1. [root@michael ~]# rpm -qa | grep vsftpd
vsftpd-2.0.1-5.EL4.5[root@michael ~]# rpm -qa | grep vsftpd*
2. [root@michael ~]# vi /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES# Uncomment this to allow local users to log in.
local_enable=YES# Uncomment this to enable any form of FTP write command.
write_enable=YES# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022 3. [root@michael ~]# grep -v "#" /etc/vsftpd/vsftpd.conf local_umask=022t dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES 4. [root@michael ~]# head -5 /etc/vsftpd.ftpusers <The file user deny login vsftpd server> # Users that are not allowed to login via ftp root bin daemon adm 5 .[root@michael ~]# head /etc/vsftpd.user_list <The file user deny login vsftpd server too> # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers # for users that are denied. 注意:要是想讓這兩個檔案中的指定的那個使用者login vsftpd server , 那麼,就要在這兩個檔案中del relevant user, del one file in the user is nologin vsftpd server. 重點:file “/etc/vsftpd/vsftpd.conf “ and “/etc/vsftpd.user_list” 是配合來用的。 One : vsftpd.conf relevant config. “Userlist_enable=YES” User_list file in the user nologin vsftpd server. NO in user_list file in the user can login vsftpd server. “Userlist_enable=NO” User_list file in the user can longin vsftpd server. But (但是)to del file vsftd.ftpusers in as ( 一樣) the user. No in user_list file in the user no can login vsftpd server. 6. [root@michael ~]# ls -l /var/ftp <anonymous user login vsftpd the lord directory> total 8 drwxr-xr-x 2 root root 4096 May 24 2006 pub 7. [root@michael ~]# chkconfig --list vsftpd vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@michael ~]# chkconfig --level 35 vsftpd on vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@michael ~]# service vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ] [root@michael ~]# service vsftpd status vsftpd (pid 3643) is running... 8.test user login ftp server. “Anonymous user login” [root@michael ~]# ftp 192.168.5.1 Connected to 192.168.5.1. 220 (vsFTPd 2.0.1) 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (192.168.5.1:root): ftp/anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> ls 227 Entering Passive Mode (192,168,5,1,201,214) 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 May 24 2006 pub 226 Directory send OK. ftp> “loacduser login ftp server” Name (192.168.5.1:root): abc 227 Entering Passive Mode (192,168,5,1,186,149) ftp> ll ?Invalid command ftp> ls -al 227 Entering Passive Mode (192,168,5,1,66,115) drwx------ 3 500 500 4096 Jul 30 10:13 . drwxr-xr-x 5 0 0 4096 Jul 30 14:50 .. -rw------- 1 500 500 10 Jul 30 10:13 .bash_history -rw-r--r-- 1 500 500 24 Jul 30 10:10 .bash_logout -rw-r--r-- 1 500 500 191 Jul 30 10:10 .bash_profile -rw-r--r-- 1 500 500 124 Jul 30 10:10 .bashrc -rw-r--r-- 1 500 500 383 Jul 30 10:10 .emacs -rw-r--r-- 1 500 500 120 Jul 30 10:10 .gtkrc drwxr-xr-x 3 500 500 4096 Jul 30 10:10 .kde -rw-r--r-- 1 500 500 658 Jul 30 10:10 .zshrc 257 "/home/abc" ftp> quit 221 Goodbye. 9.Config ftp loacl user login ftp serer 鎖定在自已的目錄中。 方法1 : ftp> cd / 250 Directory successfully changed. ftp> pwd'^H [root@michael ~]# vi /etc/vsftpd/vsftpd.conf #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES #enable for standalone mode chroot_local_user=YES <config file in add > "/etc/vsftpd/vsftpd.conf" 111L, 4166C written Shutting down vsftpd: [FAILED] 227 Entering Passive Mode (192,168,5,1,144,252) ftp> cd /home 550 Failed to change directory. 257 "/ “ 方法2 [root@michael etc]# vi /etc/vsftpd/vsftpd.conf #ftpd_banner=Welcome to blah FTP service. # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. chroot_local_user=YES (“add” chroot_list_enable=YES “del #” chroot_list_file=/etc/vsftpd.chroot_list “del#” create flie /etc/vsftpd.chroot_list .The in add relevant user” ) "/etc/vsftpd/vsftpd.conf" 111L, 4164C 96,1 95% [root@michael etc]# vi /etc/vsftpd.chroot_list abc1 ~ ~"/etc/vsftpd.chroot_list" 1L, 5C Name (192.168.5.1:root): abc1 257 "/home/abc1" [root@michael ~]# #chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list "/etc/vsftpd/vsftpd.conf" 111L, 4165C written ftp> qui 重點講說:方法2 “Chroot_local_user=YES” “chroot_list_enable=YES “ Vsftpd.chroot_list in the user no isolation( 隔離). No vsftpd.chroot_list in the user isolation, “#Chroot_local_user=YES” “Chroot_list_enable=YES” Vsftp.chroot_list in the user isolation. No vsftpd.chroot_list in the user no isolation. 二.FTP SERVER 虛拟使用者配置。 1 .建立虛拟使用者密碼庫檔案。 [root@michael ~]# vi logins.txt aaa 422135Sa bbb ~"logins.txt" [New] 5L, 27C written [root@michael ~]# ls Desktop anaconda-ks.cfg install.log install.log.syslog logins.txt 2 .生成vsftpd 的認證檔案。 root@michael ~]# db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db [root@michael ~]# file /etc/vsftpd/vsftpd_login.db /etc/vsftpd/vsftpd_login.db: Berkeley DB (Hash, version 8, native byte-order) [root@michael ~]# rm logins.txt rm: remove regular file `logins.txt'? y Desktop anaconda-ks.cfg install.log install.log.syslog [root@michael ~]# chmod 600 /etc/vsftpd/vsftpd_login.db [root@michael ~]# ll /etc/vsftpd/vsftpd_login.db -rw------- 1 root root 12288 Aug 4 02:56 /etc/vsftpd/vsftpd_login.db 建立虛拟使用者所要的PAM 配置檔案。名稱為《vsftp.vu 》 [root@michael ~]# vi /etc/pam.d/vsftpd.vu auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account repuired /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login ~"/etc/pam.d/vsftpd.vu" [New] 2L, 143C written [root@michael ~]# cat /etc/pam.d/vsftpd.vu .建立虛拟使用者及要通路的目錄并設定相關的權限。 root@michael ~]# useradd -d /home/ftpsite virtual [root@michael ~]# chmod 700 /home/ftpsite [root@michael ~]# cd [root@michael ~]# cd /home [root@michael home]# ls abc abc1 ftpsite fung [root@michael home]# ll total 16 drwx------ 3 abc abc 4096 Jul 30 18:13 abc drwx------ 3 abc1 abc1 4096 Jul 30 18:15 abc1 drwx------ 3 virtual virtual 4096 Aug 4 03:10 ftpsite drwx------ 3 fung fung 4096 Jul 30 22:50 fung .設定vsftpd.conf config file root@michael ~]# vi /etc/vsftpd/vsftpd.conf guest_enable=YES “add” guest_username=virtual ‘add” pam_service_name=vsftpd.vu “ 在vsftpd 後面加上 .vu” "/etc/vsftpd/vsftpd.conf" 115L, 4248C written 6. Test vsftpd in the 虛拟使用者賬号。 root@michael ~]# touch /home/ftpsite/file [root@michael ~]# chown virtual:virtual /home/ftpsite/file drwx------ 3 virtual virtual 4096 Aug 4 03:18 ftpsite [root@michael home]# cd ftpsite/ [root@michael ftpsite]# ls file [root@michael ftpsite]# ll total 0 -rw-r--r-- 1 virtual virtual 0 Aug 4 03:18 file [root@michael ftpsite]# ftp 192.168.5.1 Name (192.168.5.1:root):aaa 為虛拟使用者設定不同的權限。 chroot_local_user=YES guest_enable=YES guest_username=feng pam_service_name=vsftpd.vu user_config_dir=/etc/vsftpd_user_conf (“add,” 此項) "/etc/vsftpd/vsftpd.conf" 115L, 4243C written 注意:”/etc/vsftpd_user_conf “directory is save virtual user the config file. [root@michael ~]# mkdir /etc/vsftpd_user_conf [root@michael ~]# ls /etc/vsftpd_user_conf/ [root@michael ~]# ll /etc/vsftpd_user_conf/ root@michael ~]# vi /etc/vsftpd_user_conf/aaa anon_world_readable_only=NO ( 表示使用者可以遊覽FTP 目錄和下載下傳檔案)。 anon_upload_enable=YES (表示使用者能上傳檔案) anon_mkdir_write_enable=YES (表示使用者可以建立和DEL 目錄的) anon_other_write_enable=YES (表示使用者可以為檔案改名和DEL 檔案) "/etc/vsftpd_user_conf/mike" [New] 4L, 107C written Name (192.168.5.1:root): aaa 227 Entering Passive Mode (192,168,5,1,47,245) -rwx------ 1 503 503 0 Aug 03 19:45 file 227 Entering Passive Mode (192,168,5,1,226,99) drwx------ 3 503 503 4096 Aug 03 19:45 . drwx------ 3 503 503 4096 Aug 03 19:45 .. -rwx------ 1 503 503 24 Aug 03 19:42 .bash_logout -rwx------ 1 503 503 191 Aug 03 19:42 .bash_profile -rwx------ 1 503 503 124 Aug 03 19:42 .bashrc -rwx------ 1 503 503 383 Aug 03 19:42 .emacs -rwx------ 1 503 503 120 Aug 03 19:42 .gtkrc drwx------ 3 503 503 4096 Aug 03 19:42 .kde -rwx------ 1 503 503 658 Aug 03 19:42 .zshrc 重點:IN “/etc/vsftpd_user_conf” directory in virtual user can add his( 自己) the config file,config file name is his the user name. 例如:aaa bbb Vi /etc/vsftpd_user_conf/aaa………. Vi /etc/vsftpd_user_conf/bbb…….. 530 Login incorrect. Login failed. Name (192.168.5.1:root): ftp 227 Entering Passive Mode (192,168,5,1,55,75) 注意:啟用了虛拟用以後,隻有虛拟使用者和匿名使用者可以LOGIN FTP SERVER 。其它使用者都不能LOGIN FTP SERVER 。 8 .一些典型的FTP SERVER 設定 Max_clients =0 “FTP 允許用戶端的最大連接配接數,0 表示不限制”![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)