vsftpd安装配置[ubuntu下亲测可用]

说明

本文所使用的是ubuntu操作系统，或许和其他版本的linux系统存在一定的区别。

实验环境

ubuntu 16.4

安装

$ sudo apt-get install vsftpd

检测端口

$ sudo netstat -npltu | grep 21成功结果：tcp6       0      0 :::21                   :::*                    LISTEN      885/vsftpd 提示：若未出现此结果，则说明你的21端口未打开。默认情况是不需要修改的

接测安装是否成功

$ ftp localhost输入用户名和密码即可登入（不可输入root用户 默认的拦截root用户的）

修改配置

$ sudo gedit /etc/vsftpd.conf具体的配置需要根据自己来选择listen=<YES/NO> :设置为YES时vsftpd以独立运行方式启动，设置为NO时以xinetd方式启动（xinetd是管理守护进程的，将服务集中管理，可以减少大量服务的资源消耗）listen_port=<port> :设置控制连接的监听端口号，默认为21listen_address=<ip address> :将在绑定到指定IP地址运行，适合多网卡connect_from_port_20=<YES/NO> :若为YES，则强迫FTP－DATA的数据传送使用port 20，默认YESpasv_enable=<YES/NO> :是否使用被动模式的数据连接，如果客户机在防火墙后，请开启为YESpasv_min_port=<n>pasv_max_port=<m> :设置被动模式后的数据连接端口范围在n和m之间,建议为50000－60000端口message_file=<filename> :设置使用者进入某个目录时显示的文件内容，默认为 .messagedirmessage_enable=<YES/NO> :设置使用者进入某个目录时是否显示由message_file指定的文件内容ftpd_banner=<message> :设置用户连接服务器后的显示信息，就是欢迎信息banner_file=<filename> :设置用户连接服务器后的显示信息存放在指定的filename文件中connect_timeout=<n> :如果客户机连接服务器超过N秒，则强制断线，默认60accept_timeout=<n> :当使用者以被动模式进行数据传输时，服务器发出passive port指令等待客户机超过N秒，则强制断线，默认60accept_connection_timeout=<n> :设置空闲的数据连接在N秒后中断，默认120data_connection_timeout=<n> : 设置空闲的用户会话在N秒后中断，默认300max_clients=<n> : 在独立启动时限制服务器的连接数，0表示无限制max_per_ip=<n> :在独立启动时限制客户机每IP的连接数，0表示无限制（不知道是否跟多线程下载有没干系）local_enable=<YES/NO> :设置是否支持本地用户帐号访问guest_enable=<YES/NO> :设置是否支持虚拟用户帐号访问write_enable=<YES/NO> :是否开放本地用户的写权限local_umask=<nnn> :设置本地用户上传的文件的生成掩码，默认为077local_max_rate<n> :设置本地用户最大的传输速率，单位为bytes/sec，值为0表示不限制local_root=<file> :设置本地用户登陆后的目录，默认为本地用户的主目录chroot_local_user=<YES/NO> :当为YES时，所有本地用户可以执行chrootchroot_list_enable=<YES/NO> chroot_list_file=<filename> :当chroot_local_user=NO 且 chroot_list_enable=YES时，只有filename文件指定的用户可以执行chrootanonymous_enable=<YES/NO> :设置是否支持匿名用户访问anon_max_rate=<n> :设置匿名用户的最大传输速率，单位为B/s，值为0表示不限制anon_world_readable_only=<YES/NO> 是否开放匿名用户的浏览权限anon_upload_enable=<YES/NO> 设置是否允许匿名用户上传anon_mkdir_write_enable=<YES/NO> :设置是否允许匿名用户创建目录anon_other_write_enable=<YES/NO> :设置是否允许匿名用户其他的写权限（注意，这个在安全上比较重要，一般不建议开，不过关闭会不支持续传）anon_umask=<nnn> :设置匿名用户上传的文件的生成掩码，默认为077

提示

一般只需要设置如下内容

允许匿名访问

Allow anonymous FTP? (Disabled by default)anonymous_enable=YES

上传文件

write_enable=YESanon_mkdir_write_enable=YESanon_upload_enable=YES

权限设置

local_umask=022等同于权限755（即777-022）

配置禁止用户

sudo vim /etc/ftpusers去掉你想登录的账户

个人配置（仅供参考）

# Example config file /etc/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.### Run standalone?  vsftpd can run either from an inetd or as a standalone# daemon started from an initscript.listen=NO## This directive enables listening on IPv6 sockets. By default, listening# on the IPv6 "any" address (::) will accept connections from both IPv6# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6# sockets. If you want that (perhaps because you want to listen on specific# addresses) then you must run two copies of vsftpd with two configuration# files.listen_ipv6=YES## Allow anonymous FTP? (Disabled by default).anonymous_enable=YES## Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will#obviously need to create a directory writable by the FTP user.anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## If enabled, vsftpd will display directory listings with the time# in  your  local  time  zone.  The default is to display GMT. The# times returned by the MDTM FTP command are also affected by this# option.use_localtime=YES## Activate logging of uploads/downloads.xferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/vsftpd.log## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.#xferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.ascii_upload_enable=YESascii_download_enable=YES## You may fully customise the login banner string:ftpd_banner=Welcome to engle's computer!## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd.banned_emails## You may restrict local users to their home directories.  See the FAQ for# the possible risks in this before using chroot_local_user or# chroot_list_enable below.#chroot_local_user=YES## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)#chroot_local_user=YES#chroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd.chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## Customization## Some of vsftpd's settings don't fit the filesystem layout by# default.## This option should be the name of a directory which is empty.  Also, the# directory should not be writable by the ftp user. This directory is used# as a secure chroot() jail at times vsftpd does not require filesystem# access.secure_chroot_dir=/var/run/vsftpd/empty## This string is the name of the PAM service vsftpd will use.pam_service_name=vsftpd## This option specifies the location of the RSA certificate to use for SSL# encrypted connections.rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pemrsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.keyssl_enable=NO## Uncomment this to indicate that vsftpd use a utf8 filesystem.#utf8_filesystem=YES

本人的配置能用于上传和下载。如想实现更多细节功能可以自行参照说明配置