说明
本文所使用的是ubuntu操作系统,或许和其他版本的linux系统存在一定的区别。
实验环境
ubuntu 16.4
安装
$ sudo apt-get install vsftpd
检测端口
$ sudo netstat -npltu | grep 21
成功结果:
tcp6 0 0 :::21 :::* LISTEN 885/vsftpd
提示:若未出现此结果,则说明你的21端口未打开。默认情况是不需要修改的
接测安装是否成功
$ ftp localhost
输入用户名和密码即可登入(不可输入root用户 默认的拦截root用户的)
修改配置
$ sudo gedit /etc/vsftpd.conf
具体的配置需要根据自己来选择
listen=<YES/NO> :设置为YES时vsftpd以独立运行方式启动,设置为NO时以xinetd方式启动(xinetd是管理守护进程的,将服务集中管理,可以减少大量服务的资源消耗)
listen_port=<port> :设置控制连接的监听端口号,默认为21
listen_address=<ip address> :将在绑定到指定IP地址运行,适合多网卡
connect_from_port_20=<YES/NO> :若为YES,则强迫FTP-DATA的数据传送使用port 20,默认YES
pasv_enable=<YES/NO> :是否使用被动模式的数据连接,如果客户机在防火墙后,请开启为YES
pasv_min_port=<n>
pasv_max_port=<m> :设置被动模式后的数据连接端口范围在n和m之间,建议为50000-60000端口
message_file=<filename> :设置使用者进入某个目录时显示的文件内容,默认为 .message
dirmessage_enable=<YES/NO> :设置使用者进入某个目录时是否显示由message_file指定的文件内容
ftpd_banner=<message> :设置用户连接服务器后的显示信息,就是欢迎信息
banner_file=<filename> :设置用户连接服务器后的显示信息存放在指定的filename文件中
connect_timeout=<n> :如果客户机连接服务器超过N秒,则强制断线,默认60
accept_timeout=<n> :当使用者以被动模式进行数据传输时,服务器发出passive port指令等待客户机超过N秒,则强制断线,默认60
accept_connection_timeout=<n> :设置空闲的数据连接在N秒后中断,默认120
data_connection_timeout=<n> : 设置空闲的用户会话在N秒后中断,默认300
max_clients=<n> : 在独立启动时限制服务器的连接数,0表示无限制
max_per_ip=<n> :在独立启动时限制客户机每IP的连接数,0表示无限制(不知道是否跟多线程下载有没干系)
local_enable=<YES/NO> :设置是否支持本地用户帐号访问
guest_enable=<YES/NO> :设置是否支持虚拟用户帐号访问
write_enable=<YES/NO> :是否开放本地用户的写权限
local_umask=<nnn> :设置本地用户上传的文件的生成掩码,默认为077
local_max_rate<n> :设置本地用户最大的传输速率,单位为bytes/sec,值为0表示不限制
local_root=<file> :设置本地用户登陆后的目录,默认为本地用户的主目录
chroot_local_user=<YES/NO> :当为YES时,所有本地用户可以执行chroot
chroot_list_enable=<YES/NO>
chroot_list_file=<filename> :当chroot_local_user=NO 且 chroot_list_enable=YES时,只有filename文件指定的用户可以执行chroot
anonymous_enable=<YES/NO> :设置是否支持匿名用户访问
anon_max_rate=<n> :设置匿名用户的最大传输速率,单位为B/s,值为0表示不限制
anon_world_readable_only=<YES/NO> 是否开放匿名用户的浏览权限
anon_upload_enable=<YES/NO> 设置是否允许匿名用户上传
anon_mkdir_write_enable=<YES/NO> :设置是否允许匿名用户创建目录
anon_other_write_enable=<YES/NO> :设置是否允许匿名用户其他的写权限(注意,这个在安全上比较重要,一般不建议开,不过关闭会不支持续传)
anon_umask=<nnn> :设置匿名用户上传的文件的生成掩码,默认为077
提示
一般只需要设置如下内容
允许匿名访问
Allow anonymous FTP? (Disabled by default)
anonymous_enable=YES
上传文件
write_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
权限设置
local_umask=022
等同于权限755(即777-022)
配置禁止用户
sudo vim /etc/ftpusers
去掉你想登录的账户
个人配置(仅供参考)
# Example config
file /etc/vsftpd.conf
#
# The
default compiled
in settings are fairly paranoid. This sample
file
# loosens things up a
bit,
to make the ftp daemon more usable.
# Please see vsftpd.conf
.5 for all compiled
in defaults.
#
# READ THIS: This example
file is NOT an exhaustive list
of vsftpd options.
# Please read the vsftpd.conf
.5 manual page
to get a full idea
of vsftpd
's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd
or as a standalone
# daemon started from an initscript.
listen=NO
#
# This directive enables listening
on IPv6 sockets. By
default, listening
#
on the IPv6
"any" address (::) will accept connections from both IPv6
#
and IPv4 clients. It
is not necessary
to listen
on *both* IPv4
and IPv6
# sockets.
If you want that (perhaps because you want
to listen
on specific
# addresses)
then you must run two copies
of vsftpd
with two
configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by
default).
anonymous_enable=YES
#
# Uncomment this
to allow local users
to log
in.
local_enable=YES
#
# Uncomment this
to enable any form
of FTP write command.
write_enable=YES
#
#
Default umask
for local users
is 077. You may wish
to change this
to 022,
#
if your users expect that (
022 is used by most other ftpd
's)
local_umask=
022
#
# Uncomment this
to allow the anonymous FTP user
to upload files. This only
# has an effect
if the above global write enable
is activated. Also, you will
#obviously need
to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this
if you want the anonymous FTP user
to be able
to create
#
new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given
to remote users
when they
# go into a certain directory.
dirmessage_enable=YES
#
#
If enabled, vsftpd will display directory listings
with the
time
#
in your local
time zone. The
default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging
of uploads/downloads.
xferlog_enable=YES
#
# Make sure
PORT transfer connections originate from
port 20 (ftp-data).
connect_from_port_20=YES
#
#
If you want, you can arrange
for uploaded anonymous files
to be owned by
# a different user. Note! Using
"root" for uploaded files
is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log
file goes
if you like. The
default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
#
If you want, you can have your log
file in standard ftpd xferlog format.
# Note that the
default log
file location
is /var/log/xferlog
in this
case.
#xferlog_std_format=YES
#
# You may change the
default value
for timing
out an idle session.
#idle_session_timeout=
600
#
# You may change the
default value
for timing
out a data connection.
#data_connection_timeout=
120
#
# It
is recommended that you define
on your system a unique user which the
# ftp server can
use as a totally isolated
and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this
and the server will recognise asynchronous ABOR requests.
Not
# recommended
for security (the code
is non-trivial).
Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By
default the server will pretend
to allow ASCII mode but
in fact ignore
# the request. Turn
on the below options
to have the server actually do ASCII
# mangling
on files
when in ASCII mode.
# Beware that
on some FTP servers, ASCII support allows a denial
of service
# attack (DoS) via the command
"SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack
and has always been safe, reporting the size
of the
# raw
file.
# ASCII mangling
is a horrible feature
of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner
string:
ftpd_banner=Welcome
to engle
's computer!
#
# You may specify a
file of disallowed anonymous e-mail addresses. Apparently
# useful
for combatting certain DoS attacks.
#deny_email_enable=YES
# (
default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may
restrict local users
to their home directories. See the FAQ
for
# the possible risks
in this before using chroot_local_user
or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list
of local users
to chroot()
to their home
# directory.
If chroot_local_user
is YES,
then this list becomes a list
of
# users
to NOT chroot().
# (Warning! chroot
'ing can be very dangerous.
If using chroot, make sure that
# the user does
not have write
access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (
default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the
"-R" option
to the builtin ls. This
is disabled by
#
default to avoid remote users being able
to cause excessive I/O
on large
# sites. However, some broken FTP clients such as
"ncftp" and "mirror" assume
# the presence
of the
"-R" option, so there
is a
strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some
of vsftpd
's settings don
't fit the filesystem layout by
#
default.
#
# This option should be the name
of a directory which
is empty. Also, the
# directory should
not be writable by the ftp user. This directory
is used
# as a secure chroot() jail at times vsftpd does
not require filesystem
#
access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This
string is the name
of the PAM service vsftpd will
use.
pam_service_name=vsftpd
#
# This option specifies the location
of the RSA certificate
to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this
to indicate that vsftpd
use a utf8 filesystem.
#utf8_filesystem=YES
本人的配置能用于上传和下载。如想实现更多细节功能可以自行参照说明配置
