FTP配置
来源:互联网 发布:淘宝真皮皮带 编辑:程序博客网 时间:2024/05/17 22:06
在
ubuntu 上配置了FTP
1.FTP路径
/mnt/share/ftp2.添加账户路径
1 增加组 groupadd ftpgroup2 增加用户 useradd -g ftpgroup -d /mnt/share/ftp/ftpuser -M ftpuser3 设置用户口令 passwd ftpuser4编辑文件: /etc/vsftpd.d/vsftp.chroot_list 内容为ftp用户名,每个用户占一行,如: ftpuser以后每增加一个用户,只需执行2.3.4即可.3.根目录权限修改
local_root定义的目录不可写 $ sudo chmod a-w /mnt/share/ftp $sudo vim /etc/vsftpd/vsftpd.conf ##chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.d/vsftpd.chroot_list 修改以上三行为 chroot_local_user=NO chroot_list_enable=YES # (default follows) chroot_list_file=/etc/vsftpd.d/vsftp.chroot_list
4.锁定用户查看目录
/etc/vsftpd.d/vsftp.chroot_list 中添加用户
mkdir /mnt/share/ftp/ftpuserchown ftpuser:ftpgroup -R /mnt/share/ftp/ftpuserchmod 700 -R /mnt/share/ftp/ftpuser
这样就可以针对不同的用户登录不同目录的FTP了。
FAQ:
Q1. 不想让ftp用户有登录服务器,修改了shell为shell 为 /bin/false 还是/usr/sbin/nologin都会造成“响应:530 Login incorrect.”的错
分析:vsftpd默认会检查用户的shell,如果用户的shell在/etc/shells没有记录,将用户shell改为/bin/false后,用户无法登陆ftp,
A1 :在/etc/shells加上/bin/false就可以了。
附上vsftpd.conf的配置
# Example config file /etc/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.### Run standalone? vsftpd can run either from an inetd or as a standalone# daemon started from an initscript.listen=YES## Run standalone with IPv6?# Like the listen parameter, except vsftpd will listen on an IPv6 socket# instead of an IPv4 one. This parameter and the listen parameter are mutually# exclusive.#listen_ipv6=YES## Allow anonymous FTP? (Beware - allowed by default if you comment this out).#anonymous_enable=YES#anonymous_enable=NO#anon_root=/mnt/share/ftp/## Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## If enabled, vsftpd will display directory listings with the time# in your local time zone. The default is to display GMT. The# times returned by the MDTM FTP command are also affected by this# option.use_localtime=YES## Activate logging of uploads/downloads.xferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/vsftpd.log## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.#xferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd.banned_emails## You may restrict local users to their home directories. See the FAQ for# the possible risks in this before using chroot_local_user or# chroot_list_enable below.## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)#chroot_local_user=YESchroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd.chroot_listchroot_list_file=/etc/vsftpd.d/vsftpd.chroot_listlocal_root=/mnt/share/ftp/## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## Customization## Some of vsftpd's settings don't fit the filesystem layout by# default.## This option should be the name of a directory which is empty. Also, the# directory should not be writable by the ftp user. This directory is used# as a secure chroot() jail at times vsftpd does not require filesystem# access.secure_chroot_dir=/var/run/vsftpd/empty## This string is the name of the PAM service vsftpd will use.pam_service_name=vsftpd#userlist_enable=YES#userlist_file=/etc/vsftpd.d/vsftpd.user_list## This option specifies the location of the RSA certificate to use for SSL# encrypted connections.rsa_cert_file=/etc/ssl/private/vsftpd.pem
0 0
- FTP配置
- ftp配置
- FTP配置
- FTP配置
- ftp配置
- ftp配置
- FTP配置
- ftp 配置
- 配置FTP
- FTP 配置
- ftp配置
- ftp配置
- FTP配置
- IIS FTP 服务器 配置
- redhat 9.2 配置ftp
- 如何配置FTP服务器
- ftp服务器基本配置
- FTP配置详细解释
- 取消ios7下自带的手势滑动导航
- 一步步学习微软InfoPath2010和SP2010--第七章节--从SP列表和业务数据连接接收数据(5)--添加筛选器到业务连接服务外部内容类型
- Windows server 2008 R2实现多用户远程连接
- android中Handler的初步认识(四)
- 获取鼠标坐标
- FTP配置
- 黑马程序员--- 学习笔记(第七天)
- 用css3:display制作简单的表格
- 让人一步,天宽地阔
- ubuntu 13.10 JD-GUI跑不起来怎么办
- Oracle同义词创建及其作用
- SQL Server2012数据库之一:安全体系以及DBA如何管理
- 新手邮件营销注意事项参考
- 【LeetCode】Max Points on a Line