vsftpd的安装及使用问题

安装了fedora有一年了，还没搞懂怎么使用ftp，真是惭愧。今天下定决心解决这个问题。

 

关于安装

从网上下载了vsftpd源码包，vsftpd-2.1.0.tar.gz。

 

tar –zxf vsftpd-2.1.0.tar.gz 解压

安装：

make,

make insatall

 

cp vsftpd.conf /etc

 

配置文件

vsftpd.conf 的主要内容，有些项目屏蔽掉需要去掉屏蔽字符“#”。

以下红色部分我认为是很重要的，缺少了可能ftp有问题，紫色的是辅助功能。

anonymous_enable=NO

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

#

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

"/etc/vsftpd.conf" [readonly] 119L, 4514C

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# You may override where the log file goes if you like. The default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

#

# If you want, you can have your log file in standard ftpd xferlog format.

# Note that the default log file location is /var/log/xferlog in this case.

#xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

 

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

#ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd.banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd.chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

#

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

#这是本人增加的

listen=YES

listen_port=21

#

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd whith two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

 

#这是本人增加的

userlist_enable=YES #这个是支持用户列表屏蔽，凡是在列表中的用户都禁止ftp。

pam_service_name=vsftpd  #这个相当关键，后面讲。

userlist_file=/etc/vsftpd.user_list  #用户列表的绝对路径

check_shell=NO    #这个说是不检查用户shell

 

 

 

启动

使用root帐号登录

[root@localhost etc]# which vsftpd

/usr/local/sbin/vsftpd

启动：

/usr/local/sbin/vsftpd &

 

 

本地登录

[root@localhost etc]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 (vsFTPd 2.1.0)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): xjf

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.

 

本地用户不能登录的解决方法

密码是对的，但提示登录不了。于是根据“530 Login incorrect” google了一大堆问题以及所谓的解决方法，结果都没有用。最后，在vsftpd的安装目录中的FAQ中找到了答案。

 

其中有一段是关于本地用户不能登录的一些解决办法，红色这段正式我遇到的问题的解决之道。
Q) Help! Local users cannot log in.

A) There are various possible problems.

A1) By default, vsftpd disables any logins other than anonymous logins. Put

local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.

A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to

find out whether this has happened or not). If vsftpd links with PAM, then

you will need to have a PAM file installed for the vsftpd service. There is

a sample one for RedHat systems included in the "RedHat" directory - put it

under /etc/pam.d

A3) If vsftpd didn't link with PAM, then there are various possible issues. Is

the user's shell in /etc/shells? If you have shadowed passwords, does your

system have a "shadow.h" file in the include path?

A4) If you are not using PAM, then vsftpd will do its own check for a valid

user shell in /etc/shells. You may need to disable this if you use an invalid

shell to disable logins other than FTP logins. Put check_shell=NO in your

/etc/vsftpd.conf.

 

# ldd /usr/local/sbin/vsftpd

        linux-gate.so.1 =>  (0x001e3000)

        libpam.so.0 => /lib/libpam.so.0 (0x4e8d3000)

        libdl.so.2 => /lib/libdl.so.2 (0x4efa3000)

        libnsl.so.1 => /lib/libnsl.so.1 (0x4e4ea000)

        libresolv.so.2 => /lib/libresolv.so.2 (0x4e507000)

        libutil.so.1 => /lib/libutil.so.1 (0x4e921000)

        libcap.so.1 => /lib/libcap.so.1 (0x4e650000)

        libc.so.6 => /lib/libc.so.6 (0x4ee3b000)

        libaudit.so.0 => /lib/libaudit.so.0 (0x4e8be000)

        /lib/ld-linux.so.2 (0x4e46c000)

 

按提示ldd看，果然看到使用了libpam.so.，就是说vsftpd开启后需要链接对应的PAM文件，而这个PAM文件应该安装在/etc/pam.d这个目录里。但目前在/etc/pam.d里没有vsftpd这个文件。这个文件在安装目录的RedHat目录里。

[root@localhost RedHat]# ls

README.spec  vsftpd.log  vsftpd.pam

 

cp vsftpd.pam /etc/pam.d/vsftpd

配置文件中的pam_service_name=vsftpd  正是指示所安装的pam文件。

 

重新启动vsftpd。

 

[root@localhost etc]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 (vsFTPd 2.1.0)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): xjf

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

 

大功告成！！

看来有时候解决不问题不一定要google，看看faq帮助也很大。