Ubuntu14.04 vsftpd
参考文档:
http://www.cnblogs.com/acpp/archive/2010/02/08/1666054.html
http://segmentfault.com/a/1190000000438443
Vsftpd虚拟用户设置
一.安装
apt-get -y install vsftpd
root@localhost:~# lsb_release -a 2>/dev/null
Distributor ID:
Description:
Release:
Codename:
root@localhost:~# vsftpd -v
vsftpd: version 3.0.2
root@localhost:/usr/share/doc/vsftpd/examples# pwd
/usr/share/doc/vsftpd/examples
root@localhost:/usr/share/doc/vsftpd/examples# ls
INTERNET_SITE
提示:发行版的安装包中自带了很多帮助文档和配置范例,非常有情怀
二.匿名用户
cp /etc/vsftpd.conf{,.default}
养成修改前做备份的习惯
1.开启匿名访问
anonymous_enable=YES #匿名访问只需要对默认的配置文件修改上面一行即可,但只能读
root@localhost:~# touch /srv/ftp/Test2015
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--
226 Directory send OK.
默认的匿名用户为ftp或者anonymous,密码为空
2.修改匿名用户的根目录
#默认的匿名根是/srv/ftp
root@localhost:~# mkdir /ftp_guest
root@localhost:~# touch /ftp_guest/ftp
root@localhost:~# vim /etc/vsftpd.conf
anon_root=/ftp_guest
root@localhost:~# service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 4823
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--
226 Directory send OK.
三.本地用户
1.本地用户全局FTP根目录
root@localhost:~# mkdir -p /ftp_admin/{leader,foo}
root@localhost:~# vim /etc/vsftpd.conf
root@localhost:~# useradd -M -s /bin/false leader
root@localhost:~# echo leader:leader|chpasswd
问题1:密码输入正确了仍然提示密码不对
注意:ubuntu登录shell设置为/bin/false或/usr/sbin/nologin都会提示incorrect,按照rhel的模式来配置会有问题
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): leader
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> 221 Goodbye.
问题2:提示不能切换到家目录
root@localhost:~# chsh -s /bin/bash leader
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): leader
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/leader
Login failed.
421 Service not available, remote server has closed connection
解决办法1:修改/etc/passwd把对应家目录的栏位补全为合法的目录(实际存在的目录即可)
root@localhost:~# usermod leader -d /ftp_admin/leader
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): leader
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/ftp_admin"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x
drwxr-xr-x
226 Directory send OK.
这里显示的根在/ftp_admin是因为全局配置文件中定义的根在/ftp_admin
解决办法2:删除该用户后重新建
root@localhost:~# userdel -r leader
userdel: leader mail spool (/var/mail/leader) not found
userdel: /ftp_admin/leader not owned by leader, not removing
root@localhost:~# useradd -m -s /bin/bash leader
root@localhost:~# echo leader:leader|chpasswd
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): leader
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/ftp_admin"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x
drwxr-xr-x
226 Directory send OK.
2.锁定所有本地用户的FTP根目录
root@localhost:~# ftp localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:ubuntu): leader
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/ftp_admin"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x
drwxr-xr-x
226 Directory send OK.
ftp> cd ..
250 Directory successfully changed.
ftp> pwd
257 "/"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x
drwxr-xr-x
drwxr-xr-x