Книга: Fedora™ Unleashed, 2008 edition

Other vsftpd Server Configuration Files

Other vsftpd Server Configuration Files

You can edit vsftpd.conf to enable, disable, and configure many features and settings of the vsftpd server, such as user access, filtering of bogus passwords, and access logging. Some features might require the creation and configuration of other files, such as:

/etc/vsftpd.user_list — Used by the userlist_enable and/or the userlist_deny options; the file contains a list of usernames to be denied access to the server.

/etc/vsftpd.chroot_list — Used by the chroot_list_enable and/or chroot_local_user options, this file contains a list of users who are either allowed or denied access to a home directory. You can specify an alternative file by using the chroot_list_file option.

/etc/vsftpd.banned_emails — A list of anonymous password entries used to deny access if the deny_email_enable setting is enabled. You can specify an alternative file by using the banned_email option.

/var/log/vsftpd.log — Data transfer information is captured to this file if you enable logging by using the xferlog_enable setting.

TIP

Before editing the FTP server files, make a backup file first. Also, it is always a good idea to comment out (using a pound sign at the beginning of a line) what is changed instead of deleting or overwriting entries. Follow these comments with a brief description explaining why the change was made. This leaves a nice audit trail of what was done, by whom, when, and why. If you have any problems with the configuration, these comments and details can help you troubleshoot and return to valid entries if necessary. You can use the rpm command or other Linux tools (such as mc) to extract a fresh copy of a configuration file from the software's RPM archive. Be aware, however, that the extracted version replaces the current version and overwrites your configuration changes.

Default vsftpd Behaviors

The contents of a file named .message (if it exists in the current directory) are displayed when a user enters the directory. This feature is enabled in the installed configuration file, but disabled by the daemon. FTP users are also not allowed to perform recursive directory listings, which can help reduce bandwidth use.

The PASV data connection method is enabled to let external users know the IP address of the FTP server. This is a common problem when using FTP from behind a firewall/gateway that uses IP masquerading or when incoming data connections are disabled. For example, here is a connection to an FTP server (running ProFTPD), an attempt to view a directory listing, and the resulting need to use ftp's internal passive command:

$ ftp ftp.tux.org
Connected to gwyn.tux.org.
220 ProFTPD 1.2.5rc1 Server (ProFTPD on ftp.tux.org) [gwyn.tux.org]
500 AUTH not understood.
KERBEROS_V4 rejected as an authentication type
Name (ftp.tux.org:gbush): gbush
331 Password required for gbush. Password:
230 User gbush logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd public_html
250 CWD command successful.
ftp> ls
500 Illegal PORT command.
ftp: bind: Address already in use
ftp>
ftp> pass
Passive mode on.
ftp> ls
227 Entering Passive Mode (204,86,112,12,187,89).
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 gbush gbush 8470 Jan 10 2000 LinuxUnleashed.gif
-rw-r--r-- 1 gbush gbush 4407 Oct  4 2001 RHU72ed.gif
-rw-r--r-- 1 gbush gbush 6732 May 18 2000 SuSEUnleashed.jpg
-rw-r--r-- 1 gbush gbush 6175 Jan 10 2000 TYSUSE.gif
-rw-r--r-- 1 gbush gbush 3135 Jan 10 2000 Tzones.gif
...

NOTE

Browse to http://slacksite.com/other/ftp.html for a detailed discussion regarding active and passive FTP modes and the effect of firewall blocking of service ports on FTP server and client connections.

Another default setting is that specific user login controls are not set, but you can configure the controls to deny access to one or more users.

The data transfer rate for anonymous client access is unlimited, but you can set a maximum rate (in bytes per second) by using the anon_max_rate setting in vsftpd.conf. This can be useful for throttling bandwidth use during periods of heavy access. Another default is that remote clients are logged out after five minutes of idle activity or a stalled data transfer. You can set idle and transfer timeouts (stalled connections) separately.

Other settings that might be important for managing your system's resources (networking bandwidth or memory) when offering FTP access include the following:

dirlist_enable — Toggles directory listings on or off.

dirmessage_enable — Toggles display of a message when the user enters a directory. A related setting is ls_recurse_enable, which can be used to disallow recursive directory listings.

download_enable — Toggles downloading on or off.

max_clients — Sets a limit on the maximum number of connections.

max_per_ip — Sets a limit on the number of connections from the same IP address.

Оглавление книги

Оглавление статьи/книги

Генерация: 0.062. Запросов К БД/Cache: 0 / 0
поделиться
Вверх Вниз