It uses system accounts, so you might want to be careful what each account has access to etc.
You may get an "Login Incorrect" error while trying to login. In /var/log/messages, you may see an error message like "avc: denied { search } for". This is due to SELinux settings. Run the command "/usr/sbin/setsebool -P ftp_home_dir 1" to fix this. Reference
For security purpose, it's recommended to limit FTP users to only specifically named ones. The default setting does not do that. To do that, add "user_list_deny=NO" to vsftpd.conf, delete all names in user_list, and then re-populate the list with only names that you allow FTP access to.
If there is a firewall, you need to open up ports 20 and 21. Standard FTP & FTP Data ports. In addition, for passive mode (which is recommended), you'll need to limit the port range VS FTP uses and then open up those specific ports in the firewall. To specify the port range used by VS FTP, add the following lines to vsftpd.conf (port numbers just examples):
- pasv_min_port=15000
- pasv_max_port=15005
Reference
No comments:
Post a Comment