python html5 bootstrap 视频教程
德云社区 门户 IT 编程 Linux & Unix Ubuntu & Debian 查看内容

在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具)

2015-1-19 02:19| 发布者: digitser| 查看: 2491| 评论: 0|原作者: liangsheng

摘要: 在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具) vsftpd 是 “very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 Lin ...
AI人工智能 语音助理 人工翻译 教程

vsftpd“very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 LinuxBSDSolarisHP-UNIX 等平台上。vsftpd 是一个完全免费、开发源代码的 FTP 服务器软件,支持很多其他 FTP 服务器所不支持的特征。譬如:非常高的安全性需求、带宽限制、良好的可伸缩性、可创建虚拟用户、支持 IPv6、速率高、等。


vsftpd 是一款在 Linux 发行版中最受推崇的 FTP 服务器程序。特点是小巧轻快,安全易用。


在开源操作系统中常用的 FTP 套件主要还有 ProFTPDPureFTPdwuftpd 等。

servulogo.jpg
特点

01、vsftpd 以一般身份启动服务,所以对 Linux 系统的使用权限要求较低,对于 Linux 系统的危害就相对减轻了。此外, vsftpd 还利用 chroot() 函数进行改换根目录的动作,使得系统工具不会被 vsftpd 服务所误用;


02、任何需要具有较高执行权限的 vsftpd 指令均以一特殊上层程序 ( parent process ) 所控制 ,该上层程序享有的较高执行权限功能已经被限制的相当低,并以不影响 Linux 系统本身为准;


03、全部来自 clients 端,想要使用这支上层程序所提供的较高执行权限之 vsftpd 指令的需求,均被视为『不可信任的要求』来处理,必需要经过相当程度的身份确认后,方可利用该上层程序功能。譬如:chown()Login 要求、等等动作;


04、此外,上面提到的上层程序中,仍使用 chroot() 功能限制使用者的执行权限。


01、安装 vsftpd 3.0.2

  1. root:# apt-get install vsftpd
  2. 正在读取软件包列表... 完成
  3. 正在分析软件包的依赖关系树      
  4. 正在读取状态信息... 完成      
  5. 下列【新】软件包将被安装:
  6.   vsftpd
  7. 升级了 0 个软件包,新安装了 1 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  8. 需要下载 111 kB 的软件包。
  9. 解压缩后会消耗掉 361 kB 的额外空间。
  10. 获取:1 [url]http://cn.archive.ubuntu.com/ubuntu/[/url] trusty-updates/main vsftpd amd64 3.0.2-1ubuntu2.14.04.1 [111 kB]
  11. 下载 111 kB,耗时 0秒 (285 kB/s)
  12. 正在预设定软件包 ...
  13. Selecting previously unselected package vsftpd.
  14. (正在读取数据库 ... 系统当前共安装有 172281 个文件和目录。)
  15. Preparing to unpack .../vsftpd_3.0.2-1ubuntu2.14.04.1_amd64.deb ...
  16. Unpacking vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  17. Processing triggers for man-db (2.6.7.1-1) ...
  18. Processing triggers for ureadahead (0.100.0-16) ...
  19. 正在设置 vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  20. vsftpd start/running, process 4350
  21. Processing triggers for ureadahead (0.100.0-16) ...
  22. root@npt-Aspire-4920:/home/npt# apt-get install vsftpd
  23. 正在读取软件包列表... 完成
  24. 正在分析软件包的依赖关系树      
  25. 正在读取状态信息... 完成      
  26. vsftpd 已经是最新的版本了。
  27. 升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  28. root:#
复制代码
02、修改 vsftpd.conf 配置文件
  1. root:# vi /etc/vsftpd.conf
复制代码

修改前的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. #write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
复制代码

修改后的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
  151. local_root=/home/ftp
复制代码
03、创建 ftpuser 用户、设置  ftpuser 用户密码、设置 FTP 根目录
  1. root:# useradd -d /home/ftp -m ftpuser
  2. root:# passwd ftpuser
  3. 输入新的 UNIX 密码:
  4. 重新输入新的 UNIX 密码:
  5. passwd:已成功更新密码
  6. root:#
复制代码
04、修改 FTP 根目录权限,创建目录测试是否正常
  1. root:# chmod -R 777 /home/ftp
  2. root:# mkdir /home/ftp/data
  3. root:#
复制代码
05、修改 vsftpd 配置文件

可修正用 useradd 创建帐号,登录 FTP 出现 530 login incorrect

  1. root:# vi /etc/pam.d/vsftpd
复制代码

修改前的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. auth    required    pam_shells.so
复制代码

修改后的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. #auth    required    pam_shells.so
复制代码
06、重启 vsftpd 服务
  1. root:# service vsftpd restart
  2. vsftpd stop/waiting
  3. vsftpd start/running, process 4862
  4. root:#
复制代码

版权声明:

本文为独家原创稿件,版权归 德云社区,未经许可不得转载;否则,将追究其法律责任。


路过

雷人

握手

鲜花

鸡蛋

相关阅读

最新评论

Cython 0.29.6 官方中文文档编制 官方教程 人工翻译 更新日志
Cython 0.29.6 官方中文文档编制 官方教程 人工翻译 更新日志 Cython 0.29.6 中文文档编制采用机器辅助 + 全人工翻译,完全采用 数字翻译 的文档翻译流程进行汉化 (未采用[89/2020-08-08]
Cython 0.29.6 官方中文文档编制 官方教程 手册 全人工翻译
Cython 0.29.6 官方中文文档编制 官方教程 手册 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Cython 0.29.6。 Cython 0.29.6 [151/2020-08-08]
Qt 4.8.7 官方中文文档编制 教程 在线手册 人工翻译 更新日志
Qt 4.8.7 官方中文文档编制 教程 在线手册 人工翻译 更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Qt 4.8.7。 Qt 4.8.7 中文文档[39/2020-08-08]
PyInstaller 3.6 官方中文文档编制 官方教程 人工翻译 更新日志
PyInstaller 3.6 官方中文文档编制 官方教程 人工翻译 更新日志 PyInstaller 3.6 中文文档编制采用机器辅助 + 全人工翻译,完全采用 数字翻译 的文档翻译流程进行汉化 (未[45/2020-08-08]
PyInstaller 3.6 官方中文文档编制 官方教程 手册 全人工翻译
PyInstaller 3.6 官方中文文档编制 官方教程 手册 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 PyInstaller 3.6。 PyInstalle[59/2020-08-08]
Qt 4.8.7 官方中文文档编制 在线手册 官方教程 全人工翻译
Qt 4.8.7 官方中文文档编制 在线手册 官方教程 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 Qt 4.8.7。 Qt 4.8.7 中文文档编[40/2020-08-08]
Python2.7.18 官方中文文档编制 标准库教程 帮助文件 更新日志
Python2.7.18 官方中文文档编制 标准库教程 帮助文件 更新日志 CPython 2.7 原定于 2020 年 01 月 停止维护, 但官方却又于 2020 年 04 月发布了 CPython 2.7.18。 感谢德[43/2020-08-05]
Python3.6.8 官方中文文档编制 标准库教程 帮助文件 更新日志
Python3.6.8 官方中文文档编制 标准库教程 帮助文件 更新日志 网页背景由之前的白色主题,切换成黑色主题,保护视力及增强阅读体验。 完全采用 数字翻译 的文档翻译流程进[42/2020-08-05]
PySide1.2 2.x PyQt4 的 QComboBox.currentTextChanged 信号无响应解决办法
PySide1.2 2.x PyQt4 的 QComboBox.currentTextChanged 信号无响应解决办法 在 PySide1.2 PySide2.x PyQt4 中,使用 QComboBox.currentTextChanged 信号有时会无响应,如下[116/2020-06-29]
OpenCV 4.2.0 官方中文文档编制 官方教程手册 全人工汉化翻译
OpenCV 4.x 官方文档编制 中文教程 全人工翻译 中文在线手册 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 OpenCV 4.2.0。 OpenCV 4.2.0 [205/2020-06-15]
OpenCV 4.2.0 官方中文文档编制 教程手册 全人工翻译 更新日志
OpenCV 4.x 官方文档编制 中文教程 全人工翻译 更新日志 最近把网页背景由白色改为黑色,保护视力,不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本[303/2020-06-15]
CMake 3.x 官方文档编制 中文手册 全人工翻译 更新日志
CMake 3.x 官方文档编制 中文手册 全人工翻译 更新日志 最近把网页背景由白色改为黑色,保护视力,不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为[445/2020-06-15]
CMake 3.x 官方文档编制 中文教程 全人工翻译 中文在线手册
CMake 3.x 官方文档编制 中文教程 全人工翻译 中文在线手册 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 CMake 3.14。 CMake 3.14 中文文[90/2020-06-15]
多功能 高效快速 批处理式 文档翻译工具 人工翻译 手动翻译
多功能 高效快速 批处理式 文档翻译工具 人工翻译 手动翻译 文档翻译及 GUI 翻译,经常需要反复修改及快速重建。若想满足这些要求,批处理技术是最佳选择。 软件开发人员在[75/2020-06-15]
OpenCV ── 以图像处理 算法为主的跨平台开源计算机视觉库
OpenCV ── 以图像处理 算法为主的跨平台开源计算机视觉库 OpenCV 的全称 Open Source Computer Vision Library,又名 “开源计算机视觉库”。OpenCV 是一个开源发行的跨[106/2020-06-15]

Archiver|Sitemap|小黑屋|德云社区   

GMT+8, 2020-9-30 23:15 , Processed in 0.047543 second(s), 28 queries .

工业和信息化部: 粤ICP备14079481号-2

技术支持 乐数软件     版权所有 © 2014-2021 德云社区    

返回顶部