Basic Setup
To disable anonymous login and to enable local users login and give them write permissions:
Code:
# No anonymous login anonymous_enable=NO # Let local users login # If you connect from the internet with local users, you should enable TLS/SSL/FTPS local_enable=YES # Write permissions write_enable=YES
To chroot users
To jail/chroot users (not the vsftpd service), there are three choices. Search for "chroot_local_users" on the file and consider one of the following:
Code:
# 1. All users are jailed by default: chroot_local_user=YES chroot_list_enable=NO # 2. Just some users are jailed: chroot_local_user=NO chroot_list_enable=YES # Create the file /etc/vsftpd.chroot_list with a list of the jailed users. # 3. Just some users are "free": chroot_local_user=YES chroot_list_enable=YES # Create the file /etc/vsftpd.chroot_list with a list of the "free" users.
To deny some users to login, add the following options in the end of the file:
Code:
userlist_deny=YES userlist_file=/etc/vsftpd.denied_users
To allow just some users to login:
Code:
userlist_deny=NO userlist_enable=YES userlist_file=/etc/vsftpd.allowed_users
The not allowed users will get an error that they can't login before they type their password.
TLS/SSL/FTPS
NOTE: you definitely have to use this if you connect from the Internet.
To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them):
Code:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES # Filezilla uses port 21 if you don't set any port # in Servertype "FTPES - FTP over explicit TLS/SSL" # Port 990 is the default used for FTPS protocol. # Uncomment it if you want/have to use port 990. #listen_port=990
發表文章
沒有留言:
張貼留言