Build an FTP server on Ubuntu Server 2

Ring
Environment: Ubuntu
9.04 SERVER + vsftpd 2.0.7

Slmagicbox @ Ubuntu
904 server :~ $
Uname-
Linux Ubuntu
904 Server
2.6.28-11-server # 42-ubuntu SMP Fri Apr 17 02:48:10 UTC 2009 i686
GNU/Linux

Slmagicbox @ Ubuntu
904 server :~ $
Dpkg-L | grep vsftpd
II vsftpd
2.0.7-0 Ubuntu
1 The very secure FTP daemon

Original configuration file/etc
/Vsftpd. conf:

This configuration file is generated by default after vsftpd is installed,
To
"#" Begins with a comment.

# Example config file/etc/vsftpd. conf Listen = yes # Use Run vsftpd in standalone Mode # Listen_ipv6 = Yes Anonymous_enable = yes # Allow anonymous users to access # Local_enable = Yes # Write_enable = Yes # Local_umask = 022 # Anon_upload_enable = Yes # Anon_mkdir_write_enable = Yes Dirmessage_enable = yes # When the user first enters The message in the directory of the FTP server is displayed. The default is the. Message file, this, 0, '');}" onmouseout = "If (typeof (showtitle )! = 'Undefined') {mouseisoverlayer = false; Mouseoverwhileload = false; hideto = Window. setTimeout ('checkifmouseoverlayer () ', 500);} "href =" http://action.utops.cc/click.jsp? Adsid = 429 & adsleagueid = 5 & adsuserid = 1 & siteid = 657 & siteleagueid = 5 & siteuserid = 564 & SCID = 2 & adstype = 98 & prices = 1.51 & checkcode = found & click = 1 & url = http % 3A // www.totole.com.cn & V = 0 & keyword = % u53ef % u4ee5 & s = http % 3A // tags "target =" _ blank "> yes Use Message_file to define Xferlog_enable = yes # enable log, default path/var/log/vsftpd. Log Connect_from_port_20 = yes # use the default data connection FTP-data port (Port 20) # Chown_uploads = Yes # Chown_username = whoever # Xferlog_file =/var/log/vsftpd. Log # Xferlog_std_format = Yes # Idle_session_timeout = 600 # Data_connection_timeout = 120 # Nopriv_user = ft1_cure # Async_abor_enable = Yes # Ascii_upload_enable = Yes # Ascii_download_enable = Yes # Ftpd_banner = welcome to blah FTP Service. # Deny_email_enable = Yes # Banned_email_file =/etc/vsftpd. banned_emails # Chroot_list_enable below. # Chroot_local_user = Yes # Chroot_list_enable = Yes # Chroot_list_file =/etc/vsftpd. chroot_list # Ls_recurse_enable = Yes # Debian Customization Secure_chroot_dir =/var/run/vsftpd # Ignore Pam_service_name = vsftpd # ignore Rsa_cert_file =/etc/SSL/certs/ssl-cert-snakeoil.pem # Ignore Rsa_private_key_file =/etc/SSL/private/ssl-cert-snakeoil.key # ignore

Modified functions:

1) anonymous users are not allowed. Local Users can upload images.


Anonymous_enable = No # If it is commented out, the default value is allow


Anon_upload_enable = No # anonymous_enable = Yes
If commented out, the default value is allowed, provided that the global upload permission is enabled (write_enable = yes)


Anon_mkdir_write_enable = No # anonymous_enable = Yes
If commented out, the default value is allowed, provided that the global upload permission is enabled (write_enable = yes)

Local_enable = Yes
Write_enable = Yes
Local_umask = 022 # The default value is 077.

Function Verification:

1) Anonymous Users cannot log on
2) the local user logs on successfully and can browse the entire file system. The FTP permission is controlled by the system permission.
3) Local User master
Upload a file and create a folder.
Slmagicbox @ Ubuntu
904 server :~ $ LS-l


Drwxr-XR-x 2 slmagicbox
Slmagicbox 4096 test1 # The folder permission is 777-022 = 744

-RW-r -- 1 slmagicbox
Slmagicbox 0 Test2 # The File Permission is 666-022 = 644

4) Add a local user ftptest1 so that it can log on to FTP

Slmagicbox @ Ubuntu
904 server :~ $ Sudo useradd
Ftptest1-m

# Create a new local
User ftptest1. The-M parameter is used to create the user's home folder (/home/ftptest1). The FTP user must have the home directory; otherwise, 500 is reported.
Oops: cannot change Directory:/home/ftptest1 Error


Slmagicbox @ Ubuntu
904 server:/home $
Sudo passwd ftptest1 # set a password for the ftptest1 user





Input
Enter a new Unix Password:
Enter a new Unix Password:
Passwd: Password updated
Successfully
Slmagicbox @ xxx :~ $ FTP
192.168.0.111


Connected to 192.168.0.111.

220 (vsftpd 2.0.7)
Name (192.168.0.111: slmagicbox): ftptest1


331 please specify
Password.
Password:
230 login successful.

Remote system type is UNIX.
Using binary mode to transfer
Files.
Ftp> # logon successful

5)
Now the local user can use ftp, but it is not reassuring to have an FTP user go around on your server? Can I restrict ftp users to their home directory? This requires
The ch_root function is used.
Edit the configuration file/etc
/Vsftpd. conf:

Chroot_local_user = Yes

Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart

# Restart the service to update the configuration

Slmagicbox @ FY-it-wangzh :~ $ FTP 192.168.0.111


Connected
192.168.0.111.
220 (vsftpd 2.0.7)
Name
(192.168.0.111: slmagicbox): ftptest1
331 please specify
Password.
Password:
230 login successful.

Remote system type is UNIX.
Using binary mode to transfer
Files.
Ftp> ls
200 PORT command successful.
Consider using PASV.
150 here comes the directory listing.

226 directory send OK.
Ftp> Cd/home
550
Failed to change directory. # The user is limited
My directory is active.

6) is the above effect what you want, but can the administrator himself have a special privilege? Can he not be restricted to the home directory?


Edit configuration file
/Etc/vsftpd. conf:

Chroot_local_user = Yes

Chroot_list_enable = yes # enable
Chroot_list, which is excluded by users listed in this file and is not restricted to personal directories.


Chroot_list_file =/etc/vsftpd. chroot_list # define the location of the chroot_list File

Create and edit/etc/vsftpd. chroot_list
:

Slmagicbox @ Ubuntu
904 server:/etc $ echo "slmagicbox" | sudo
Tee-A vsftpd. chroot_list
# Set
You want excluded users to join/etc/vsftpd. chroot_list



Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart


7)
Only local_enable = yes is used to control the access of local users to FTP, so that www.linuxidc.com
Server
All users on the server have the permission to access FTP. Do you want to be controllable? which users can access and which users cannot access? Let's continue

Edit the configuration file/etc
/Vsftpd. conf:

Userlist_enable = yes # enable the FTP user list


Userlist_deny = No # The deny user list is not used. Userlist_deny can be understood
The user listed in userlist_file is deny and is not allowed to access FTP. Here, it is set to no, indicating that the user in the list is not deny and has permission to access
FTP. It may be a bit difficult. A simple understanding is:
Set whether to use the blacklist for userlist_deny. If yes is used, if no is used, the whitelist is used.
The White List is used here, only
Users listed in userlist_file have the right to access FTP.


Userlist_file =/etc/vsftpd. user_list
# Define the storage location of the userlist_file File


Create and edit/etc/vsftpd. user_list
:

Slmagicbox @ Ubuntu
904 server :~ $ CD/etc/


Slmagicbox @ Ubuntu
904 server:/etc $ sudo touch
Vsftpd. user_list

Slmagicbox @ Ubuntu
904 server:/etc $
Echo "slmagicbox" | sudo tee-A vsftpd. user_list


Slmagicbox @ Ubuntu
904 server :~ $ Sudo
/Etc/init. d/vsftpd restart



Check the effect. Only slmagicbox can access FTP. Add the FTP user to/etc/vsftpd. user_list.
The control is simple. If you do not observe the discipline, the administrator can take you out at any time. Don't want to use ftp or FTP !!