[vsftpd] 설치(install) 및 기본 설정(configuration setting)

- 우분투 서버(Ubuntu 10.04 LTS)에서 실행한 내용임 -

 대충 서버에 필요한 하드디스크는 모두 정리를 한 것 같다. 이제 FTP 서비스를 위해 vsftpd를 설치하여 사용해 보자.

설치는 간단하다. 아래와 같은 커맨드로 설치를 해 주면 끝~!

root@server:~# apt-get install vsftpd

이렇게 설치를 하니 2.2.2버전의 vsftpd가 설치되었다.

이제 ftp서버 셋팅을 위해 vsftpd.conf를 들쑤셔 보자.

root@server:~# vi /etc/vsftpd.conf

일단, 기본 설정파일의 내용은 아래와 같다. (굵은 글씨로 표시되는 부분만 수정하였다.)

약간 주의하여야 할 부분이라면,

- chroot_local_user=YES : 모든 로컬 유저들의 홈 디렉토리를 루트 디렉토리로 제한한다. 즉, 홈 디렉토리 안에서만 놀 수 있다는 뜻.
- chroot_list_enable=YES : 특정 유저를 위의 제한에서 제외시킨다. 제외시킬 유저의 리스트는 /etc/vsftpd.chroot_list에 정의

위 두 가지 정도라 하겠다. 물론, 여기에 나타나지 않은 셋팅 항목들도 수두룩하다. 자세한 내용은 홈페이지를 참조하자. ^^;
(vsftpd 홈페이지 : http://vsftpd.beasts.org/, 메뉴얼 페이지 : http://vsftpd.beasts.org/vsftpd_conf.html)

   1: # Example config file /etc/vsftpd.conf

   2: #

   3: # The default compiled in settings are fairly paranoid. This sample file

   4: # loosens things up a bit, to make the ftp daemon more usable.

   5: # Please see vsftpd.conf.5 for all compiled in defaults.

   6: #

   7: # READ THIS: This example file is NOT an exhaustive list of vsftpd options.

   8: # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

   9: # capabilities.

  10: #

  11: #

  12: # Run standalone?  vsftpd can run either from an inetd or as a standalone

  13: # daemon started from an initscript.

  14: listen=YES

  15: #

  16: # Run standalone with IPv6?

  17: # Like the listen parameter, except vsftpd will listen on an IPv6 socket

  18: # instead of an IPv4 one. This parameter and the listen parameter are mutually

  19: # exclusive.

  20: #listen_ipv6=YES

  21: #

  22: # Allow anonymous FTP? (Disabled by default)

  23: anonymous_enable=NO

  24: #

  25: # Uncomment this to allow local users to log in.

  26: local_enable=YES

  27: #

  28: # Uncomment this to enable any form of FTP write command.

  29: write_enable=YES

  30: #

  31: # Default umask for local users is 077. You may wish to change this to 022,

  32: # if your users expect that (022 is used by most other ftpd's)

  33: local_umask=022

  34: #

  35: # Uncomment this to allow the anonymous FTP user to upload files. This only

  36: # has an effect if the above global write enable is activated. Also, you will

  37: # obviously need to create a directory writable by the FTP user.

  38: #anon_upload_enable=YES

  39: #

  40: # Uncomment this if you want the anonymous FTP user to be able to create

  41: # new directories.

  42: #anon_mkdir_write_enable=YES

  43: #

  44: # Activate directory messages - messages given to remote users when they

  45: # go into a certain directory.

  46: dirmessage_enable=YES

  47: #

  48: # If enabled, vsftpd will display directory listings with the time

  49: # in  your  local  time  zone.  The default is to display GMT. The

  50: # times returned by the MDTM FTP command are also affected by this

  51: # option.

  52: use_localtime=YES

  53: #

  54: # Activate logging of uploads/downloads.

  55: xferlog_enable=YES

  56: #

  57: # Make sure PORT transfer connections originate from port 20 (ftp-data).

  58: connect_from_port_20=YES

  59: #

  60: # If you want, you can arrange for uploaded anonymous files to be owned by

  61: # a different user. Note! Using "root" for uploaded files is not

  62: # recommended!

  63: #chown_uploads=YES

  64: #chown_username=whoever

  65: #

  66: # You may override where the log file goes if you like. The default is shown

  67: # below.

  68: #xferlog_file=/var/log/vsftpd.log

  69: #

  70: # If you want, you can have your log file in standard ftpd xferlog format.

  71: # Note that the default log file location is /var/log/xferlog in this case.

  72: #xferlog_std_format=YES

  73: #

  74: # You may change the default value for timing out an idle session.

  75: #idle_session_timeout=600

  76: #

  77: # You may change the default value for timing out a data connection.

  78: #data_connection_timeout=120

  79: #

  80: # It is recommended that you define on your system a unique user which the

  81: # ftp server can use as a totally isolated and unprivileged user.

  82: #nopriv_user=ftpsecure

  83: #

  84: # Enable this and the server will recognise asynchronous ABOR requests. Not

  85: # recommended for security (the code is non-trivial). Not enabling it,

  86: # however, may confuse older FTP clients.

  87: #async_abor_enable=YES

  88: #

  89: # By default the server will pretend to allow ASCII mode but in fact ignore

  90: # the request. Turn on the below options to have the server actually do ASCII

  91: # mangling on files when in ASCII mode.

  92: # Beware that on some FTP servers, ASCII support allows a denial of service

  93: # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

  94: # predicted this attack and has always been safe, reporting the size of the

  95: # raw file.

  96: # ASCII mangling is a horrible feature of the protocol.

  97: #ascii_upload_enable=YES

  98: #ascii_download_enable=YES

  99: #

 100: # You may fully customise the login banner string:

 101: #ftpd_banner=Welcome to blah FTP service.

 102: #

 103: # You may specify a file of disallowed anonymous e-mail addresses. Apparently

 104: # useful for combatting certain DoS attacks.

 105: #deny_email_enable=YES

 106: # (default follows)

 107: #banned_email_file=/etc/vsftpd.banned_emails

 108: #

 109: # You may restrict local users to their home directories.  See the FAQ for

 110: # the possible risks in this before using chroot_local_user or

 111: # chroot_list_enable below.

 112: #chroot_local_user=YES

 113: #

 114: # You may specify an explicit list of local users to chroot() to their home

 115: # directory. If chroot_local_user is YES, then this list becomes a list of

 116: # users to NOT chroot().

 117: chroot_local_user=YES

 118: chroot_list_enable=YES

 119: # (default follows)

 120: chroot_list_file=/etc/vsftpd.chroot_list

 121: #

 122: # You may activate the "-R" option to the builtin ls. This is disabled by

 123: # default to avoid remote users being able to cause excessive I/O on large

 124: # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

 125: # the presence of the "-R" option, so there is a strong case for enabling it.

 126: #ls_recurse_enable=YES

 127: #

 128: # Debian customization

 129: #

 130: # Some of vsftpd's settings don't fit the Debian filesystem layout by

 131: # default.  These settings are more Debian-friendly.

 132: #

 133: # This option should be the name of a directory which is empty.  Also, the

 134: # directory should not be writable by the ftp user. This directory is used

 135: # as a secure chroot() jail at times vsftpd does not require filesystem

 136: # access.

 137: secure_chroot_dir=/var/run/vsftpd/empty

 138: #

 139: # This string is the name of the PAM service vsftpd will use.

 140: pam_service_name=vsftpd

 141: #

 142: # This option specifies the location of the RSA certificate to use for SSL

 143: # encrypted connections.

 144: rsa_cert_file=/etc/ssl/private/vsftpd.pem

추가 : last 명령어로 접속여부를 확인하고자 할 경우에는 'session_support=YES'를 추가해 줘야 한다.