兴宁A8 兴宁论坛 兴宁新闻 兴宁人的网络社区

标题: Redhat局域网安装的解决办法(2) [打印本页]

作者: 兴宁528    时间: 2012/3/2 17:35
标题: Redhat局域网安装的解决办法(2)
&nbsp;4。配制VSFTP,FVSFTP的运行有两种模式,一种是stardard "initd模式,另外一种是xinetd模式,上面我们所说的就是stardard initd运行模式。两种模式运行机制不是相同的,stardard initd模式,适合专业FTP,且FTP总是一直有人访问,占用资源也是比较大,如果您的FTP总是有人访问和登入。就要用这种模式。如果您的FTP访问人数比较小,建议您用xinetd模式。Xinetd模式,是当用户请求时,vsftpd才会启动。 <BR>不同的环境,当然得用不同的启动模式。 <BR>如果想了解更多的,请在本帖后面跟帖,我会慢慢补充xinetd模式,以及虚拟用户如何设置方面的问题。 <BR>1]我们主要把vsftp的配制文件改一下就行了。配制文件在/etc/vsftpd/vsftpd.conf,用您喜欢的编辑器打开。请参考下面的配制文件。 <BR># Example config file /etc/vsftpd.conf <BR># <BR># The default compiled in settings are very paranoid. This sample file <BR># loosens things up a bit, to make the ftp daemon more usable. <BR># <BR># Allow anonymous FTP? <BR>Anonymous_enable=YES <BR># <BR># Uncomment this to allow local users to log in. <BR>Local_enable=YES <BR># <BR># Uncomment this to enable any form of FTP write command. <BR>Write_enable=YES <BR># <BR># Default umask for local users is 077. You may wish to change this to 022, <BR># if your users expect that (022 is used by most other ftpd's) <BR>local_umask=022 <BR># <BR># Uncomment this to allow the anonymous FTP user to upload files. This only <BR># has an effect if the above global write enable is activated. Also, you will <BR># obviously need to create a directory writable by the FTP user. <BR>#anon_upload_enable=YES <BR># <BR># Uncomment this if you want the anonymous FTP user to be able to create <BR># new directories. <BR>#anon_mkdir_write_enable=YES <BR># <BR># Activate directory messages - messages given to remote users when they <BR># go into a certain directory. <BR>Dirmessage_enable=YES <BR># <BR># Activate logging of uploads/downloads. <BR>Xferlog_enable=YES <BR># <BR># Make sure PORT transfer connections originate from port 20 (ftp-data). <BR>Connect_from_port_20=YES <BR># <BR># If you want, you can arrange for uploaded anonymous files to be owned by <BR># a different user. Note! Using "root" for uploaded files is not <BR># recommended! <BR>#chown_uploads=YES <BR>#chown_username=whoever <BR># <BR># You may override where the log file goes if you like. The default is shown <BR># below. <BR>#xferlog_file=/var/log/vsftpd.log <BR># <BR># If you want, you can have your log file in standard ftpd xferlog format <BR>xferlog_std_format=YES <BR># <BR># You may change the default value for timing out an idle session. <BR>#idle_session_timeout=600 <BR># <BR># You may change the default value for timing out a data connection. <BR>#data_connection_timeout=120 <BR># <BR># It is recommended that you define on your system a unique user which the <BR># ftp server can use as a totally isolated and unprivileged user. <BR>#nopriv_user=ftpsecure <BR># <BR># Enable this and the server will recognise asynchronous ABOR requests. Not <BR># recommended for security (the code is non-trivial). Not enabling it, <BR># however, may confuse older FTP clients. <BR>#async_abor_enable=YES <BR># <BR># By default the server will pretend to allow ASCII mode but in fact ignore <BR># the request. Turn on the below options to have the server actually do ASCII <BR># mangling on files when in ASCII mode. <BR># Beware that turning on ascii_download_enable enables malicious remote parties <BR># to consume your I/O resources, by issuing the command "SIZE /big/file" in <BR># ASCII mode. <BR># These ASCII options are split into upload and download because you may wish <BR># to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), <BR># without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be <BR># on the client anyway.. <BR>#ascii_upload_enable=YES <BR>#ascii_download_enable=YES <BR># <BR># You may fully customise the login banner string: <BR>#ftpd_banner=Welcome to blah FTP service. <BR># <BR># You may specify a file of disallowed anonymous e-mail addresses. Apparently <BR># useful for combatting certain DoS attacks. <BR>#deny_email_enable=YES <BR># (default follows) <BR>#banned_email_file=/etc/vsftpd.banned_emails <BR># <BR># You may specify an explicit list of local users to chroot() to their home <BR># directory. If chroot_local_user is YES, then this list becomes a list of <BR># users to NOT chroot(). <BR>#chroot_list_enable=YES <BR># (default follows) <BR>#chroot_list_file=/etc/vsftpd.chroot_list <BR># <BR># You may activate the "-R" option to the builtin ls. This is disabled by <BR># default to avoid remote users being able to cause excessive I/O on large <BR># sites. However, some broken FTP clients such as "ncftp" and "mirror" assume <BR># the presence of the "-R" option, so there is a strong case for enabling it. <BR>#ls_recurse_enable=YES <BR>pam_service_name=vsftpd <BR>userlist_enable=YES <BR>#enable for standalone mode <BR>listen=YES <BR>tcp_wrappers=YES<BR>&nbsp;<BR><BR>2]更改完配制文件后,我们可以用下面的命令来重启VSFTPD服务器 <BR>[root@linuxsir001 root]# /etc/init.d/vsftpd restart <BR>关闭 vsftpd: [ 确定 ] <BR>为 vsftpd 启动 vsftpd: [ 确定 ] <BR>[root@linuxsir001 root]#<BR>&nbsp;<BR>




欢迎光临 兴宁A8 兴宁论坛 兴宁新闻 兴宁人的网络社区 (http://fc.xna8.com/) Powered by Discuz! X3.1