rotocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
主要配置项
[root@haha-main-130 ~]# cat /etc/vsftpd/vsftpd.conf | grep -vE '^$|^#'
anonymous_enable=YES #是否允许匿名登录
local_enable=YES #是否允许本地用户登录
write_enable=YES #是否允许写入
local_umask=022 #掩码值
dirmessage_enable=YES #是否允许记录日志
xferlog_enable=YES #是否允许记录日志
connect_from_port_20=YES #允许20端口连接
xferlog_file=/var/log/xferlog #日志记录文件位置
xferlog_std_format=YES
listen=YES #是否打开本地监听
listen_ipv6=YES #ipv6监听
pam_service_name=vsftpd #守护名称
userlist_enable=YES #允许userlist文件内用户登录
tcp_wrappers=YES
vsftp匿名用户模式
配置文件
1.允许匿名用户登录
anonymous_enable=YES
2.允许匿名用户上传文件
anon_upload_enable=YES
3.允许匿名用户写入、创建文件夹
anon_mkdir_write_enable=YES
4.允许匿名用户修改文件名,删除文件夹操作
anon_other_witer_enable=YES
vsftp本地用户模式
- 基于linux的本地账号密码进行验证,配置简单,但是存在安全隐患
配置文件
[root@haha-main-130 ~]# cat /etc/vsftpd/vsftpd.conf | grep -Ev '^$|^#'
anonymous_enable=NO #关闭匿名用户验证模式
local_enable=YES
write_enable=YES
local_umask=022 #默认文件权限
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES
此时/etc/vsftpd/ftpuser文件中的用户名不允许登录
vsftp虚拟用户模式
- 单独为FTP工具创建用户数据库,基于口令验证账号密码的信息
- 安装DB工具,能够转化普通文件为vsftpd识别的数据库文件
yum -y install db4 db4-utils
- 创建用于验证的数据文件
[root@haha-main-130 vsftpd]# cat db.txt
name1
111
name2
222
- 加密文件
[root@haha-main-130 vsftpd]# db_load