在Linux 上配置vsftpd-2.0.1

安裝及簡單配置vsftpd

[@more@]

1、從AS4的安裝光碟1中複製vsftpd-2.0.1-5.i386.rpm
[root@app ~]# cp vsftpd-2.0.1-5.i386.rpm /opt/21bak

2、安裝vsftpd-2.0.1-5.i386.rpm
[root@app 21bak]# rpm -ivh vsftpd-2.0.1-5.i386.rpm

3、啟動及關閉vsftp-2.0.1-5

--找到啟動檔案
/etc/rc.d/init.d/vsftpd
/etc/rc.d/init.d/vsftpd status
/etc/rc.d/init.d/vsftpd start
/etc/rc.d/init.d/vsftpd stop

--vsftpd的配置檔案
/etc/vsftpd.conf

4、測試
[root@app 21bak]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

--上述資訊顯示 Login successful已經配置成功

ftp> ls
227 Entering Passive Mode (127,0,0,1,108,211)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Oct 04 2004 pub
226 Directory send OK.

-----另外一種安裝配置方式-----
This page is under development and may be incomplete and/or inaccurate.

Step 1: Download the RPM package

You can aquire the latest RPM of vsftpd from either Redhat's rpm collection or from rpmfind.net. For your convenience,

this site has a local copy of the latest Redhat rpm release of vsftpd.

You can download my copy of the Redhat release of vsftpd using wget:

wget

Once you have aquired the latest rpm of vsftpd, install it:

rpm -Uvh vsftpd-1.1.3-8.i386.rpm

That's it. Vsftpd is now officially installed. Now let's make it work.

Step 2: Startup and test in "standalone" mode

vi /etc/vsftpd/vsftpd.conf

Add the following line, or if the line is already present make sure it reads as follows:

listen=YES

Save and exit from the vsftpd.conf config file.

Now let's start up vsftpd...

/usr/sbin/vsftpd &

Now try to ftp to your server. A successful ftp session should look like this:

[root@somehost]ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 1.2.1)
Name (localhost:admin): bobsmith (obviously, you will want to use a valid user on your server for the login name)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
150 Here comes the directory listing.
-rw-r--r-- 1 1001 1001 25372 Jan 17 18:50 somefile.tar.gz
drwx------ 2 1001 1001 512 Jan 16 19:16 index.htm
226 Directory send OK.
ftp> quit
221 Goodbye.
[root@somehost]

If you got a response similar to the one above, you're all set! If you would rather run your ftp server out of either

inetd or xinetd, then you will want to continue with the next test. I recommend running vsftpd out of either inetd or

xinetd.

Step 3: Configuration for inetd/xinetd operation:

To configure vsftpd for inetd or xinetd operation, do the following:

First, let's edit the /etc/vsftpd/vsftpd.conf file and tell it not to run in "standalone" mode:

vi /etc/vsftpd/vsftpd.conf

Make sure the following line exists and is set to "NO":

listen=NO

If you are running inetd, do the following:

vi /etc/inetd.conf

If there are any existing and active ftp service lines, comment them out or delete them and then add the following line:

ftp stream tcp nowait root /usr/sbin/vsftpd vsftpd

Save and exit.

Now restart inetd:

/etc/rc.d/init.d/inetd restart

If you are running xinetd, do the following:

Redhat users:

vi /etc/xinetd.d/vsftpd

# default: off
# description: The vsftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}

Save and exit.

Now stop and restart xinetd...

/etc/rc.d/init.d/xinetd restart

Now let's test the inetd/xinetd ftp server:

[root@somehost]ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 1.2.1)
Name (localhost:admin): bobsmith (obviously, you will want to use a valid user on your server for the login name)
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
150 Here comes the directory listing.
-rw-r--r-- 1 1001 1001 25372 Jan 17 18:50 somefile.tar.gz
drwx------ 2 1001 1001 512 Jan 16 19:16 index.htm
226 Directory send OK.
ftp> quit
221 Goodbye.
[root@somehost]

If you got a response similar to the one above, you're all set! Congratulations, your FTP server is alive! In the next

steps, we will tweak the configuration of the vsftpd server for the best performance.

Step 4: The vsftpd master configuration file

The master vsftp configuration should be located at /etc/vsftpd/vsftpd.conf. This file is going to determine how your

vsftpd FTP server operates. You will find that the vsftpd.conf file contains loads of configuration options. I'm not

going to cover every single option, but the most important ones are listed here:

anonymous_enable=NO/YES

Turns on or off anonymous FTP access. If you turn it on, the anonymous server config info outlined in step 3 of this

install will apply. If you are unsure about what an anonymous FTP server is, it's best to set this option to "NO".

local_enable=NO/YES

This options activates or deactivated the ability of local system users to be able to FTP to your server. Typical FTP

servers will have this option set to "YES". The only time I can think of a "NO" situation would be for an strictly

anonymous FTP server where you have no need to systemic user FTP sessions.

write_enable=NO/YES

Activates or deactivates FTP write ability. In most cases, you will want this set to "YES".

local_umask=022 (or whatever you want it to be)

The default vsftpd umask is 077. Here you can establish a custom umask if you so desire.

xferlog_enable=YES

This options activates logging of uploads & downloads.

ftpd_banner=Welcome to blah FTP service

Not a critical option in any way, but it does allow you to have friendly, customizes ftp greetings for your users.

chroot_list_enable=NO/YES
chroot_list_file=/etc/vsftpd.chroot_list

This rather important and usefull option enables the "chroot" abilities of vsftpd. With "chroot_list_enable" set to

"YES", vsftpd then looks for a "chroot_list_file" whose location is specified on the next line. Any user that is listed

in the "/etc/vsftpd.chroot_list" file is then automatically "chrooted" to their home directory. This prohibits the user

from going anywhere outside of his/her FTP home directory. Very useful in shared FTP environments or just a a general

layer of security and privacy.

userlist_enable=NO/YES
userlist_deny=NO/YES

The "userlist_enable" option instructs vsftpd to either consult or not consult either of 2 files: vsftpd.ftpusers and

vsftpd.user_list. If this option is set to "YES", the 2 files serve as lists of users that are allowed to FTP to the

server. However, when coupled with the "userlist_deny=YES"" option, the 2 files serve as list of users who are NOT

allowed to FTP to the server. This option is very useful in completely denying FTP access to critical system users such

as "root" or "apache" or "www". A very nice layer of security for your FTP server.

Step 5: The vsftpd.ftpusers, vsftpd.user_list configuration files

These 2 files tie directly into the "userlist_enable" and "userlist_deny" options in the /etc/vsftpd/vsftpd.conf config

file. When the "userlist_enable" option is set to "YES", these 2 files serve as lists of users that are allowed the FTP

the the server. However, when coupled with the "userlist_deny=YES"" option, the 2 files serve as list of users who are

NOT allowed to FTP to the server. When the "userlist_deny" option is used, the nature of the denial of FTP service that a

prohibited user received differs depending on which of the 2 files they are listed in.

If a user is listed in the "vsftpd.user_list" file and the "userlist_deny" option is activated, users will not even get

prompted for a password when they attemp to ftp to the server. They get rejected from the start.

If a user is listed in the "vsftpd.ftpusers" file and the "userlist_deny" option is activated, users will get prompted

for a password but will neer be able to log in.

Personally, I like to use the "vsftpd.user_list" configuration to establish a list of users (root, apache, www, nobody

etc.) who will never even get prompted for a password should an ftp connection be initiated on their behalf.

Step 6: The vsftpd.chroot_list configuration file

The "vsfrtpd.chroot_list" file, when used with an activated "chroot_list_enable" option, establishes a list of FTP users

who will be "chrooted" to the home FTP directory. These users will not be able to change directories past their own home

directory. This is a nice feature in shared FTP environments where privacy is needed.

Anytime you make config file changes, make sure you restart vsftpd!

That's it. There are a host of other config options that you can add if you so desire, but by and large at this point you

should have a secure and functional FTP server.