常见响应码
| 响应码 | 含义 |
| 110 | 重新启动标记应答 |
| 120 | 服务在指定时间内准备好 |
| 125 | 数据连接打开,开始传输 |
| 150 | 文件状态良好,将要打开数据连接 |
| 200 | 命令成功 |
| 202 | 命令没有执行 |
| 211 | 系统状态回复 |
| 212 | 目录状态回复 |
| 213 | 文件状态回复 |
| 214 | 帮助信息回复 |
| 215 | 系统类型回复 |
| 220 | 服务就绪 |
| 221 | 服务关闭控制连接,可以退出登录 |
| 225 | 数据连接打开,无传输正在进行 |
| 226 | 关闭数据连接,请求的文件操作成功 |
| 227 | 进入被动模式 |
| 230 | 用户已经登录 |
| 250 | 请求的文件操作完成 请求文件操作终止,超过存储分配 |
| 257 | 创建路径名 |
| 332 | 登录时需要账户信息 |
| 350 | 请求的文件操作需要进一步的口令 |
| 426 | 关闭连接,终止传输 |
| 450 | 文件不可用 |
| 451 | 中止请求操作,有本地错误 |
| 452 | 磁盘空间不足 |
| 500 | 权限过大 |
| 501 | 语法错误 |
| 502 | 命令未执行 |
| 503 | 命令顺序错误 |
| 504 | 无效命令参数 |
| 530 | 认证失败 |
| 532 | 存储文件需要账户信息 |
| 550 | 服务本身不允许 |
| 551 | 请求操作终止,页类型未知 |
| 553 | 文件系统权限过小 |
ftp的常见问题
匿名用户家目录的权限问题
ftp不能修改匿名用户的家目录,否则服务及时启动了,用户也登录不了,会出现下面的现象,输入完用户名,两次回车后,就卡着不动了。
抓包可以看出
[root@iZ8vb2hjg65famgbqjk1diZ ~]# tcpdump -nnn -i eth0 tcp port 21 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 19:40:49.683144 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [S], seq 3111604523, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0 19:40:49.683185 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [S.], seq 1886686711, ack 3111604524, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 19:40:49.694527 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 1, win 259, length 0 19:40:49.696843 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 1:21, ack 1, win 229, length 20: FTP: 220 (vsFTPd 3.0.3) 19:40:49.791142 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 21, win 259, length 0 以上为建立命令连接时的三次握手的TCP报文 19:41:00.230394 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [P.], seq 1:11, ack 21, win 259, length 10: FTP: USER ftp 19:41:00.230422 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [.], ack 11, win 229, length 0 19:41:00.230646 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 21:55, ack 11, win 229, length 34: FTP: 331 Please specify the password. 19:41:00.286832 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 55, win 259, length 0 以上为用户认证时的认证时的报文 19:41:05.782272 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [P.], seq 11:18, ack 55, win 259, length 7: FTP: PASS 19:41:05.785501 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 55:65, ack 18, win 229, length 10: FTP: 500 OOPS: [!ftp] 19:41:05.785515 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:05.785525 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 123:125, ack 18, win 229, length 2: FTP: 19:41:05.785903 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [F.], seq 125, ack 18, win 229, length 0 19:41:05.803200 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 65, win 258, options [nop,nop,sack 1 {123:125}], length 0 19:41:05.803219 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 65, win 258, options [nop,nop,sack 1 {123:125}], length 0 19:41:05.808702 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:06.037744 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:06.493712 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:07.437699 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp]
修改pam认证也会造成输入完用户名密码就不动了
[root@iZzm446eh1ux98Z pam.d]# vim /etc/security/access.conf -:zhang:ALL EXCEPT 121.89.165.3 ## 表示zhang用户访问ftp只能通过121.89.165.3这台服务器
修改pam
[root@iZzm446eh1ux98Z pam.d]# vim /etc/pam.d/vsftpd #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account required pam_access.so # 添加的内容 account include password-auth session required pam_loginuid.so session include password-auth
重启vsftpd
[root@iZzm446eh1ux98Z pam.d]# systemctl restart vsftpd
登录测试
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
其他服务器就卡在哪里了
[root@ans1 ~]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password:
修改权限一般报错就是500 OOPS
[root@iZzm446eh1ux98Z pam.d]# ll /home/ total 4 drwxrwxrwx 2 zhang zhang 4096 May 16 19:04 zhang
登录的时候报错
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.43.56.7 Connected to 182.43.56.7 (182.43.56.7). 220 (vsFTPd 3.0.2) Name (182.43.56.7:root): zhang 331 Please specify the password. Password: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed. 421 Service not available, remote server has closed connection
修改对应用户家目录权限即可
[root@iZzm446eh1ux98Z pam.d]# chmod 700 /home/zhang/ [root@iZzm446eh1ux98Z pam.d]# systemctl restart vsftpd
登录测试
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
启动vsftpd的方法问题
使用vsftpd命令启动服务的时候,如果重启使用systemctl的unit脚本文件,会无法重启
[root@test ~]# vsftpd
[root@test ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5))
LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1396,fd=3))
[root@test ~]# systemctl restart vsftpd
Job for vsftpd.service failed because the control process exited with error code.
See "systemctl status vsftpd.service" and "journalctl -xe" for details.
根据提示看了一下日志
Apr 15 20:57:38 test systemd[1]: Reloading.
Apr 15 20:57:42 test systemd[1]: Starting Vsftpd ftp daemon...
-- Subject: Unit vsftpd.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit vsftpd.service has begun starting up.
Apr 15 20:57:45 test systemd[1]: vsftpd.service: Control process exited, code=exited status=1
Apr 15 20:57:45 test systemd[1]: vsftpd.service: Failed with result 'exit-code'.
Apr 15 20:57:45 test systemd[1]: Failed to start Vsftpd ftp daemon.
-- Subject: Unit vsftpd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit vsftpd.service has failed.
--
-- The result is RESULT.
我猜想肯定是启动脚本的问题,看了一下unit文件
[root@test ~]# vim /usr/lib/systemd/system/vsftpd.service
[Unit]
Description=Vsftpd ftp daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[Install]
WantedBy=multi-user.target
尝试用unit中的启动方式启动
[root@test ~]# /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[root@test ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5))
LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1707,fd=3))
再重启还是报错
[root@test ~]# systemctl restart vsftpd.service
Job for vsftpd.service failed because the control process exited with error code.
See "systemctl status vsftpd.service" and "journalctl -xe" for details.
用unit文件启动就好使
[root@test ~]# systemctl start vsftpd.service
[root@test ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5))
LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1739,fd=3))
[root@test ~]# systemctl restart vsftpd.service
[root@test ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5))
LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1767,fd=3))
与unit文件中的Type有关系
使用命令启动的时候只启动了一个进程
[root@node03 ~]# vsftpd
[root@node03 ~]# ps -ef|grep ftp
root 1732 1 0 09:58 ? 00:00:00 vsftpd
root 1734 1366 0 09:58 pts/0 00:00:00 grep --color=auto ftp
使用unit启动的时候fork了子进程
[root@test ~]# ps -ef|grep ftp root 2210 1 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf nobody 2211 2210 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf ftp 2213 2211 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf