ubuntu 16 VSFTP 架设
root@myserverftp:~# sudo apt-get update
root@myserverftp:~# sudo apt-get install vsftpd
root@myserverftp:/home/myserver# service vsftpd restart
root@myserver-ftp:/etc# vi vsftpd.conf
listen=YES
Run standalone with IPv6?
Like the listen parameter, except vsftpd will listen on an IPv6 socket
instead of an IPv4 one. This parameter and the listen parameter are mutually
exclusive.
#listen_ipv6=YES
#
Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
Uncomment this to allow local users to log in.
local_enable=YES
#
Uncomment this to enable any form of FTP write command.
write_enable=YES
#
Default umask for local users is 077. You may wish to change this to 022,
if your users expect that (022 is used by most other ftpd's)
local_umask=022
dirmessage_enable=YES
use_localtime=YES
#
Activate logging of uploads/downloads.
xferlog_enable=YES
#
Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
access.
secure_chroot_dir=/var/run/vsftpd/empty
#
This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp
#
This option specifies the location of the RSA certificate to use for SSL
encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
2、配置
root@myserver-ftp:~#groupadd scan1
root@myserver-ftp:~#useradd -G scan1 -d /home/scan1 -M ftpscan
root@myserver-ftp:~#useradd -G scan1 -d /home/scan1 -M ftpscan2
root@myserver-ftp:~#chown ftpscan:ftpscan /home/scan1/
root@myserverftp:~# chmod -R 755 /home/scan1/
root@myserverftp:~# fdisk -l
root@myserverftp:~# blkid /dev/sda5 查找到UUID
root@myserverftp:~# vi /etc/fstab
UUID=d71005bf-3bd2-46d6-a7be-3af47f76fad3 /home/scan1 ext4 defaults 0 2
3、530 Login incorrect错误的解决方法
1、vsftp 提示 530 Login incorrect错误的解决方法
只需要把/etc/pam.d/vsftpd文件中的
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
这一句注释掉就OK了。前面加一个#好
重启vsftpd服务。问题解决
4、双网卡配置
root@myserver-ftp:/etc# vim /etc/network/interfaces
auto lo
iface lo inet loopback
auto etho
iface lo inet loopback
auto eth2
iface lo inet loopback
up route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.23.1
up route add -net 10.0.0.0 netmask 255.255.0.0 gw 10.0.16.1
root@myserver-ftp:~# route delete default
root@myserver-ftp:~# route add -net 192.168.0.0 netmask 255.255.0.0 dev eth0
root@myserver-ftp:~# route add -net 10.0.0.0 netmask 255.0.0.0 dev eth2
root@myserver-ftp:~# route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.23.1
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
2017 12 TEST UBUNTU 16.0
root@myserverftp:~# sudo apt-get install vsftpd
root@myserverftp:/home/myserver# sudo service vsftpd restart
第二步:新建目录/home/scan1/作为用户主目录
sudo mkdir /home/scan1/
root@myserver-ftp:~#groupadd scan1
第三步:新建用户uftp,制定用户主目录和所用shell,并设置密码
root@cmk-GA-880GM-D2H:/home# useradd -G scan1 -d /home/scan1/ -M mis -s /bin/bash
root@cmk-GA-880GM-D2H:/home# passwd mis
輸入新的 UNIX 密碼:
再次輸入新的 UNIX 密碼:
passwd:密碼已成功地變更
root@cmk-GA-880GM-D2H:~# useradd -G scan1 -d /home/scan1/ -M mis2 -s /bin/bash
root@cmk-GA-880GM-D2H:~# passwd mis2
輸入新的 UNIX 密碼:
再次輸入新的 UNIX 密碼:
passwd:密碼已成功地變更
第四步:新建文件/etc/vsftpd.user_list,用于存放允许访问ftp的用户:
root@cmk-GA-880GM-D2H:/home# vi /etc/vsftpd.user_list
mis
mis2
root@cmk-GA-880GM-D2H:/home# vi /etc/vsftpd.conf
Run standalone? vsftpd can run either from an inetd or as a standalone
daemon started from an initscript.
listen=YES
#
Run standalone with IPv6?
Like the listen parameter, except vsftpd will listen on an IPv6 socket
instead of an IPv4 one. This parameter and the listen parameter are mutually
exclusive.
#listen_ipv6=YES
#
Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
Uncomment this to allow local users to log in.
local_enable=YES
#
Uncomment this to enable any form of FTP write command.
write_enable=YES
#
Default umask for local users is 077. You may wish to change this to 022,
if your users expect that (022 is used by most other ftpd's)
local_umask=022
Activate directory messages - messages given to remote users when they
go into a certain directory.
dirmessage_enable=YES
#
If enabled, vsftpd will display directory listings with the time
in your local time zone. The default is to display GMT. The
times returned by the MDTM FTP command are also affected by this
option.
use_localtime=YES
#
Activate logging of uploads/downloads.
xferlog_enable=YES
#
Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
This option should be the name of a directory which is empty. Also, the
directory should not be writable by the ftp user. This directory is used
as a secure chroot() jail at times vsftpd does not require filesystem
access.
secure_chroot_dir=/var/run/vsftpd/empty
#
This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
userlist_file=/etc/vsftpd.user_list
#userlist_enable=YES
#userlist_deny=NO 可直接跳出登入用戶畫面
#
This option specifies the location of the RSA certificate to use for SSL
encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
This option specifies the location of the RSA key to use for SSL
encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
root@cmk-GA-880GM-D2H:~# chmod -R 755 /home/scan1/
root@cmk-GA-880GM-D2H:~# chown -R mis:scan1 /home/scan1/
root@cmk-GA-880GM-D2H:~# sudo service vsftpd restart
注: mis用戶有讀寫權限,mis2、dsc用戶有讀權限。
方法2:
root@cmk-GA-880GM-D2H:/home/scan1# chmod -R u=x,g=rwx /home/scan1/
root@cmk-GA-880GM-D2H:/home/scan1# ls -al
注: mis用戶有讀權限,mis2、dsc用戶有寫讀權限。
root@cmk-GA-880GM-D2H:/home# sudo service vsftpd stop