五、配置vsftpd,這裡很重要,請大家參考vsftpd手冊,我這裡只簡單的實現一下。 #vim /etc/vsftpd.conf #接受匿名用戶 anonymous_enable=YES #匿名用戶login時不詢問口令 no_anon_password=YES #匿名用戶主目錄 anon_root=(none) #接受本地用戶 local_enable=YES #本地用戶主目錄 local_root=(none) #如果匿名用戶需要密碼,那麼使用banned_email_file裡面的電子郵件地址的用戶不能登錄 deny_email_enable=YES #僅在沒有pam驗證版本時有用,是否檢查用戶有一個有效的shell來登錄 check_shell=YES #若啟用此選項,userlist_deny選項才被啟動 userlist_enable=YES #若為YES,則userlist_file中的用戶將不能登錄,為NO則只有userlist_file的用戶能登錄 userlist_deny=NO #如果和chroot_local_user一起開啟,那麼用戶鎖定的目錄來自/etc/passwd每個用戶指定的目錄(這個不是非常清晰,非常哪位熟悉的指點一下) passwd_chroot_enable=NO #定義匿名登入的使用者名稱。默認值為ftp。 ftp_username=FTP #################用戶許可權控制############### #能上傳(全局控制). write_enable=YES #本地用戶上傳文件的umask local_umask=022 #上傳文件的許可權配合umask使用 #file_open_mode=0666 #匿名用戶能上傳 anon_upload_enable=NO #匿名用戶能建目錄 anon_mkdir_write_enable=NO 匿名用戶其他的寫權利(更改許可權?) anon_other_write_enable=NO 如果設為YES,匿名登入者會被允許下載可閱讀的檔案。默認值為YES。 anon_world_readable_only=YES #如果開啟,那麼所有非匿名登陸的用戶名都會被轉換成guest_username指定的用戶名 #guest_enable=NO 所有匿名上傳的文件的所屬用戶將會被更改成chown_username chown_uploads=YES 匿名上傳文件所屬用戶名 chown_username=lightwiter #如果啟動這項功能,則所有列在chroot_list_file之中的使用者不能更改根目錄 chroot_list_enable=YES #允許使用"async ABOR"命令,一般不用,容易出問題 async_abor_enable=YES 管控是否可用ASCII 模式上傳。默認值為NO。 ascii_upload_enable=YES #管控是否可用ASCII 模式下載。默認值為NO。 ascii_download_enable=YES #這個選項必須指定一個空的數據夾且所有登入者都不能有寫入的許可權,當vsftpd 不必file system 的許可權時,就會將使用者限制在此數據夾中。默認值為/usr/share/empty secure_chroot_dir=/usr/share/empty ###################超時設置################## #空閑連接超時 idle_session_timeout=600 #數據傳輸超時 data_connection_timeout=120 #PAVS請求超時 ACCEPT_TIMEOUT=60 #PROT模式連接超時 connect_timeout=60 ################伺服器功能選項############### #開啟日記功能 xferlog_enable=YES #使用標準格式 xferlog_std_format=YES #當xferlog_std_format關閉且本選項開啟時,記錄所有ftp請求和回復,當調試比較有用. #log_ftp_protocol=NO #允許使用pasv模式 pasv_enable=YES #關閉安全檢查,小心呀. #pasv_promiscuous+NO #允許使用port模式 #port_enable=YES #關閉安全檢查 #prot_promiscuous #開啟tcp_wrappers支持 tcp_wrappers=YES #定義PAM 所使用的名稱,預設為vsftpd。 pam_service_name=vsftpd #當伺服器運行於最底層時使用的用戶名 nopriv_user=nobody #使vsftpd在pasv命令回復時跳轉到指定的IP地址.(伺服器聯接跳轉?) pasv_address=(none) #################伺服器性能選項############## #是否能使用ls -R命令以防止浪費大量的伺服器資源 #ls_recurse_enable=YES #是否使用單進程模式 #one_process_model #綁定到listen_port指定的埠,既然都綁定了也就是每時都開著的,就是那個什麼standalone模式 listen=YES #當使用者登入后使用ls -al 之類的指令查詢該檔案的管理權時,預設會出現擁有者的UID,而不是該檔案擁有者的名稱。若是希望出現擁有者的名稱,則將此功能開啟。 text_userdb_names=NO #顯示目錄清單時是用本地時間還是GMT時間,能通過mdtm命令來達到相同的效果 use_localtime=NO #測試平台優化 #use_sendfile=YES ################信息類設置################ #login時顯示歡迎信息.如果設置了banner_file則此設置無效 ftpd_banner=歡迎來到** FTP 網站. #允許為目錄設置顯示信息,顯示每個目錄下面的message_file文件的內容 dirmessage_enable=YES #顯示會話狀態信息,關! #setproctitle_enable=YES ############## 文件定義 ################## #定義不能更改用戶主目錄的文件 chroot_list_file=/etc/vsftpd/vsftpd.chroot_list #定義限制/允許用戶登錄的文件 userlist_file=/etc/vsftpd/vsftpd.user_list #定義登錄信息文件的位置 banner_file=/etc/vsftpd/banner #禁止使用的匿名用戶登陸時作為密碼的電子郵件地址 banned_email_file=/etc/vsftpd.banned_emails #日誌文件位置 xferlog_file=/var/log/vsftpd.log #目錄信息文件 message_file=.message ############## 目錄定義 ################# #定義用戶設置文件的目錄 user_config_dir=/etc/vsftpd/userconf #定義本地用戶登陸的根目錄,注意定義根目錄能是相對路徑也能是絕對路徑.相對路徑是針對用戶家目錄來說的. local_root=webdisk #此項設置每個用戶登陸后其根目錄為/home/username/webdisk #匿名用戶登陸后的根目錄 anon_root=/var/ftp #############用戶連接選項################# #可接受的最大client數目 max_clients=100 #每個ip的最大client數目 max_per_ip=5 #使用標準的20埠來連接ftp connect_from_port_20=YES #綁定到某個IP,其他IP不能訪問 listen_address=192.168.0.2 #綁定到某個埠 #listen_port=2121 #數據傳輸埠 #ftp_data_port=2020 #pasv連接模式時能使用port 範圍的上界,0 表示任意。默認值為0。 pasv_max_port=0 #pasv連接模式時能使用port 範圍的下界,0 表示任意。默認值為0。 pasv_min_port=0 ##############數據傳輸選項################# #匿名用戶的傳輸比率(b/s) anon_max_rate=51200 #本地用戶的傳輸比率(b/s) local_max_rate=5120000 附錄 # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=011 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # # Debian customization # # Some of vsftpd's settings don't fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/certs/vsftpd.pem guest_enable=YES #允許虛擬用戶 guest_username=ftp #把虛擬用戶映射成本地用戶 user_config_dir=/etc/vsftpd/vsftpd_user_conf #虛擬用戶的許可權設置目錄