Configuring vsftp
To start the configuration of the FTP server, you need to look at the config file. For vsftpd , there is only one main config file; it’s located at /etc/vsftpd/vsftpd.conf, which is where you configure the settings of the FTP server.
Step 1. Look at which options are available in the config file:
# grep -v ^# vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
Step 2. Now let’s go over what each of these options can be used for:
| 选项 | 含义 |
|---|---|
| anonymous_enable=YES | The default; sets security, although it should be changed to NO for better host-based security |
| local_enable=YES | Allows local users to log in |
| write_enable=YES | Enables users to write to directories |
| local_umask=022 | Sets the umask for all uploaded files |
| dirmessage_enable=YES | Displays directory messages |
| xferlog_enable=YES | Logs all transfer activity to /var/log/xferlog |
| connect_from_port_20=YES | Forces port transfers to originate from port 20 |
| xferlog_std_format=YES | Logs everything in standard transfer format |
| listen=YES | Allows the server to listen for connections |
| pam_service_name=vsftpd | Specifies the name used for the PAM service |
| userlist_enable=YES | Enables the service to consult user_list |
| tcp_wrappers=YES | Allows incoming requests based on the TCP Wrappers configuration |
| userlist_deny=YES | Enables users listed in user_list to log in via FTP |
These default settings for the vsftpd service allow you to get off the ground running with the FTP service. At this point, any one of your system’s users is able to log in to the vsftpd service, but because the firewall is enabled by default, the connection will be denied. Before you open the connection to your users, take some time to become familiar with the different options you can configure on your FTP server. The config file is heavily documented as to what each option does.
TIP
When editing the config file, make sure you don’t include any spaces
between the option you’re using and the value you’re assigning it.
This could cause an error during startup of the service.