In this recipe, you will learn how to customize your vsftpd
installation. vsftpd
has a lot of configuration parameters, and here we will show how to create a custom welcome banner, change the server's default-time out, limit user connections, and ban users from the service.
To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges and a console-based text editor of your choice. It is expected that your server will be using a static IP address and that vsftpd
is already installed with a chroot jail and is currently running.
vsftpd
configuration file:vi /etc/vsftpd/vsftpd.conf
ftpd_banner=Welcome to my new FTP server
idle_session_timeout=600 data_connection_timeout=120
local_max_rate=1000000 max_clients=50 max_per_ip=2
echo "username" >> /etc/vsftpd/user_list
systemctl restart vsftpd
In this recipe, we have shown some of the most important vsftpd
settings. Covering all the configuration parameters here is outside the scope of this recipe. To learn more about it, read through the entire main vsftpd
configuration file at /etc/vsftpd/vsftpd.conf,
as it contains a lot of useful comments; alternatively, you can read the man vsftpd.conf
manual.
So what did we learn from this experience?
We began by opening the main vsftpd
configuration file and then activated and customized the welcome banner using the ftpd_banner
directive. On the next successful login, your users should see your new message. Next, when dealing with a large number of users, you may want to consider changing the values for a default timeout and limit the connections in order to improve the efficiency of your FTP service.
First, we changed our server's timeout numbers. An idle_session_timeout
of 600
seconds will logout the user if he is inactive (not executing FTP commands) for 10 minutes, while a data_connection_timeout
of 120
seconds will kill the connections when a client data transfer is stalled (not progressing) for 20 minutes. Then we changed the connection limits. A local_max_rate
of 1000000
bytes per second will limit the data transfer rate of a single user to roughly one megabyte per second. A max_clients
value of 50
will tell the FTP server to only allow 50 parallel users to the system, while a max_per_ip
of 2
allows only two connections per IP address.
Then we saved and closed the file. Finally, we showed how to ban users from using our FTP service. If you wanted to ban a specific user from using the FTP service as a whole, the user's name should be added to the /etc/vsftpd/user_list
file. If you ever need to re-enable the user at any time, simply reverse the previous process by removing the user concerned from /etc/vsftpd/user_list
.