Ubuntu 12.04 using VSFTPD to build FTP experience

If you don't have time to learn vsftpd, want to quickly configure, then look at this

A general understanding of the online experience, are said how to configure anonymous login, but did not configure the success of the configuration, so change to user name login, reference Basic tutorial

Http://wiki.ubuntu.org.cn/Vsftpd%E5%AE%9E%E4%BE%8B

Http://wiki.ubuntu.org.cn/Vsftpd

Here's how I actually do it.

Step 1: Create an FTP System account

Create a new Ftpuser account in Linux, and an FTP group, and specify the account directory to the/home/ftpuser directory (this path is generated by default, and if you are a different name, you can specify directory by the following command),

Useradd Ftpuser

Usermod-s/usr/sbin/nologin-d/home/ftpuser-g FTP Ftpuser
This command changes the user's Ftpuser login shell to Nologin, the home folder to/home/ftpuser, and the user group to FTP.

to create a rockchip path

root@sanshingitserver:/home/ftpuser# mkdir Rockchip
root@sanshingitserver:/home/ftpuser# LL
Total 40
Dr-xr-x---8 ftpuser ftp 4096 Mar 6 17:23./
Drwxr-xr-x root root 4096 21 2014. /
-RW-------1 ftpuser FTP 419 2013. Bash_history
DR-X------3 Customer FTP 4096 2013 customer/
DR-X------3 Customer2 ftp 4096 2013 customer_sec/
Drwxr-xr-x 2 Ftpuser ftp 4096 2013 for_download_only/
D-WX-WX-WX 2 Ftpuser ftp 4096 2013 for_upload_only/
-rw-r--r--1 root Root 411 June 2013 Readme
Drwxr-xr-x 2 root 4096 Mar 6 17:23 rockchip/
DR-X------3 Ftpuser ftp 4096 2013 sanshin/

root@sanshingitserver:/home/ftpuser# chown rockchip:ftp rockchip/
root@sanshingitserver:/home/ftpuser# LL
Total 40
Dr-xr-x---8 ftpuser ftp 4096 Mar 6 17:23./
Drwxr-xr-x root root 4096 21 2014. /
-RW-------1 ftpuser FTP 419 2013. Bash_history
DR-X------3 Customer FTP 4096 2013 customer/
DR-X------3 Customer2 ftp 4096 2013 customer_sec/
Drwxr-xr-x 2 Ftpuser ftp 4096 2013 for_download_only/
D-WX-WX-WX 2 Ftpuser ftp 4096 2013 for_upload_only/
-rw-r--r--1 root Root 411 June 2013 Readme
Drwxr-xr-x 2 rockchip FTP 4096 Mar 6 17:23 rockchip/
DR-X------3 Ftpuser ftp 4096 2013 sanshin/

This is not enough, there are two steps to be made:

1. Change the Rockchip file to 500, or you can't log in. Quote this error:

1.500 OOPS:vsftpd:refusing to run with writable root inside Chroot ()
Login failed.
--root permissions should be set to 500

2. In the Rockchip to build a pub directory, permission is 700, otherwise you can not modify the contents of the pub.

Below is my three FTP account configuration (file is/etc/passwd)

Ftpuser:x:1001:133::/home/ftpuser:/usr/sbin/nologin
Customer:x:1002:133::/home/ftpuser:/usr/sbin/nologin
Customer2:x:1003:133::/home/ftpuser:/usr/sbin/nologin

Configured into Nologin, users can not use this account to log on to your server, you can only log in to the specified path. Step 2 is to specify the path.

The Ftpuser permissions are configured as follows:

gitserver:/home$ LL
Total 28
Drwxr-xr-x 5 root root 4096 June 9 17:55./
Drwxr-xr-x root root 4096 June 9 12:04. /
Drwxr-xr-x 3 root root 4096 June 4 00:51. ecryptfs/
DRWX------2 Ftpuser FTP 4096 June 9 17:55 ftpuser/
DRWX------Norton Norton 12288 June 9 17:46 norton/

gitserver:/var/ftp$ LL
Total 16
Drwxr-xr-x 3 root root 4096 June 9 17:32./
Drwxr-xr-x root root 4096 June 9 16:54. /
-rw-r--r--1 Root 9 17:32. Message
Drwxrwxr-x 3 Root FTP 4096 June 9 18:10 pub/

Step 2: Configure different independent paths for different users.

1. Add the following elements to the/etc/vsftp.config document:

local_root=/home/ftpuser/
User_config_dir=/etc/vsftpd/user_conf

The first line locks up your root account, which defaults to/, so that all files on your server are viewed.

The two line action is to enable you to manage the account path in the/etc/vsftpd/user_conf path by adding a configuration file.

Step 3. Set logon permissions for an FTP account

3.1 Set up a file with the same name for different accounts, like the following information, I created three files by account name

root@sanshingitserver:/etc/vsftpd/user_conf# ls
Customer Customer2 Ftpuser

3.2 Open the Ftpuser file, which reads as follows

root@sanshingitserver:/etc/vsftpd/user_conf# Vim Ftpuser

Local_root=/home/ftpuser/sanshin
In this way, the Ftpuser account is assigned to the Sanshin folder.

At the same time, in the/etc directory, but also to the account permissions:

root@sanshingitserver:/etc# Vim Vsftpd.user_list

Write your account name in a line like mine.

Ftpuser
Customer
Customer2
Virtual
Guest
Anonymous

Once configured, reboot the following vsftpd daemon

sudo service vsftpd restart

Debugging methods: In the command-side test, such as the input FTP 192.168.0.3, login to the server, and then prompts you to enter the user name, enter the corresponding user name, you can. After logging in, you can enter help if you do not know the command.

norton@norton-laptop:~/work/gitolite-admin$ FTP 192.168.0.3
Connected to 192.168.0.3.
220-
220-
220-
220-
220-
220-
220-
220-
220-
220-***************************************************
220-* <welcome to FTP server> *
220-***************************************************
220-
220-
220-
220-
220-
220-
220
Name (192.168.0.3:norton): Rockchip

Commands to use: Refer to the Commands commonly used in the following common commands

See if Port 21 is open

$ sudo netstat-npltu | grep
TCP        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      15601/vsftpd    

Useradd

passwd

Chown Change file Owner

chmod

Touch

Rm

Mv
Mkdir

Locate view the location of the file as locate Nologin. Specific description can be man locate look.

UpdateDB If locate files are not installed, sudo updatedb update the database
Security Configuration

Note that the FTP login account is the SYSTEM account, but the transmission process, the password is clear, so unsafe, to limit the network account shell, using Nologin, you can not use this account login system. Losing the account is not so dangerous.

Open/etc/passwd with sudo permissions

Change the shell of the network account to Nologin. I went to the path in/usr/sbin/nologin.

If you do not know, you can enter locate Nologin view location

Common error Rollup

1.500 OOPS:vsftpd:refusing to run with writable root inside Chroot ()
Login failed.
Document permissions should be set to not writable--root permissions should be set to 500


2.After following the tutorial and then trying to use FileZilla to copy a file to the Home/username/files directory, I was Getting this error:open for write:

Permission denied
Error:file Transfer failed

I got this working by Executing:chown username Home/username/files

After executing that I is able to copy a test file to the Files folder.

3. Path issues
To what permissions your have already set for any directory

sudo ls-la/var/www/

Replace "/var/www/" with the directory for your need to check!


3.dark@dark-laptop:~$ FTP 14.14.14.14
Ftp:connect:Connection refused
Vsftpd.conf content is generally wrong, please check spelling errors

4.Name (14.14.14.14:dark): Customer
331 Please specify the password.
Password:
oops:missing value in config file for:/home/ftpuser/
Login failed.
421 Service not available, remote server has closed connection

That's because I only wrote the address.
vsftp.conf file configuration error.
Note that there is no space in front of the content, = no space before and after.
= must have content behind it.
Otherwise comment out.


5.Name (14.14.14.14:dark): Customer
331 Please specify the password.
Password:
Oops:cannot Change directory:/home/ftpuser/
Login failed.

Does not exist this way to the path

6.331 Please specify the password.
Password:
530 Login incorrect.
Login failed.

Bad password, see if the password profile is correct

========================================================================================

"Appendix"

if you want to further study, you can refer to

Http://book.51cto.com/art/200810/92757.htm is a book, I think I'll have to finish this before I have time.

Http://os.51cto.com/art/201008/222036.htm topic, extended Reading

Web Information

VSFTPD homepage is vsftpd.beasts.org.

HOWTO FTP Mini-howto
vsftpd Anonymous Login

The network rarely mentions anonymous login, may not be safe, but sometimes urgent to build FTP, it is necessary to configure.

The point is to add this command anon_root=/var/run/vsftpd/empty this can be customized, some system default path is/VAR/FTP

This empty folder has 755 privileges (permissions are not allowed to go in), and then enter inside to create a new folder user (name can be customized), permission is 777, you can operate in this user -friendly configuration

Introduction: This command can be used to create a separate directory for each user, or other permissions and feature settings.

User_config_dir

Specifies a directory that contains some files named after the user name of the local user. Each such file (modeled vsftpd.conf) contains parameters that override the default parameters (per user) and the parameters specified in vsftpd.conf. For example, suppose User_config_dir is set to/etc/vsftpd/user_conf. If the default configuration file (/etc/vsftpd/vsftpd.conf) is set to idlesession_timeout=300, and the Sam's personal profile (/etc/vsftpd/user_conf/ SAM) Set idlesession_timeout=1200, all users except Sam have a session inactivity timeout of 300 seconds, and the Sam's session timeout is 1 200 seconds.

Default value: No http://book.51cto.com/art/200810/92809.htm

You can use this method to specify a different user to the root directory for different users. By default, all logged-in users use the same root directory (details refer to the following information).
Attention Matters

Listen

Setting to Yes causes VSFTPD to run in standalone mode and, if set to No, makes it run in normal mode. If you do not understand, choose Yes, this is a direct start vsftpd, if you choose the default to No, you will go through the xinet daemon on demand to run VSFTPD, this also requires other settings, I do it again, did not succeed.
Advanced Configuration

Learn to configure xinet, a super daemon that provides high security, helps manage a variety of network services, and even system services.

Http://wordpress.facesoho.com/server/what-is-xinetd.html