Tuesday, May 22, 2007

VSFTPD Configuration

VSFTPD- Very Secure FTP Daemon is the default ftp server for RedHat flavours of linux. The version discussed here is 2.0.4.

The configuration directory for vsftpd is /etc/vsftpd.

Here is a short description of most common configuration options in the main configuration file: /etc/vsftpd/vsftpd.conf

Listen Port & Address

To change the listening port from default 21
listen_port=10021

By default vsftpd listen on all configured ip addresses. To configure vsftpd to listen on a single ip address
listen_address=65.17.45.85

User Management

Enable local system users of the ftp server to connect with their credentials
local_enable=YES

To restrict local users to their home directory (chroot)
chroot_local_user=YES

This will restrict all local users from accessing folders other than their home directory. If you want
to excempt some users from this restriction, you can specify a list of such user as follows.

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

/etc/vsftpd/chroot_list should contain the list of users who do not have the chroot restriction
If you set chroot_list_enable=NO or comment this line the file chroot_list will not be read by vsftpd

Anonymous Access

Enable anonymous user access. The home directory for anonymous user is /var/ftp
anonymous_enable=YES

If you want to allow anonymous users to upload files. This is disabled by default
anon_upload_enable=YES

Enable anonymous users to create directories. Disabled by default
anon_mkdir_write_enable=YES

To allow anonymous users to login without being prompted for a password:
no_anon_password=YES

Greeting/Message

FTP Welcome Banner
ftpd_banner=Welcome to XYZ Co Ltd FTP service.

Directory Message Enabling. Enabled by default
dirmessage_enable=YES

If this is enabled you can put a text file name .dirmessage in any directory that ftp user can access.
The contents of the file will be displayed to the ftp user when he changes to that directory.

Security

All users listed in the file /etc/vsftpd/ftpusers will be denied access to the ftp service

IF the entry userlist_enable is set to YES in vsftpd.conf, another file /etc/vsftpd/user_list is read for the users list.
But whether the users listed in this file are denied or allowed access depends on another directive in vsftpd.conf: If,

userlist_deny=NO
only users in this file will be allowed access. But if
userlist_deny=YES
the users in this file will also be denied ftp access.

The file ftpusers take precedence over user_list if the same user is listed in both files.
The file name user_list can be changed with
userlist_file=another_user_list_filename
at 7:49 PM Posted by Safeer CM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)