Vsftpd Configuration

The ProFTPd server is extremely powerful, but sometimes a simpler server is in order. Such a server provides at least the potential for greater security and speed. An FTP server that's rapidly gaining prominence for these features is vsftpd, which is available for Debian, Mandrake, Red Hat, and SuSE.

Ordinarily, vsftpd is run from a super server, as described in Chapter 22; however, it can be run from a SysV or local startup script if you prefer. The vsftpd configuration file is /etc/vsftpd.conf. This file contains comment lines, which begin with hash marks (#), and directive lines that take the form:

option=value

There must be no stray spaces surrounding the equal sign in vsftpd directives. Table 24.2 summarizes some of the most important vsftpd directives. This table doesn't cover all of the available directives; check the vsftpd.conf man page for information on additional directives.

Table 24.2: Important vsftpd Directives

Option

Value

Meaning

listen

YES or NO

If YES, vsftpd binds itself to the FTP port. Set this value to YES ifvsftpd is run from a SysV or local startup script; leave it at its default value (NO) if it's run from a super server.

ftpd_banner

String

Sets a welcome message that appears in the user's FTP client program when connecting.

nopriv_user

Username

The username vsftpd uses for unprivileged operations.

ftpjjsername

Username

The username vsftpd uses for anonymous access. The default is ftp.

local_enable

YES or NO

Whether or not to accept authenticated local user logins.

anonymous_enable

YES or NO

Whether or not to accept anonymous logins.

anon_root

Directory name

The directory to be used as the root directory for anonymous access. This directory must normally not be writeable to the anonymous user, unless anon_upload_enable is YES. The default is the anonymous user's home directory, as specified in /etc/passwd.

chrootJocaljjser

YES or NO

Tells vsftpd whether or not to usechroot when accepting local user logins.

userlist_enable

YES or NO

If YES, vsftpd checks the file specified by userlist_file and denies logins to these users before asking for a password.

write_enable

YES or NO

Grants or denies the ability to write files—that is, for users to upload files as well as download them.

anon_upload_enable

YES or NO

Grants or denies anonymous users the ability to upload files. If YES, write_enable must also be YES.

The default vsftpd configuration file often supports both authenticated local user logins and anonymous logins. Typically, vsftpd performs a chroot for anonymous users, but it does not do so for authenticated local users. If you want to verify or change these features, check the configuration file for the following lines, and change them as necessary:

anonymous_enable=YES local_enable=YES

You can also change additional options related to these, such as the location of the anonymous root directory (anon_root) and whether or not to chroot into authenticated users' home directories when they log in (chroot_local_user).

Team LIB

^ previous

Team LiB

^ previous

0 0

Post a comment