python html5 bootstrap 视频教程
德云社区 门户 IT 编程 Linux & Unix Ubuntu & Debian 查看内容

在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具)

2015-1-19 02:19| 发布者: digitser| 查看: 3402| 评论: 0|原作者: liangsheng

摘要: 在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具) vsftpd 是 “very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 Lin ...
自动立式分页纸箱赋码系统 ── 全自动 专业 立式分页 瓦楞纸 水性油墨 贴标 喷码 检测系统

vsftpd“very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 LinuxBSDSolarisHP-UNIX 等平台上。vsftpd 是一个完全免费、开发源代码的 FTP 服务器软件,支持很多其他 FTP 服务器所不支持的特征。譬如:非常高的安全性需求、带宽限制、良好的可伸缩性、可创建虚拟用户、支持 IPv6、速率高、等。


vsftpd 是一款在 Linux 发行版中最受推崇的 FTP 服务器程序。特点是小巧轻快,安全易用。


在开源操作系统中常用的 FTP 套件主要还有 ProFTPDPureFTPdwuftpd 等。

servulogo.jpg
特点

01、vsftpd 以一般身份启动服务,所以对 Linux 系统的使用权限要求较低,对于 Linux 系统的危害就相对减轻了。此外, vsftpd 还利用 chroot() 函数进行改换根目录的动作,使得系统工具不会被 vsftpd 服务所误用;


02、任何需要具有较高执行权限的 vsftpd 指令均以一特殊上层程序 ( parent process ) 所控制 ,该上层程序享有的较高执行权限功能已经被限制的相当低,并以不影响 Linux 系统本身为准;


03、全部来自 clients 端,想要使用这支上层程序所提供的较高执行权限之 vsftpd 指令的需求,均被视为『不可信任的要求』来处理,必需要经过相当程度的身份确认后,方可利用该上层程序功能。譬如:chown()Login 要求、等等动作;


04、此外,上面提到的上层程序中,仍使用 chroot() 功能限制使用者的执行权限。


01、安装 vsftpd 3.0.2

  1. root:# apt-get install vsftpd
  2. 正在读取软件包列表... 完成
  3. 正在分析软件包的依赖关系树      
  4. 正在读取状态信息... 完成      
  5. 下列【新】软件包将被安装:
  6.   vsftpd
  7. 升级了 0 个软件包,新安装了 1 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  8. 需要下载 111 kB 的软件包。
  9. 解压缩后会消耗掉 361 kB 的额外空间。
  10. 获取:1 [url]http://cn.archive.ubuntu.com/ubuntu/[/url] trusty-updates/main vsftpd amd64 3.0.2-1ubuntu2.14.04.1 [111 kB]
  11. 下载 111 kB,耗时 0秒 (285 kB/s)
  12. 正在预设定软件包 ...
  13. Selecting previously unselected package vsftpd.
  14. (正在读取数据库 ... 系统当前共安装有 172281 个文件和目录。)
  15. Preparing to unpack .../vsftpd_3.0.2-1ubuntu2.14.04.1_amd64.deb ...
  16. Unpacking vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  17. Processing triggers for man-db (2.6.7.1-1) ...
  18. Processing triggers for ureadahead (0.100.0-16) ...
  19. 正在设置 vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  20. vsftpd start/running, process 4350
  21. Processing triggers for ureadahead (0.100.0-16) ...
  22. root@npt-Aspire-4920:/home/npt# apt-get install vsftpd
  23. 正在读取软件包列表... 完成
  24. 正在分析软件包的依赖关系树      
  25. 正在读取状态信息... 完成      
  26. vsftpd 已经是最新的版本了。
  27. 升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  28. root:#
复制代码
02、修改 vsftpd.conf 配置文件
  1. root:# vi /etc/vsftpd.conf
复制代码

修改前的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. #write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
复制代码

修改后的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
  151. local_root=/home/ftp
复制代码
03、创建 ftpuser 用户、设置  ftpuser 用户密码、设置 FTP 根目录
  1. root:# useradd -d /home/ftp -m ftpuser
  2. root:# passwd ftpuser
  3. 输入新的 UNIX 密码:
  4. 重新输入新的 UNIX 密码:
  5. passwd:已成功更新密码
  6. root:#
复制代码
04、修改 FTP 根目录权限,创建目录测试是否正常
  1. root:# chmod -R 777 /home/ftp
  2. root:# mkdir /home/ftp/data
  3. root:#
复制代码
05、修改 vsftpd 配置文件

可修正用 useradd 创建帐号,登录 FTP 出现 530 login incorrect

  1. root:# vi /etc/pam.d/vsftpd
复制代码

修改前的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. auth    required    pam_shells.so
复制代码

修改后的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. #auth    required    pam_shells.so
复制代码
06、重启 vsftpd 服务
  1. root:# service vsftpd restart
  2. vsftpd stop/waiting
  3. vsftpd start/running, process 4862
  4. root:#
复制代码

版权声明:

本文为独家原创稿件,版权归 德云社区,未经许可不得转载;否则,将追究其法律责任。


路过

雷人

握手

鲜花

鸡蛋
AI人工智能 语音助理 人工翻译 教程

相关阅读

最新评论

CSS3 官方中文文档编制 手册教程 人工翻译 更新日志
CSS3 官方中文文档编制 手册教程 人工翻译 更新日志 CSS3 中文文档编制采用机器辅助 + 全人工翻译,完全采用 数字翻译 的文档翻译流程进行汉化 (未采用任何第 3 方工具),[874/2022-07-31]
CSS3 官方中文文档编制 手册教程 帮助文件 人工翻译
CSS3 官方中文文档编制 手册教程 帮助文件 人工翻译 CSS3 中文文档编制采用机器辅助 + 全人工翻译,完全采用 数字翻译 的文档翻译流程进行汉化 (未采用任何第 3 方工具),[995/2022-07-31]
SolidWorks 2020 非对称Conic Rho圆角 抽壳出现模型穿刺
SolidWorks 2020 非对称Conic Rho圆角 抽壳出现模型穿刺 标准对称圆角最常用,但有时偶尔也会用到非对称圆角。 特别是模具、五金、电子、手饰、汽车、家具、玩具、等对圆[873/2022-05-25]
NumPy 1.22 官方中文文档编制 手册帮助 更新日志
NumPy 1.22 官方中文文档编制 手册帮助 更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 NumPy 1.22。 NumPy 1.22 中文文档编制采用[566/2022-05-22]
NumPy 1.22 官方中文文档编制 手册帮助 全人工翻译
NumPy 1.22 官方中文文档编制 手册帮助 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 NumPy 1.22。 NumPy 1.22 中文文档编制采[639/2022-05-22]
Pillow 9.1.1 官方中文文档编制 手册帮助 更新日志
Pillow 9.1.1 官方中文文档编制 手册帮助 更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Pillow 9.1.1。 Pillow 9.1.1 中文文档编[610/2022-05-22]
Pillow 9.1.1 官方中文文档编制 手册帮助 全人工翻译
Pillow 9.1.1 官方中文文档编制 手册帮助 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Pillow 9.1.1。 Pillow 9.1.1 中文文档[561/2022-05-22]
PyMuPDF 1.19.6 官方中文文档编制 手册帮助 更新日志
PyMuPDF 1.19.6 官方中文文档编制 手册帮助 更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 PyMuPDF 1.19.6。 PyMuPDF 1.19.6 中文[1138/2022-05-22]
PyMuPDF 1.19.6 官方中文文档编制 手册帮助 全人工翻译
PyMuPDF 1.19.6 官方中文文档编制 手册帮助 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 PyMuPDF 1.19.6。 PyMuPDF 1.19.6 中[975/2022-05-22]
Qt 6.3.0 官方中文文档编制 手册教程 帮助文件 人工翻译
Qt 6.3.0 官方中文文档编制 手册教程 帮助文件 人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Qt 6.3.0。 Qt 6.3.0 中文文档编制[2429/2022-05-02]
Qt 6.3.0 官方中文文档编制 手册教程 人工翻译更新日志
Qt 6.3.0 官方中文文档编制 手册教程 人工翻译更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Qt 6.3.0。 Qt 6.3.0 中文文档编制采[2013/2022-05-02]
MAGIX Music Maker Premium - 易学易用 功能强大的可视化编曲软件
MAGIX Music Maker Premium - 易学易用 功能强大的可视化编曲软件 MAGIX Music Maker 是德国 Magix 出品的可视化编曲软件,功能强大、使用简单、容易上手。 MAGIX Music Ma[1724/2022-04-11]
MQTT - 消息队列遥测技术 M2M机器到机器 IoT物联网 通信协议
MQTT - 消息队列遥测技术 M2M机器到机器 IoT物联网 通信协议 MQTT 是 Message Queuing Telemetry Transport 的缩写,中文译为消息队列遥测传输。 MQTT 是 ISO 标准 (ISO/I[603/2022-02-24]
数字 Python IDE 2022 注册机 注册码生成器 附详细破解方法
数字 Python IDE 2022 注册机 注册码生成器 附详细破解方法 数字 Python IDE 目前还在不断研发 进步中,虽不太成熟,但其新理念很有特色 特别适于多版本 多文档 多工程并行[666/2022-02-01]
数字翻译 2022 注册机 注册码生成器 内存破解器 附详细用法
数字翻译 2022 注册机 注册码生成器 内存破解器 附详细用法 数字翻译目前还在不断研发 进步中,虽不太成熟,但其新理念很有特色 特别适于 HTML 文档本地化 (面向高精度 超[617/2022-02-01]

Archiver|Sitemap|小黑屋|德云社区   

GMT+8, 2024-4-16 12:52 , Processed in 0.028433 second(s), 28 queries .

工业和信息化部: 粤ICP备14079481号-2

技术支持 乐数软件     版权所有 © 2014-2021 德云社区    

返回顶部