python html5 bootstrap 视频教程
德云社区 门户 IT 编程 Linux & Unix Ubuntu & Debian 查看内容

在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具)

2015-1-19 02:19| 发布者: digitser| 查看: 2746| 评论: 0|原作者: liangsheng

摘要: 在 Ubuntu Server 14.04 下安装 vsftpd 3.0.2(FPT 上传、下载工具) vsftpd 是 “very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 Lin ...
自动立式分页纸箱赋码系统 ── 全自动 专业 立式分页 瓦楞纸 水性油墨 贴标 喷码 检测系统

vsftpd“very secure FTP daemon” 的缩写,安全性是它的最大特点。vsftpd 是一个 UNIX 类操作系统上运行的 FTP 服务器名字,它可以运行在 LinuxBSDSolarisHP-UNIX 等平台上。vsftpd 是一个完全免费、开发源代码的 FTP 服务器软件,支持很多其他 FTP 服务器所不支持的特征。譬如:非常高的安全性需求、带宽限制、良好的可伸缩性、可创建虚拟用户、支持 IPv6、速率高、等。


vsftpd 是一款在 Linux 发行版中最受推崇的 FTP 服务器程序。特点是小巧轻快,安全易用。


在开源操作系统中常用的 FTP 套件主要还有 ProFTPDPureFTPdwuftpd 等。

servulogo.jpg
特点

01、vsftpd 以一般身份启动服务,所以对 Linux 系统的使用权限要求较低,对于 Linux 系统的危害就相对减轻了。此外, vsftpd 还利用 chroot() 函数进行改换根目录的动作,使得系统工具不会被 vsftpd 服务所误用;


02、任何需要具有较高执行权限的 vsftpd 指令均以一特殊上层程序 ( parent process ) 所控制 ,该上层程序享有的较高执行权限功能已经被限制的相当低,并以不影响 Linux 系统本身为准;


03、全部来自 clients 端,想要使用这支上层程序所提供的较高执行权限之 vsftpd 指令的需求,均被视为『不可信任的要求』来处理,必需要经过相当程度的身份确认后,方可利用该上层程序功能。譬如:chown()Login 要求、等等动作;


04、此外,上面提到的上层程序中,仍使用 chroot() 功能限制使用者的执行权限。


01、安装 vsftpd 3.0.2

  1. root:# apt-get install vsftpd
  2. 正在读取软件包列表... 完成
  3. 正在分析软件包的依赖关系树      
  4. 正在读取状态信息... 完成      
  5. 下列【新】软件包将被安装:
  6.   vsftpd
  7. 升级了 0 个软件包,新安装了 1 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  8. 需要下载 111 kB 的软件包。
  9. 解压缩后会消耗掉 361 kB 的额外空间。
  10. 获取:1 [url]http://cn.archive.ubuntu.com/ubuntu/[/url] trusty-updates/main vsftpd amd64 3.0.2-1ubuntu2.14.04.1 [111 kB]
  11. 下载 111 kB,耗时 0秒 (285 kB/s)
  12. 正在预设定软件包 ...
  13. Selecting previously unselected package vsftpd.
  14. (正在读取数据库 ... 系统当前共安装有 172281 个文件和目录。)
  15. Preparing to unpack .../vsftpd_3.0.2-1ubuntu2.14.04.1_amd64.deb ...
  16. Unpacking vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  17. Processing triggers for man-db (2.6.7.1-1) ...
  18. Processing triggers for ureadahead (0.100.0-16) ...
  19. 正在设置 vsftpd (3.0.2-1ubuntu2.14.04.1) ...
  20. vsftpd start/running, process 4350
  21. Processing triggers for ureadahead (0.100.0-16) ...
  22. root@npt-Aspire-4920:/home/npt# apt-get install vsftpd
  23. 正在读取软件包列表... 完成
  24. 正在分析软件包的依赖关系树      
  25. 正在读取状态信息... 完成      
  26. vsftpd 已经是最新的版本了。
  27. 升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 398 个软件包未被升级。
  28. root:#
复制代码
02、修改 vsftpd.conf 配置文件
  1. root:# vi /etc/vsftpd.conf
复制代码

修改前的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. #write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
复制代码

修改后的配置文件

  1. # Example config file /etc/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. #
  12. # Run standalone?  vsftpd can run either from an inetd or as a standalone
  13. # daemon started from an initscript.
  14. listen=YES
  15. #
  16. # Run standalone with IPv6?
  17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
  18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
  19. # exclusive.
  20. #listen_ipv6=YES
  21. #
  22. # Allow anonymous FTP? (Disabled by default)
  23. anonymous_enable=NO
  24. #
  25. # Uncomment this to allow local users to log in.
  26. local_enable=YES
  27. #
  28. # Uncomment this to enable any form of FTP write command.
  29. write_enable=YES
  30. #
  31. # Default umask for local users is 077. You may wish to change this to 022,
  32. # if your users expect that (022 is used by most other ftpd's)
  33. #local_umask=022
  34. #
  35. # Uncomment this to allow the anonymous FTP user to upload files. This only
  36. # has an effect if the above global write enable is activated. Also, you will
  37. # obviously need to create a directory writable by the FTP user.
  38. #anon_upload_enable=YES
  39. #
  40. # Uncomment this if you want the anonymous FTP user to be able to create
  41. # new directories.
  42. #anon_mkdir_write_enable=YES
  43. #
  44. # Activate directory messages - messages given to remote users when they
  45. # go into a certain directory.
  46. dirmessage_enable=YES
  47. #
  48. # If enabled, vsftpd will display directory listings with the time
  49. # in  your  local  time  zone.  The default is to display GMT. The
  50. # times returned by the MDTM FTP command are also affected by this
  51. # option.
  52. use_localtime=YES
  53. #
  54. # Activate logging of uploads/downloads.
  55. xferlog_enable=YES
  56. #
  57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  58. connect_from_port_20=YES
  59. #
  60. # If you want, you can arrange for uploaded anonymous files to be owned by
  61. # a different user. Note! Using "root" for uploaded files is not
  62. # recommended!
  63. #chown_uploads=YES
  64. #chown_username=whoever
  65. #
  66. # You may override where the log file goes if you like. The default is shown
  67. # below.
  68. #xferlog_file=/var/log/vsftpd.log
  69. #
  70. # If you want, you can have your log file in standard ftpd xferlog format.
  71. # Note that the default log file location is /var/log/xferlog in this case.
  72. #xferlog_std_format=YES
  73. #
  74. # You may change the default value for timing out an idle session.
  75. #idle_session_timeout=600
  76. #
  77. # You may change the default value for timing out a data connection.
  78. #data_connection_timeout=120
  79. #
  80. # It is recommended that you define on your system a unique user which the
  81. # ftp server can use as a totally isolated and unprivileged user.
  82. #nopriv_user=ftpsecure
  83. #
  84. # Enable this and the server will recognise asynchronous ABOR requests. Not
  85. # recommended for security (the code is non-trivial). Not enabling it,
  86. # however, may confuse older FTP clients.
  87. #async_abor_enable=YES
  88. #
  89. # By default the server will pretend to allow ASCII mode but in fact ignore
  90. # the request. Turn on the below options to have the server actually do ASCII
  91. # mangling on files when in ASCII mode.
  92. # Beware that on some FTP servers, ASCII support allows a denial of service
  93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  94. # predicted this attack and has always been safe, reporting the size of the
  95. # raw file.
  96. # ASCII mangling is a horrible feature of the protocol.
  97. #ascii_upload_enable=YES
  98. #ascii_download_enable=YES
  99. #
  100. # You may fully customise the login banner string:
  101. #ftpd_banner=Welcome to blah FTP service.
  102. #
  103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  104. # useful for combatting certain DoS attacks.
  105. #deny_email_enable=YES
  106. # (default follows)
  107. #banned_email_file=/etc/vsftpd.banned_emails
  108. #
  109. # You may restrict local users to their home directories.  See the FAQ for
  110. # the possible risks in this before using chroot_local_user or
  111. # chroot_list_enable below.
  112. #chroot_local_user=YES
  113. #
  114. # You may specify an explicit list of local users to chroot() to their home
  115. # directory. If chroot_local_user is YES, then this list becomes a list of
  116. # users to NOT chroot().
  117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
  118. # the user does not have write access to the top level directory within the
  119. # chroot)
  120. #chroot_local_user=YES
  121. #chroot_list_enable=YES
  122. # (default follows)
  123. #chroot_list_file=/etc/vsftpd.chroot_list
  124. #
  125. # You may activate the "-R" option to the builtin ls. This is disabled by
  126. # default to avoid remote users being able to cause excessive I/O on large
  127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  128. # the presence of the "-R" option, so there is a strong case for enabling it.
  129. #ls_recurse_enable=YES
  130. #
  131. # Customization
  132. #
  133. # Some of vsftpd's settings don't fit the filesystem layout by
  134. # default.
  135. #
  136. # This option should be the name of a directory which is empty.  Also, the
  137. # directory should not be writable by the ftp user. This directory is used
  138. # as a secure chroot() jail at times vsftpd does not require filesystem
  139. # access.
  140. secure_chroot_dir=/var/run/vsftpd/empty
  141. #
  142. # This string is the name of the PAM service vsftpd will use.
  143. pam_service_name=vsftpd
  144. #
  145. # This option specifies the location of the RSA certificate to use for SSL
  146. # encrypted connections.
  147. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  148. # This option specifies the location of the RSA key to use for SSL
  149. # encrypted connections.
  150. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
  151. local_root=/home/ftp
复制代码
03、创建 ftpuser 用户、设置  ftpuser 用户密码、设置 FTP 根目录
  1. root:# useradd -d /home/ftp -m ftpuser
  2. root:# passwd ftpuser
  3. 输入新的 UNIX 密码:
  4. 重新输入新的 UNIX 密码:
  5. passwd:已成功更新密码
  6. root:#
复制代码
04、修改 FTP 根目录权限,创建目录测试是否正常
  1. root:# chmod -R 777 /home/ftp
  2. root:# mkdir /home/ftp/data
  3. root:#
复制代码
05、修改 vsftpd 配置文件

可修正用 useradd 创建帐号,登录 FTP 出现 530 login incorrect

  1. root:# vi /etc/pam.d/vsftpd
复制代码

修改前的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. auth    required    pam_shells.so
复制代码

修改后的配置文件

  1. # Standard behaviour for ftpd(8).
  2. auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

  3. # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

  4. # Standard pam includes
  5. @include common-account
  6. @include common-session
  7. @include common-auth
  8. #auth    required    pam_shells.so
复制代码
06、重启 vsftpd 服务
  1. root:# service vsftpd restart
  2. vsftpd stop/waiting
  3. vsftpd start/running, process 4862
  4. root:#
复制代码

版权声明:

本文为独家原创稿件,版权归 德云社区,未经许可不得转载;否则,将追究其法律责任。


路过

雷人

握手

鲜花

鸡蛋
AI人工智能 语音助理 人工翻译 教程

相关阅读

最新评论

Python 3.9.7 非官方中文文档编制 手册帮助文件 人工翻译
Python 3.9.7 非官方中文文档编制 手册帮助文件 人工翻译 网页背景由之前的白色主题,切换成黑色主题,保护视力及增强阅读体验。 感谢 德云社区 和 乐数软件 的支持,由本[21/7 天前]
Cython 模块扩展 - 编程语言 替代实现 应用领域 汇总一览
Python 模块扩展 - 编程语言 替代实现 应用领域 汇总一览 Python 本身是一种编程语言规范,可以使用其它编程语言实现它或扩展它;譬如:采有 Python C Java .Net 等重实现[15/2021-09-11]
Python 3.4.4 非官方中文文档编制 手册帮助文件 人工翻译
Python 3.4.4 非官方中文文档编制 手册帮助文件 人工翻译 网页背景由之前的白色主题,切换成黑色主题,保护视力及增强阅读体验。 感谢德云社区 广州德数 乐数软件 的支持[57/2021-08-29]
从 Qt 6.0 起移除QtWidgets::QDesktopWidget 之后使用QtGui::QScreen 代替
从 Qt 6.0 起移除QtWidgets :: QDesktopWidget 之后使用QtGui :: QScreen 代替 QtWidgets :: QDesktopWidget 在 Qt 5.9 中还有不少独立定义函数、信号、重实现保护函数,但[47/2021-08-24]
gb18030-2005 - 含少数民族文字 70000个汉字的中文字符编码集
gb18030-2005 - 含少数民族文字 70000个汉字的中文字符编码集 GB18030有两个版本:GB18030-2000和GB18030-2005。 GB18030-2005与GB18030-2000的编码体系结构是完全相同的[71/2021-08-12]
Django - 采用MTV模式 BSD协议的Python自由开源Web应用框架
Django - 采用MTV模式 BSD协议的Python自由开源Web应用框架 Django(发音:)是一种用python语言编写的,可快速开发、实用雅洁的自由开源高级web应用框架(open source web fr[98/2021-07-31]
Wing IDE - 快速 功能强大的Python Django PyQt集成开发环境
Wing IDE - 快速 功能强大的Python Django PyQt集成开发环境 Wing IDE是Python语言集成开发环境IDE,包含大量语法标签高亮显示。与其他类似IDE相比,其最大特色是可以调试[44/2021-07-31]
PyPDF2 1.26.0 官方中文文档编制 中文手册 中文帮助 更新日志
PyPDF2 1.26.0 官方中文文档编制 中文手册 中文帮助 更新日志 本文档编制还适于 PyPDF3 新版用户。 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译[36/2021-07-28]
PyPDF2 1.26.0 官方中文文档编制 中文手册 中文帮助 全人工翻译
PyPDF2 1.26.0 官方中文文档编制 中文手册 中文帮助 全人工翻译 本文档编制还适于 PyPDF3 新版用户。 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻[93/2021-07-28]
OpenPyXL 3.0.7 官方中文文档编制 中文手册帮助 全人工翻译
OpenPyXL 3.0.7 官方中文文档编制 中文手册帮助 全人工翻译 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 OpenPyXL 3.0.7。 OpenPyXL 3.0.[68/2021-07-28]
OpenPyXL 3.0.7 官方中文文档编制 中文手册帮助 更新日志
OpenPyXL 3.0.7 官方中文文档编制 中文手册帮助 更新日志 以后不再上传 en-US 官方原版文档编制,目前上传的最新 zh-CN 人工翻译版本为 OpenPyXL 3.0.7。 OpenPyXL 3.0.7 [43/2021-07-28]
Microsoft .NET 4.6.1 for Win7 SP1-10 x86-x64-AllOS-ENU 官方离线安装包
Microsoft .NET 4.6.1 for Win7 SP1-10 x86-x64-AllOS-ENU 官方离线安装包 注意:Microsoft .NET 4.6.2 不支持 Win7 SP1。 Microsoft .NET 4.6.1 发行于 2015/11/17,支持[59/2021-07-18]
Visual Studio Community 2017 2019 - 简化版微软 VC 构建编译工具
Visual Studio Community 2017 2019 - 简化版微软 VC 构建编译工具 Visual Studio Community 2017 版和 Visual Studio Community 2019 版安装包体积过大,安装占用空间多时[49/2021-07-18]
PotPlayer - 功能强大 内置解码器齐全 以VC++编写的播放器
PotPlayer - 功能强大 内置解码器齐全 以VC++编写的播放器 PotPlayer 是 KMPlayer 的 (韩国) 原制作者姜龙喜先生进入 Daum 公司后用 C++ 完全重写的新一代播放器作品。PotP[199/2021-06-20]
数字 Python IDE 2021 注册机 注册码生成器 附详细破解方法
数字 Python IDE 2021 注册机 注册码生成器 附详细破解方法 完整 完美破解补丁 注册机 注册码生成器,破解后与 VIP 客户在功能方面没有任何区别。 数字 Python IDE 和数[133/2021-06-17]

Archiver|Sitemap|小黑屋|德云社区   

GMT+8, 2021-9-19 09:38 , Processed in 0.033087 second(s), 28 queries .

工业和信息化部: 粤ICP备14079481号-2

技术支持 乐数软件     版权所有 © 2014-2021 德云社区    

返回顶部