymous users do not need to enter a password when logging in

  local_ Enable = yes, allow local users to log in

  deny_ email_ Enable = yes, you can create a file to save the blacklist of some anonymous emails to prevent these people from using DOS attacks

  banned_ email_ file=/etc/vsftpd.banned_ Email, when deny is enabled_ email_ When the enable function is enabled, the required e-mail blacklist saving path (the default is / etc / vsftpd. Barned_emails)

(2) CentOS system user authority control

  write_ Enable = yes, enable global upload permission

  local_ Umask = 022, the umask of the uploaded file of the local user is set to 022 (the system defaults to 077, which can generally be changed to 022)

  anon_ upload_ Enable = yes, anonymous users are allowed to have upload permission. Obviously, write must be enabled_ Enable = yes to use this item. At the same time, we must also establish a directory that allows FTP users to read and write (as mentioned earlier, FTP is the mapped user account of anonymous users)

  anon_ mkdir_ write_ Enable = yes, allowing anonymous users to create directories

  chown_ Uploads = yes, if this option is enabled, the primary user who uploads files anonymously will be changed to another user account. Note that it is recommended not to specify the root account as the primary user who uploads files anonymously!

chown_ Username = Whoever, when chown is enabled_ When uploads = yes, the specified primary user account is the primary user account, and the who here should naturally be replaced by the appropriate user account

  chroot_ list_ Enable = yes, you can use a list to limit which local users can only be active in their own directory. If chroot_ local_ User = yes, then the users specified in this list are unrestricted

  chroot_ list_ file=/etc/vsftpd.chroot_ List, if chroot_ local_ User = yes, specify the save path of the list (chroot_local_user) (the default is / etc / vsftpd. Chroot_list)

  nopriv_ User = ftpsecure, specify a secure user account and use the FTP server as a completely isolated and unprivileged independent user. This is the recommended option for the vsftpd system

  async_ abor_ Enable = yes, it is strongly recommended not to enable this option, otherwise an error may occur!

  ascii_ upload_ enable=YES; ascii_ download_ Enable = yes, by default, the server pretends to accept the ASC Ⅱ mode request, but actually ignores such a request. Enabling the above two options can enable the server to truly realize the ASC Ⅱ mode transmission

Note: enable ASCII_ download_ The enable option allows malicious remote users to consume a large amount of I / O resources of the FTP server with instructions such as “size / big / file” in ASC II mode

These ASC Ⅱ mode settings are divided into upload and download options, so that we can allow ASC Ⅱ mode upload (which can prevent the crash caused by uploading malicious files such as scripts) without the risk of denial of service attack

(3) CentOS system user connection and timeout options

  idle_ session_ Timeout = 600, the default idle timeout can be set. If the user does not act after this time, he will be kicked out by the server

  data_ connection_ Timeout = 120, set the default data connection timeout

(4) CentOS system server log and welcome information

  dirmessage_ Enable = yes, it is allowed to configure the display information for the directory and display the message under each directory_ The contents of the file

  ftpd_ Banner = welcome to blah FTP service, you can customize the welcome information that FTP users see when logging in to the server

  xferlog_ Enable = yes, enable the function of recording upload / download activity log

  xferlog_ File = / var / log / vsftpd.log. You can customize the save path and file name of the log file. The default is / var / log / vsftpd.log

Above, we have completed the FTP configuration in CentOS system