摘自:https://blog.csdn.net/soslinken/article/details/79304076
1.卸载vsftpd
1 apt-get remove vsftpd 2 #apt-get purge vsftpd #如上面命令无法卸载,尝试该命令
2.安装vsftp
1 apt-get install vsftpd
3.配置用户
1 useradd -m -d /home/f202 -s /bin/bash f202 2 passwd f202
4.修改配置
vim /etc/vsftpd.conf
1 #禁止匿名访问 2 anonymous_enable=NO 3 #接受本地用户 4 local_enable=YES 5 #允许上传 6 write_enable=YES 7 #允许utf8识别 8 utf8_filesystem=YES 9 #防止报500错 10 seccomp_sandbox=NO 11 #设置用户只访问自己跟目录 12 local_root=/home/f202/ 13 #禁止返回上一级 14 chroot_local_user=YES 15 chroot_list_enable=YES 16 #允许返回上级目录的用户放在/etc/vsftpd.chroot_list中,一行一个用户名,若没有/etc/vsftpd.chroot_list,则需要新建一个,否则登录会报错 17 chroot_list_file=/etc/vsftpd.chroot_list
5.重启vsftpd服务
1 service vsftpd restart 2 service vsftpd status
6.测试ftp服务
打开浏览器,使用ftp:IP地址,输入用户名和密码进入即可。
7.报错处理
报错:500 OOPS: vsftpd: refusing to run with writable root inside chroot()
从2.3.5之后,vsftpd增强了安全检查,如果用户被限定在了其主目录下,则该用户的主目录不能再具有写权限了!如果检查发现还有写权限,就会报该错误。需要在vsftpd的配置文件vsftpd.conf中增加下列:
1 allow_writeable_chroot=YES
报错:500 OOPS: cannot change directory
创建用户的时候漏掉-m参数,导致当前登录的用户没有对应目录的权限,在/home/目录下,使用ll命令可以查看文件夹是否在对应用户权限。
若报此错误,需要使用“userdel -r 用户名”命令删除用户,重新按照步骤2创建用户
完整的vsftpd.conf文件如下:
1 --- /etc/vsftpd.conf.orig 2018-02-08 13:39:05.983282023 +0800 2 +++ /etc/vsftpd.conf 2018-02-10 11:14:15.584088172 +0800 3 @@ -28,11 +28,11 @@ 4 local_enable=YES 5 # 6 # Uncomment this to enable any form of FTP write command. 7 -#write_enable=YES 8 +write_enable=YES 9 # 10 # Default umask for local users is 077. You may wish to change this to 022, 11 # if your users expect that (022 is used by most other ftpd's) 12 -#local_umask=022 13 +local_umask=022 14 # 15 # Uncomment this to allow the anonymous FTP user to upload files. This only 16 # has an effect if the above global write enable is activated. Also, you will 17 @@ -67,11 +67,11 @@ 18 # 19 # You may override where the log file goes if you like. The default is shown 20 # below. 21 -#xferlog_file=/var/log/vsftpd.log 22 +xferlog_file=/var/log/vsftpd.log 23 # 24 # If you want, you can have your log file in standard ftpd xferlog format. 25 # Note that the default log file location is /var/log/xferlog in this case. 26 -#xferlog_std_format=YES 27 +xferlog_std_format=YES 28 # 29 # You may change the default value for timing out an idle session. 30 #idle_session_timeout=600 31 @@ -100,7 +100,7 @@ 32 #ascii_download_enable=YES 33 # 34 # You may fully customise the login banner string: 35 -#ftpd_banner=Welcome to blah FTP service. 36 +ftpd_banner=Welcome Lincoln Linux FTP Service. 37 # 38 # You may specify a file of disallowed anonymous e-mail addresses. Apparently 39 # useful for combatting certain DoS attacks. 40 @@ -120,9 +120,9 @@ 41 # the user does not have write access to the top level directory within the 42 # chroot) 43 #chroot_local_user=YES 44 -#chroot_list_enable=YES 45 +chroot_list_enable=YES 46 # (default follows) 47 -#chroot_list_file=/etc/vsftpd.chroot_list 48 +chroot_list_file=/etc/vsftpd.chroot_list 49 # 50 # You may activate the "-R" option to the builtin ls. This is disabled by 51 # default to avoid remote users being able to cause excessive I/O on large 52 @@ -142,7 +142,7 @@ 53 secure_chroot_dir=/var/run/vsftpd/empty 54 # 55 # This string is the name of the PAM service vsftpd will use. 56 -pam_service_name=vsftpd 57 +pam_service_name=ftp 58 # 59 # This option specifies the location of the RSA certificate to use for SSL 60 # encrypted connections. 61 @@ -152,4 +152,8 @@ 62 63 # 64 # Uncomment this to indicate that vsftpd use a utf8 filesystem. 65 -#utf8_filesystem=YES 66 +utf8_filesystem=YES 67 +userlist_enable=YES 68 +userlist_deny=NO 69 +userlist_file=/etc/vsftpd.user_list 70 +allow_writeable_chroot=YES
添加vsftpd 登录用户
在/etc/vsftpd.user_list中添加允许登录ftp 的用户 f202
1 #新建文件/etc/vsftpd.user_list,用于存放允许访问ftp的用户: 2 $ sudo touch /etc/vsftpd.user_list 3 $ sudo vim /etc/vsftpd.user_list
添加vsftpd登录用户对目录树的权限
1 #新建文件/etc/vsftpd.chroot_list,设置可列出、切换目录的用户: 2 $ sudo touch /etc/vsftpd.chroot_list 3 $ sudo vim /etc/vsftpd.chroot_list
在/etc/vsftpd.chroot_list 设置可列出、切换目录的用户 f202
重启 vsftpd 服务
1 $ sudo service vsftpd restart