Ring
Environment: Ubuntu
9.04 SERVER + vsftpd 2.0.7
Slmagicbox @ Ubuntu
904 server :~ $
Uname-
Linux Ubuntu
904 Server
2.6.28-11-server # 42-ubuntu SMP Fri Apr 17 02:48:10 UTC 2009 i686
GNU/Linux
Slmagicbox @ Ubuntu
904 server :~ $
Dpkg-L | grep vsftpd
II vsftpd
2.0.7-0 Ubuntu
1 The very secure FTP daemon
Original configuration file/etc
/Vsftpd. conf:
This configuration file is generated by default after vsftpd is installed,
To
"#" Begins with a comment.
# Example config file/etc/vsftpd. conf
Listen = yes # Use Run vsftpd in standalone Mode
# Listen_ipv6 = Yes
Anonymous_enable = yes # Allow anonymous users to access
# Local_enable = Yes # Write_enable = Yes # Local_umask = 022
# Anon_upload_enable = Yes # Anon_mkdir_write_enable = Yes
Dirmessage_enable = yes # When the user first enters The message in the directory of the FTP server is displayed. The default is the. Message file, this, 0, '');}" onmouseout = "If (typeof (showtitle )! = 'Undefined') {mouseisoverlayer = false; Mouseoverwhileload = false; hideto = Window. setTimeout ('checkifmouseoverlayer () ', 500);} "href =" http://action.utops.cc/click.jsp? Adsid = 429 & adsleagueid = 5 & adsuserid = 1 & siteid = 657 & siteleagueid = 5 & siteuserid = 564 & SCID = 2 & adstype = 98 & prices = 1.51 & checkcode = found & click = 1 & url = http % 3A // www.totole.com.cn & V = 0 & keyword = % u53ef % u4ee5 & s = http % 3A // tags "target =" _ blank "> yes
Use Message_file to define
Xferlog_enable = yes # enable log, default path/var/log/vsftpd. Log
Connect_from_port_20 = yes # use the default data connection FTP-data port (Port 20)
# Chown_uploads = Yes
# Chown_username = whoever # Xferlog_file =/var/log/vsftpd. Log
# Xferlog_std_format = Yes # Idle_session_timeout = 600
# Data_connection_timeout = 120 # Nopriv_user = ft1_cure
# Async_abor_enable = Yes # Ascii_upload_enable = Yes
# Ascii_download_enable = Yes # Ftpd_banner = welcome to blah FTP Service. # Deny_email_enable = Yes
# Banned_email_file =/etc/vsftpd. banned_emails# Chroot_list_enable below. # Chroot_local_user = Yes
# Chroot_list_enable = Yes # Chroot_list_file =/etc/vsftpd. chroot_list
# Ls_recurse_enable = Yes # Debian Customization
Secure_chroot_dir =/var/run/vsftpd # Ignore
Pam_service_name = vsftpd # ignore
Rsa_cert_file =/etc/SSL/certs/ssl-cert-snakeoil.pem # Ignore
Rsa_private_key_file =/etc/SSL/private/ssl-cert-snakeoil.key # ignore
|
Modified functions:
1) anonymous users are not allowed. Local Users can upload images.
Anonymous_enable = No # If it is commented out, the default value is allow
Anon_upload_enable = No # anonymous_enable = Yes
If commented out, the default value is allowed, provided that the global upload permission is enabled (write_enable = yes)
Anon_mkdir_write_enable = No # anonymous_enable = Yes
If commented out, the default value is allowed, provided that the global upload permission is enabled (write_enable = yes)
Local_enable = Yes
Write_enable = Yes
Local_umask = 022 # The default value is 077.
Function Verification:
1) Anonymous Users cannot log on
2) the local user logs on successfully and can browse the entire file system. The FTP permission is controlled by the system permission.
3) Local User master
Upload a file and create a folder.
Slmagicbox @ Ubuntu
904 server :~ $ LS-l
Drwxr-XR-x 2 slmagicbox
Slmagicbox 4096 test1 # The folder permission is 777-022 = 744
-RW-r -- 1 slmagicbox
Slmagicbox 0 Test2 # The File Permission is 666-022 = 644
4) Add a local user ftptest1 so that it can log on to FTP
Slmagicbox @ Ubuntu
904 server :~ $ Sudo useradd
Ftptest1-m
# Create a new local
User ftptest1. The-M parameter is used to create the user's home folder (/home/ftptest1). The FTP user must have the home directory; otherwise, 500 is reported.
Oops: cannot change Directory:/home/ftptest1 Error
Slmagicbox @ Ubuntu
904 server:/home $
Sudo passwd ftptest1 # set a password for the ftptest1 user
Input
Enter a new Unix Password:
Enter a new Unix Password:
Passwd: Password updated
Successfully
Slmagicbox @ xxx :~ $ FTP
192.168.0.111
Connected to 192.168.0.111.
220 (vsftpd 2.0.7)
Name (192.168.0.111: slmagicbox): ftptest1
331 please specify
Password.
Password:
230 login successful.
Remote system type is UNIX.
Using binary mode to transfer
Files.
Ftp> # logon successful
5)
Now the local user can use ftp, but it is not reassuring to have an FTP user go around on your server? Can I restrict ftp users to their home directory? This requires
The ch_root function is used.
Edit the configuration file/etc
/Vsftpd. conf:
Chroot_local_user = Yes
Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart
# Restart the service to update the configuration
Slmagicbox @ FY-it-wangzh :~ $ FTP 192.168.0.111
Connected
192.168.0.111.
220 (vsftpd 2.0.7)
Name
(192.168.0.111: slmagicbox): ftptest1
331 please specify
Password.
Password:
230 login successful.
Remote system type is UNIX.
Using binary mode to transfer
Files.
Ftp> ls
200 PORT command successful.
Consider using PASV.
150 here comes the directory listing.
226 directory send OK.
Ftp> Cd/home
550
Failed to change directory. # The user is limited
My directory is active.
6) is the above effect what you want, but can the administrator himself have a special privilege? Can he not be restricted to the home directory?
Edit configuration file
/Etc/vsftpd. conf:
Chroot_local_user = Yes
Chroot_list_enable = yes # enable
Chroot_list, which is excluded by users listed in this file and is not restricted to personal directories.
Chroot_list_file =/etc/vsftpd. chroot_list # define the location of the chroot_list File
Create and edit/etc/vsftpd. chroot_list
:
Slmagicbox @ Ubuntu
904 server:/etc $ echo "slmagicbox" | sudo
Tee-A vsftpd. chroot_list
# Set
You want excluded users to join/etc/vsftpd. chroot_list
Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart
7)
Only local_enable = yes is used to control the access of local users to FTP, so that www.linuxidc.com
Server
All users on the server have the permission to access FTP. Do you want to be controllable? which users can access and which users cannot access? Let's continue
Edit the configuration file/etc
/Vsftpd. conf:
Userlist_enable = yes # enable the FTP user list
Userlist_deny = No # The deny user list is not used. Userlist_deny can be understood
The user listed in userlist_file is deny and is not allowed to access FTP. Here, it is set to no, indicating that the user in the list is not deny and has permission to access
FTP. It may be a bit difficult. A simple understanding is:
Set whether to use the blacklist for userlist_deny. If yes is used, if no is used, the whitelist is used.
The White List is used here, only
Users listed in userlist_file have the right to access FTP.
Userlist_file =/etc/vsftpd. user_list
# Define the storage location of the userlist_file File
Create and edit/etc/vsftpd. user_list
:
Slmagicbox @ Ubuntu
904 server :~ $ CD/etc/
Slmagicbox @ Ubuntu
904 server:/etc $ sudo touch
Vsftpd. user_list
Slmagicbox @ Ubuntu
904 server:/etc $
Echo "slmagicbox" | sudo tee-A vsftpd. user_list
Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart
Check the effect. Only slmagicbox can access FTP. Add the FTP user to/etc/vsftpd. user_list.
The control is simple. If you do not observe the discipline, the administrator can take you out at any time. Don't want to use ftp or FTP !!