zoukankan      html  css  js  c++  java
  • Ubuntu vsftpd 安装配置

    Ubuntu vsftpd 安装配置
    [日期:2007-11-19] 来源:Linux公社 作者:vsftpd

    1. 安装

    $sudo apt-get install vsftpd

    2. 启动

    $sudo /etc/init.d/vsftpd start

    关闭

    $sudo /etc/init.d/vsfptd stop

    重启

    $sudo /etc/init.d/vsfptd.restart

    3. 配置

    配置文件在/etc/vsftpd.conf。关于配置解释转载自文章:用vsftp建立个ftp站点。

    首先是最基本的配置,请看我的/etc/vsftpd/vsftpd.conf

    ################################################################

    #接受匿名用户

    anonymous_enable=YES

    #匿名用户login时不询问口令

    no_anon_password=YES

    #接受本地用户

    local_enable=YES

    #可以上传(全局控制).若想要匿名用户也可上传则需要设置anon_upload_enable=YES,若想要匿名用户可以建立目录则需要设置anon_mkdir_write_enable=YES.这里禁止匿名用户上传,所以不设置这两项.

    write_enable=YES

    #本地用户上传文件的umask

    local_umask=022

    #使用上传/下载日志,日志文件默认为/var/log/vsftpd.log,可以通过xferlog_file选项修改

    xferlog_enable=YES

    #日志使用标准xferlog格式

    xferlog_std_format=YES

    #login时的欢迎信息

    ftpd_banner=Welcome to KingArthur's FTP service.

    #设置的话将覆盖上面的ftpd_banner设置,用户login时将显示/etc/vsftpd/banner中的内容

    banner_file=/etc/vsftpd/banner

    #为YES则进入目录时显示此目录下由message_file选项指定的文本文件(,默认为.message)的内容

    dirmessage_enable=YES

    #本地用户login后所在目录,若没有设置此项,则本地用户login后将在他的home目录(/etc/passwd的第六个字段)中.匿名用户的对应选项是anon_root

    local_root=/var/ftp

    #设置为YES则下面的控制有效

    chroot_list_enable=YES

    #若为NO,则记录在chroot_list_file选项所指定的文件(默认是/etc/vsftpd.chroot_list)中的用户将被chroot在登录后所在目录中,无法离开.如果为YES,则所记录的用户将不被chroot.这里选择YES.

    chroot_local_user=YES

    #若设置为YES则记录在userlist_file选项指定文件(默认是/etc/vsftpd.user_list)中的用户将无法login,并且将检察下面的userlist_deny选项

    userlist_enable=YES

    #若为NO,则仅接受记录在userlist_file选项指定文件(默认是/etc/vsftpd.user_list)中的用户的login请求.若为YES则不接受这些用户的请求.

    userlist_deny=NO

    #注意!!!vsftpd还要检察/etc/vsftpd.ftpusers文件,记录在这个文件中的用户将无法login!!

    #服务器以standalong模式运行,这样可以进行下面的控制

    listen=YES

    #匿名用户的传输比率(b/s)

    anon_max_rate=51200

    #本地用户的传输比率(b/s)

    local_max_rate=512000

    #可接受的最大client数目

    max_clients=100

    #每个ip的最大client数目

    max_per_ip=5

    connect_from_port_20=YES

    tcp_wrappers=YES

    pam_service_name=vsftpd


    #############################################################

    下面是我的/etc/vsftpd.user_list

    #################################################################

    ftpuser

    anonymous

    ##################################################################

    /etc/vsftpd.ftpusers可以使用系统自带的文件

    /etc/vsftpd.chroot_list内容为空

    接着建立系统用户ftpuser,将他加入ftp组并将/etc/passwd中他的记录的最后一个字段改成/sbin/nologin(禁止本地登录).

    设置/var/ftp的所有者和所有组为root,权限为755

    设置/var/ftp/pub的所有者为root,所有组为ftp,权限为775

    至此vsftpd的基本配置就完成了.这里我们接受匿名用户anonymous和本地用户ftpuser的请求.anonymous只能下载, ftpuser可以下载和上传.他们登录后均在/var/ftp目录下且无法离开这个目录(被chroot了).ftpuser可以在 /var/ftp/pub目录中建立目录和上传文件,上传文件的权限为755(设置了local_umask=022).匿名用户的传输比率为 50kb/s,ftpuser的传输比率为500kb/s.可联接的最多客户数为100,每ip可联接的最多客户数为5.

    如果需要使本地用户ftpput可以login,只需要将他加入/etc/vsftpd.user_list,要使他可以上传,只需将他加入ftp组.

    接着我们可以在/var/ftp下的各个目录(包括/var/ftp)下建立.message文件,这样用户进入这个目录时vsftpd将显示. message的内容,你可以在这里面写上欢迎信息或者注意事项等等.另外可以编辑/etc/vsftpd/banner,建立login时的欢迎信息, 让你的ftp更加个性化.

    下面我们使用quota为ftpuser加入磁盘限额,避免恶意用户用垃圾数据塞满你的硬盘.

    假设/var/ftp在根分区/(/dev/hda5)中,则将/etc/fstab中根分区的记录的第4个字段改成defaults,usrquota,这样这条记录看起来类似这样:

    LABEL=/ / ext3 defaults,usrquota 1 1

    接着重启系统后输入下列命令:

    quotacheck -acu #检查启用了配额的文件系统,并为每个文件系统建立一个当前磁盘用来的表

    quotacheck -avu #生成每个启用了配额的文件系统的当前磁盘用量表

    edquota ftpuser #为用户ftpuser设置磁盘配额

    这时系统会在默认文本编辑器(vi)中打开配额文件,显示类似这样:

    Disk quotas for user ftpuser (uid 501):

    Filesystem blocks soft hard inodes soft hard

    /dev/hda5 0 0 0 0 0 0

    第一列是启用了配额的文件系统的名称。第二列显示了用户当前使用的块数。随后的两列用来设置用户在该文件系统上的软硬块限度。inodes 列显示了用户当前使用的i节点数量。最后两列用来设置用户在该文件系统上的软硬i节点限度.硬限是用户或组群可以使用的磁盘空间的绝对最大值。达到了该限度后,磁盘空间就不能再被用户或组群使用了。软限定义可被使用的最大磁盘空间量。和硬限不同的是,软限可以在一段时期内被超过。这段时期被称为过渡期(grace period)。过渡期可以用秒钟、分钟、小时、天数、周数、或月数表示。如果以上值中的任何一个被设置为 0,那个限度就不会被设置.按你的需要修改后存盘推出.

    要校验用户的配额是否被设置,使用以下命令:

    quota testuser

    接着使用edquota -t来设置过渡期(grace period)

    和另一个 edquota 命令相似,这个命令也会在文本编辑器中打开当前的文件系统配额:

    Grace period before enforcing soft limits for users:

    Time units may be: days, hours, minutes, or seconds

    Filesystem Block grace period Inode grace period

    /dev/hda5 7days 7days

    按你的需要修改后存盘退出

    vsftpd.conf  demo

    --------------------------------------------------------------------------------------------------

    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone?  vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    ascii_upload_enable=YES
    ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories.  See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    #chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    chroot_list_enable=YES
    # (default follows)
    chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default.  These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty.  Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    # This option specifies the location of the RSA key to use for SSL
    # encrypted connections.
    #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    #local_root = /home/ftp

    ----------------------------------------------------------------------------------------------------------------

  • 相关阅读:
    怎样从基本原理解释复制型共享账本的价值
    BZOJ3223:文艺平衡树——超详细题解
    BZOJ3223:文艺平衡树——超详细题解
    BZOJ3223:文艺平衡树——超详细题解
    BZOJ3223:文艺平衡树——超详细题解
    my stackoverflow
    my stackoverflow
    my stackoverflow
    my stackoverflow
    STM32 Flash 永久用户数据空间
  • 原文地址:https://www.cnblogs.com/adolfmc/p/2711982.html
Copyright © 2011-2022 走看看