FTP

FTP Overview
1).FTP Control Channel, TCP Port 21: All commands you send and the ftp server's responses to those commands will go over the control connection, but any data sent back (such as "ls" directory lists or actual file data in either direction) will go over the data connection.
2).FTP Data Channel, TCP Port 20: This port is used for all subsequent data transfers between the client and server

Types of FTP
The two main types of FTP are active and passive. In active FTP, the FTP server initiates a data transfer connection back to the client. For passive FTP, the connection is initiated from the FTP client.
Active FTP
1).Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as 'ls' and 'get' are sent over this connection.
2). Whenever the client requests data over the control connection, the server initiates data transfer connections back to the client. The source port of these data transfer connections is always port 20 on the server, and the destination port is a high port (greater than 1024) on the client.
3). Thus the ls listing that you asked for comes back over the port 20 to high port connection, not the port 21 control connection.
Passive FTP
1).Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over that connection.
2). Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.

Anonymous User Permissions
Uploading by anonymous user is enabled with anon_upload_enable option.To let anonymous users also rename or delete their files you set the anon_other _write_enable option.To also them create directives,you set anon_mkdir_write_enable option.
anon_upload_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES
All uploaded files are owned by the anonymous FTP user.You can have the files owned by other user,adding greater possible security.In effect the actual user owning the uploaded files becomes hidden from anonymous users.To enable this option,you can chown_uploads and specify the new user with chown_username.
chown_uploads=YES
chown_username=username
The uploaded directory itself should be given write permissions by other users.
You can control the kind of access that users have to file with anon_mask option setting default permissions for upload files.The default is 077
Connection Time Limits
The idle_session_timeout option will cut off idle users after a specified time and data_connection_timeouts will cut off failed data connections.The defaults are
idle_session_timeout=600
data_connection_timeout=120
The ftpd_banner options lets you setup FTP login messages
ftpd_banner=Welcome to FTP Service


Vsftpd Access Controls

Denying Access
The deny_email_enable options lets you deny access by by anonymous users and the banned_email file option designates the file that holds the email address of the users.

UserAccess
The userlist_enable options control access by users denying access to those listed in the file designated by the userlist_file(vsftpd.userlist).If you want to restrict access to certain selected users,you can change meaning and usage of the vsftpd.user_list file to indicate only those users allowed access,instead of those denied access.To do this you set userlist_deny option is NO the only users in vsftpd.user_list will be granted access to FTP site.
User Restrictions
The chroot_list_enable option controls access by local users,letting them access only theirhome directories,while restricting system access.The chroot_list_file option designates the file (vsftpd.chroot) that lists those users allowed access.You can allow access by all users with the chroot_local_user option.If this option is set then the file designated by chroot_list_file will have an inverse meaning,listing those users not allowed access.In eg the access by local users is limited to those listed in vsftpd.chroot_list
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
changing the default vsftp anonymous accout directory /var/ftp to other directory.---> add "anon_root=/var/ftp" to the bottom of the anonymous user login in vsftpd.conf

Vsftpd Virtual Hosts
Virtual hosting is where a single FTP server operates as if it has two or more IP addresses.Several IP addresses can then be used to access the same server.The Server will then use a seperate FTP user directory and files for each hosts.With Vsftpd this involves manually creating seperate VSFTPD configuration fles for each virtual hosts in /etc/vsftpd directory