FTP配置

在

ubuntu 上配置了FTP

1.FTP路径

/mnt/share/ftp

2.添加账户路径

1 增加组 groupadd  ftpgroup2 增加用户 useradd -g ftpgroup -d /mnt/share/ftp/ftpuser -M ftpuser3 设置用户口令 passwd ftpuser4编辑文件: /etc/vsftpd.d/vsftp.chroot_list 内容为ftp用户名,每个用户占一行,如： ftpuser以后每增加一个用户,只需执行2.3.4即可.

3.根目录权限修改

    local_root定义的目录不可写    $ sudo chmod a-w /mnt/share/ftp    $sudo vim  /etc/vsftpd/vsftpd.conf     ##chroot_local_user=YES                                                                                                                          #chroot_list_enable=YES     # (default follows)     #chroot_list_file=/etc/vsftpd.d/vsftpd.chroot_list   修改以上三行为    chroot_local_user=NO                                                                                                                             chroot_list_enable=YES     # (default follows)     chroot_list_file=/etc/vsftpd.d/vsftp.chroot_list 

4.锁定用户查看目录

/etc/vsftpd.d/vsftp.chroot_list 中添加用户

mkdir  /mnt/share/ftp/ftpuserchown ftpuser:ftpgroup -R  /mnt/share/ftp/ftpuserchmod 700 -R /mnt/share/ftp/ftpuser

这样就可以针对不同的用户登录不同目录的FTP了。

FAQ:

Q1. 不想让ftp用户有登录服务器，修改了shell为shell 为 /bin/false 还是/usr/sbin/nologin都会造成“响应:530 Login incorrect.”的错

分析：vsftpd默认会检查用户的shell，如果用户的shell在/etc/shells没有记录，将用户shell改为/bin/false后，用户无法登陆ftp，

A1 :在/etc/shells加上/bin/false就可以了。

附上vsftpd.conf的配置

# Example config file /etc/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.### Run standalone?  vsftpd can run either from an inetd or as a standalone# daemon started from an initscript.listen=YES## Run standalone with IPv6?# Like the listen parameter, except vsftpd will listen on an IPv6 socket# instead of an IPv4 one. This parameter and the listen parameter are mutually# exclusive.#listen_ipv6=YES## Allow anonymous FTP? (Beware - allowed by default if you comment this out).#anonymous_enable=YES#anonymous_enable=NO#anon_root=/mnt/share/ftp/## Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## If enabled, vsftpd will display directory listings with the time# in  your  local  time  zone.  The default is to display GMT. The# times returned by the MDTM FTP command are also affected by this# option.use_localtime=YES## Activate logging of uploads/downloads.xferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/vsftpd.log## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.#xferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd.banned_emails## You may restrict local users to their home directories.  See the FAQ for# the possible risks in this before using chroot_local_user or# chroot_list_enable below.## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)#chroot_local_user=YESchroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd.chroot_listchroot_list_file=/etc/vsftpd.d/vsftpd.chroot_listlocal_root=/mnt/share/ftp/## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## Customization## Some of vsftpd's settings don't fit the filesystem layout by# default.## This option should be the name of a directory which is empty.  Also, the# directory should not be writable by the ftp user. This directory is used# as a secure chroot() jail at times vsftpd does not require filesystem# access.secure_chroot_dir=/var/run/vsftpd/empty## This string is the name of the PAM service vsftpd will use.pam_service_name=vsftpd#userlist_enable=YES#userlist_file=/etc/vsftpd.d/vsftpd.user_list## This option specifies the location of the RSA certificate to use for SSL# encrypted connections.rsa_cert_file=/etc/ssl/private/vsftpd.pem