ubuntu18系統搭建ftp伺服器詳解
當我們有有的自己的伺服器就可以搭建一個ftp伺服器,可以自己放進去一些東西,這樣以後下載的話會很方便,而且伺服器端速度很快(所以快慢基本就看自己下載段的速度了.
1. 更新一些伺服器上的檔案檔案源
sudo apt-get update
2. 下載vsftpd軟體
sudo apt-get install vsftpd
之後就等著下完
3. 配置ftp登入的使用者
ftp伺服器也是和正常ssh登入一樣,也是需要使用者指令的.當我們下載完vsftpd後,我們系統上就會多出一個ftp使用者和ftp組,當然這個ftp使用者是不能直接登入的.因此,我們也要為ftp建立一個使用者,當然這個使用者所在的組就是ftp組.例如,建立一個test:123456 的使用者,如下:
sudo useradd test -g ftp -d /home/ //在/home資料夾下建立該使用者
之後會提示你密碼,當然太簡單的密碼無法通過
4. 配置vsftpd配置
在/etc/目錄下有個vsftp.conf檔案,該檔案是ftp伺服器的主要配置檔案,用vm開啟,對裡面的檔案進行修改.下面貼出我的檔案:
後面會對其中一些做出簡要說明,要說明的的放會有 注(num):
# Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=NO #注1: # # This directive enables listening on IPv6 sockets. By default, listening # on the IPv6 "any" address (::) will accept connections from both IPv6 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 # sockets. If you want that (perhaps because you want to listen on specific # addresses) then you must run two copies of vsftpd with two configuration # files. listen_ipv6=YES # # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO #注2: userlist_deny=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES#注3 # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # If enabled, vsftpd will display directory listings with the time # in your local time zone. The default is to display GMT. The # times returned by the MDTM FTP command are also affected by this # option. use_localtime=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=hellow! Welcome to Curve's FTP service.#注4 # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. #chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that # the user does not have write access to the top level directory within the # chroot) chroot_local_user=YES #注5 chroot_list_enable=YES local_root=/var/ftp #注6 # (default follows) chroot_list_file=/etc/vsftpd.chroot_list chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # Customization # # Some of vsftpd's settings don't fit the filesystem layout by # default. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO # # Uncomment this to indicate that vsftpd use a utf8 filesystem. utf8_filesystem=YES
LISTEN = NO :這個值只能為NO,如果改為YES的話,啟動時會出錯
anonymous_enable=NO :是否允許匿名登入,不做匿名的話就不重要
write_enable=YES :設定可以上傳檔案
ftpd_banner= :設定登入是可以看到的資訊,可以任意修改
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
對ftp登入的使用者進行限制具體請參考.
local_root=/var/ftp :設定根目錄所在的位置,可以自己設定.注意可能會需要許可權此時加上下面兩條語句,如這個例子,
chown -R test ftp //test為要ftp登入的使用者名稱,第二個為資料夾
chgrp -R ftp ftp //第一個ftp 為ftp組
5. 對ftp使用者訪問進行配置
-
設定test使用者只能夠ftp登入,不能ssh登入
usermod -s /sbin/nologin test
-
修改/etc/ftpusers.這個目錄是設定禁止ftp登入使用者的因此,如果有自己想讓登入的使用者,那就直接刪掉
-
增加/etc/vsftpd.chroot_list檔案,這個和上面那個注5是相關的,在我的配置下的話,要增加使用者名稱,因此直接增加test
-
此時當你試著連線時,可能仍舊出現“530 Login incorrect”,修改/etc/shells檔案,後面新增以下內容:/sbin/nologin/
-
登入時可能會出現的錯誤"refusing to run with writable root inside chroot()",問題在於啟用了chroot的話,根目錄要設定為不可寫
chmod a-w /home/test
-
當然還能夠限制那些使用者可以登入,當如不加也是可以的參考源
首先修改vsftpd.cong檔案 userlist_enable=YES //設定使用者訪問列表 #允許登入的使用者 userlist_file=/etc/allowed_users //設定該列表所在的位置 #最後,對其進行修改,加入自己想要新增進的使用者名稱即可 ```
最最後,重新啟動vsftpd程序
server vsftpd restart
6. 登入時常用登入命令
- 自己可以下載個ftp連線的軟體,這裡說明一下linux終端命令所需的常用命令
- 登入:
- ftp ip 例如ftp 1.1.1.1
- 直接ftp進入ftp命令列 用open ip
之後會讓你輸入使用者名稱和密碼 - 關閉連線輸入close
- 推出ftp命令列bye
- 列出當下目錄中檔案內容:
- ls或者dir
注意用ls很多此的話,可能會出現連線錯誤,dir目前還為發現
- ls或者dir
- 目錄切換
cd 命令 - 下載檔案
- get|mget 目的檔案 下載位置.
get下載單個檔案,mget下載多個檔案.*.*代表所有檔案
- get|mget 目的檔案 下載位置.
- 上傳檔案
- put local_filt remote_file
下面附上學習時所參考文章的來源,感謝各位大佬文章
參考文章1 參考文章2 參考文章3 參考文章4 參考文章5 參考文章6
當然,還有一些學習是所看過的文章,由於看時還沒有開始寫這個文章.因此,有些知識也不知道了來源,因此沒附地址.