Linux下的Vsftpd配置篇
2013-04-25 12:51
162 查看
Linux下的Vsftpd配置篇 2010-10-12 22:59:02
标签:Linux
配置
休闲
Vsftpd
职场
版权声明:原创作品,如需转载,请与作者联系。否则将追究法律责任。
1. 主动与被动模式
1) 主动模式(PORT方式)
连接过程为:客户端向服务器FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。当需要传送数据时,客户端在命令链路上用PORT命令告诉服务器:我打开了XX端口,你过来连接我,于是服务器从20号端口向客户端的XX端口发送连接请求,建立一条数据链路来传送数据。
2) 被动模式(PASV方式)
连接过程为:客户端向服务器FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。当需要传送数据时,服务器在命令链路上用PASV命令告诉客户端:我打开了XX端口,你过来连接我,于是客户端向服务器的XX端口发送连接请求,建立一条数据链路来传送数据。
2. 安装
1) 查看是否安装
打开命令行,输入rpm -q vsftpd,出现:
Ø 已经安装
![](http://img1.51cto.com/attachment/201010/220313876.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 还没安装
![](http://img1.51cto.com/attachment/201010/220328940.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
2) 安装
Ø 载入光盘
![](http://img1.51cto.com/attachment/201010/220351982.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 设置光盘
![](http://img1.51cto.com/attachment/201010/220412956.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
单击虚拟机右下角的光盘图标,选择Settings,在Device status中将Connected勾选,在Connection中选择Use ISO image file,然后单击Browse选择Linux的安装包,单击OK
Ø 安装
![](http://img1.51cto.com/attachment/201010/220544107.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
安装完成
3. 文件结构与配置文件
1) 文件结构
2) 配置文件
Ø 查看
![](http://img1.51cto.com/attachment/201010/220624163.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/220637621.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
以#号开头的为注释,这里把非配置参数注释都去掉了
Ø 参数含义
3) 连接信息
4. 配置
1) 匿名用户登录FTP
Ø 配置
![](http://img1.51cto.com/attachment/201010/220752284.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
安装完成后,service vsftpd start启动服务
Ø 测试
![](http://img1.51cto.com/attachment/201010/220813512.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
在XP下连接FTP,可以看到登陆成功,用户名为ftp,即为匿名用户,anonymous也为匿名用户,vsFTP默认的配置匿名用户就可登录
2) 实名用户登录FTP
Ø 配置
![](http://img1.51cto.com/attachment/201010/220921438.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
mkdir -p /var/ftp/pub/zwb:建立用户登录根目录
useradd -G ftp -d /var/ftp/pub/zwb -M zwb:建立实名用户
passwd zwb:设置实名用户登录密码
Ø 测试
![](http://img1.51cto.com/attachment/201010/220949891.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
3) 只允许匿名登录,不允许实名登录
Ø 配置
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/221117141.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221127192.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将local_enable=YES改为NO,保存退出
l 重启服务
![](http://img1.51cto.com/attachment/201010/221143152.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/221207528.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
4) 不允许匿名登录,只允许实名登录
Ø 配置
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/221424654.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221435822.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将local_enable=NO改为YES,anonymous_enable=YES改为NO,退出保存
l 重启服务
![](http://img1.51cto.com/attachment/201010/221528643.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/221547700.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
5) 黑、白名单
Ø 黑名单
l 配置
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/221618677.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221630800.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
anonymous_enable=NO改为anonymous_enable=YES,还原初始配置
u 添加黑名单
![](http://img1.51cto.com/attachment/201010/221914993.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将zwb用户追加进黑名单
l 测试
![](http://img1.51cto.com/attachment/201010/221946623.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户登录失败
Ø 白名单
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/222042965.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222110961.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将上面追加进黑名单的用户zwb移除并保存退出
u 设置白名单
![](http://img1.51cto.com/attachment/201010/222154987.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222214596.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加userlist_deny=NO与userlist_file=/etc/vsftpd/user_list这2行
u 添加白名单
![](http://img1.51cto.com/attachment/201010/222455284.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
除user_list里的用户外,都不可登陆
u 重启服务
![](http://img1.51cto.com/attachment/201010/222432741.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/222622721.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
6) 限制客户数
Ø 配置
l 还原设置
u 还原白名单
![](http://img1.51cto.com/attachment/201010/222738261.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222747488.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将上面追加进黑名单的用户zwb移除并保存退出
u 还原配置文件
![](http://img1.51cto.com/attachment/201010/222857224.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222907349.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉userlist_deny=NO与userlist_file=/etc/vsftpd/user_list
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/222946906.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222957247.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加max_clients=1,指明最大客户连接数量为1
l 重启服务
![](http://img1.51cto.com/attachment/201010/223105993.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/223128578.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
ftp用户登录成功,不要退出,再次开启一个命令行
![](http://img1.51cto.com/attachment/201010/223155871.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
在才开启的命令行上连接FTP,错误代码421,提示There are too many connected users,please try later(有太多的用户连接,稍后再试),使用zwb用户登录Connection closed by remote host(远程主机连接关闭)
7) 速率限制
Ø 匿名用户与实名用户速率限制
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/223231601.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223243752.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉max_clients=1
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/223331252.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223341896.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
单位为bytes,local_max_rate表示实名用户的下载速度,anon_max_rate表示匿名用户的下载速度
u 重启服务
![](http://img1.51cto.com/attachment/201010/223410331.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
u 创建测试文件
![](http://img1.51cto.com/attachment/201010/223500220.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
dd if=/dev/zero of=get_test bs=126k count=1创建一个大小为126k的文件,用0填满,作为测试文件,实际创建了一个129k的文件
u 测试
![](http://img1.51cto.com/attachment/201010/223528351.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户用时为0.77Seconds,速率为168.44Kbytes/sec。ftp用户用时为6.20Seconds,速率为20.80Kbytes/sec
Ø 不同实名用户分等级下载限制
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/223605333.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223909128.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉local_max_rate与anon_max_rate
u 添加用户
![](http://img1.51cto.com/attachment/201010/223618175.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
建立zzj用户的用户根目录,添加zzj用户,设置zzj用户密码
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/224038698.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224047579.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加user_config_dir=/etc/vsftpd,设置用户配置目录
u 添加用户配置文件
n 为zwb用户添加配置文件
![](http://img1.51cto.com/attachment/201010/224210133.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224219334.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
n 为zzj用户添加配置文件
![](http://img1.51cto.com/attachment/201010/224232319.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224240466.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 重启服务
![](http://img1.51cto.com/attachment/201010/224340636.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/224404882.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户用时为0.78Seconds,速率为165.20Kbytes/sec。zzj用户用时为6.20Seconds,速率为20.80Kbytes/sec
8) 上传
Ø 匿名用户上传
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/224532538.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224609979.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
把user_config_dir=/etc/vsftpd去掉
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/224625564.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224641127.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
取消anon_upload_enable=YES与anon_mkdir_write_enable=YES前的注释,添加anon_other_write_enable=YES,表示允许文件改名、删除
u 权限配置
![](http://img1.51cto.com/attachment/201010/224715812.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
chmod -R 777 pub:
将pub目录改为777的权限
chcon -R -t public_content_rw_t pub:
将pub目录的文件类型改为public_content_rw_t
getsebool -a | grep ftp:
查看sebool值中关于ftp的值
setsebool -P allow_ftpd_anon_write on:
修改sebool中allow_ftpd_anon_write的值为on
u 重启服务
![](http://img1.51cto.com/attachment/201010/224816661.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
u 创建测试文件
![](http://img1.51cto.com/attachment/201010/224840991.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 测试
![](http://img1.51cto.com/attachment/201010/224852955.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
匿名用户需要上传在pub目录下
Ø 实名用户上传
l 配置
u 还原设置
n 还原配置文件
![](http://img1.51cto.com/attachment/201010/224951887.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225004480.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将anonymous_enable=YES注释
![](http://img1.51cto.com/attachment/201010/225119736.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将anon_upload_enable=YES与anon_mkdir_write_enable=YES注释
n 还原sebool值
![](http://img1.51cto.com/attachment/201010/225141830.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 设置sebool值
![](http://img1.51cto.com/attachment/201010/225223810.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 设置用户根目录权限
![](http://img1.51cto.com/attachment/201010/225234630.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将用户主目录/var/ftp/pub/zwb改成777的权限
u 重启服务
![](http://img1.51cto.com/attachment/201010/225306919.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/225322631.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
9) 更改默认共享目录
Ø 配置
l 还原设置
![](http://img1.51cto.com/attachment/201010/225400574.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225411870.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/225453178.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225504741.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 重启服务
![](http://img1.51cto.com/attachment/201010/225532393.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 创建实名用户根目录
![](http://img1.51cto.com/attachment/201010/225618259.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 修改目录类型
![](http://img1.51cto.com/attachment/201010/225631897.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
l 创建文件
![](http://img1.51cto.com/attachment/201010/225711794.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/225722779.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
实名用户登录后ls可以看到文件A,证明在/home/zwb文件目录下,或者可以使用pwd命令,查看当前所在目录
![](http://img1.51cto.com/attachment/201010/225747295.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
匿名用户ftp登录后,ls可以看到文件B,证明在/home文件目录下
标签:Linux
配置
休闲
Vsftpd
职场
版权声明:原创作品,如需转载,请与作者联系。否则将追究法律责任。
1. 主动与被动模式
1) 主动模式(PORT方式)
连接过程为:客户端向服务器FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。当需要传送数据时,客户端在命令链路上用PORT命令告诉服务器:我打开了XX端口,你过来连接我,于是服务器从20号端口向客户端的XX端口发送连接请求,建立一条数据链路来传送数据。
2) 被动模式(PASV方式)
连接过程为:客户端向服务器FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。当需要传送数据时,服务器在命令链路上用PASV命令告诉客户端:我打开了XX端口,你过来连接我,于是客户端向服务器的XX端口发送连接请求,建立一条数据链路来传送数据。
2. 安装
1) 查看是否安装
打开命令行,输入rpm -q vsftpd,出现:
Ø 已经安装
![](http://img1.51cto.com/attachment/201010/220313876.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 还没安装
![](http://img1.51cto.com/attachment/201010/220328940.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
2) 安装
Ø 载入光盘
![](http://img1.51cto.com/attachment/201010/220351982.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 设置光盘
![](http://img1.51cto.com/attachment/201010/220412956.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
单击虚拟机右下角的光盘图标,选择Settings,在Device status中将Connected勾选,在Connection中选择Use ISO image file,然后单击Browse选择Linux的安装包,单击OK
Ø 安装
![](http://img1.51cto.com/attachment/201010/220544107.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
安装完成
3. 文件结构与配置文件
1) 文件结构
配置文件名 | 功能 |
/usr/sbin/vsftpd | vsftpd的主程序 |
/etc/rc.d/init.d/vsftpd | 启动脚本 |
/etc/vsftpd/vsftpd.conf | 主配置文件 |
/etc/pam.d/vsftpd | PAM认证文件 |
/etc/vsftpd.ftpusers | 禁止使用vsftpd的用户列表文件 |
/etc/vsftpd.user_list | 禁止或允许使用vsftpd的用户列表文件 |
/var/ftp | 匿名用户主目录 |
/var/ftp/pub | 匿名用户的下载目录 |
/etc/logrotate.d/vsftpd.log | vsftpd的日志文件 |
Ø 查看
![](http://img1.51cto.com/attachment/201010/220624163.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/220637621.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
以#号开头的为注释,这里把非配置参数注释都去掉了
Ø 参数含义
参数 | 含义 |
anonymous_enable=YES | 是否允许使用匿名账户 |
local_enable=YES | 是否允许本地用户登录 |
write_enable=YES | 是否允许写入 |
local_umask=022 | 本地umask值为022 |
#anon_upload_enable=YES | 匿名用户是否可上传文件 |
#anon_mkdir_write_enable=YES | 匿名用户是否可建立目录 |
dirmessage_enable=YES | 进入每个目录显示欢迎信息,在每个目录下建立.message文件在里面写欢迎信息 |
xferlog_enable=YES | 上传/下载文件时记录日志 |
connect_from_port_20=YES | 是否使用20端口传输数据(是否使用主动模式) |
#chown_uploads=YES | 修改匿名用户上传的文件,文件的拥有者 |
#chown_username=whoever | |
#xferlog_file=/var/log/xferlog | 日志文件 |
xferlog_std_format=YES | 使用标准文件日志 |
#idle_session_timeout=600 | 会话超时,客户端连接到ftp但未操作 |
#data_connection_timeout=120 | 数据传输超时 |
#nopriv_user=ftpsecure | 指定vsftpd服务的运行帐户,不指定时使用ftp |
#async_abor_enable=YES | 是否允许客户端使用sync等命令 |
#ascii_upload_enable=YES | 是否允许上传/下载二进制文件 |
#ascii_download_enable=YES | |
#ftpd_banner=Welcome to blah FTP service. | 登录提示语 |
#deny_email_enable=YES | 拒绝使用banned_email_file参数指定文件中所列出的e-mail地址进行登录的匿名用户。即,当匿名用户使用banned_email_file文件中所列出的e-mail进行登录时,被拒绝。 |
#banned_email_file=/etc/vsftpd/banned_emails | |
#chroot_list_enable=YES | 锁定登陆用户在其主目录,将用户名一个一行写在/etc/vsftpd/chroot_list文件里,使用此方法时必须chroot_local_user=YES |
#chroot_list_file=/etc/vsftpd/chroot_list | |
#ls_recurse_enable=YES | 是否允许使用ls -R等命令 |
listen=YES | 开启ipv4监听 |
#listen_ipv6=YES | 开启ipv6监听 |
pam_service_name=vsftpd | 使用pam模块控制,vsftpd文件在/etc/pam.d目录下 |
userlist_enable=YES | 与其他中userlist_deny=YES共同控制访问用户,详见userlist_deny=YES参数含义 |
tcp_wrappers=YES | 是否允许tcp_wrappers管理 |
[align=center]其他[/align] | |
listen_address=ip address | 指定侦听IP |
listen_port=port_value | 指定侦听端口,默认21 |
chroot_local_user=YES | 限制所有的本地用户在自家目录 |
userlist_deny=YES | 决定禁止还是只允许由userlist_file指定文件中的用户登录FTP服务器。此选项在userlist_enable选项启动后才生效。YES为默认值,禁止文件中的用户登录,同时也不向这些用户发出输入密码的提示。NO表示只允许在文件中的用户登录FTP服务器 |
local_root=/home/ftp | 所有用户的根目录,对匿名用户无效 |
anon_max_rate=value | 匿名用户的最大传输速度,单位是Byts/s |
local_max_rate=value | 本地用户的最大传输速度,单位是Byts/s |
download_enable=YES | 是否允许下载 |
代码 | 含义 | 代码 | 含义 |
110 | 重新启动标记应答 | 120 | 服务在多久时间内ready |
125 | 数据链路埠开启,准备传送 | 150 | 文件状态正常,开启数据连接端口 |
200 | 命令执行成功 | 202 | 命令执行失败 |
211 | 系统状态或是系统求助响应 | 212 | 目录的状态 |
213 | 文件的状态 | 214 | 求助的信息 |
215 | 名称系统类型 | 220 | 新的联机服务ready |
221 | 服务的控制连接埠关闭,可以注销 | 225 | 数据连结开启,但无传输动作 |
226 | 关闭数据连接端口,请求的文件操作成功 | 227 | 进入passive mode |
230 | 使用者登录 | 250 | 请求的文件操作完成 |
257 | 显示目前的路径名称 | 331 | 用户名称正确,需要密码 |
332 | 登入时需要账号信息 | 350 | 请求的操作需要进一部的命令 |
421 | 无法提供服务,关闭控制连结 | 425 | 无法开启数据链路 |
426 | 关闭联机,终止传输 | 450 | 请求的操作未执行 |
451 | 命令终止:有本地的错误 | 452 | 未执行命令:磁盘空间不足 |
500 | 格式错误,无法识别命令 | 501 | 参数语法错误 |
502 | 命令执行失败 | 503 | 命令顺序错误 |
504 | 命令所接的参数不正确 | 530 | 未登录 |
532 | 储存文件需要账户登录 | 550 | 未执行请求的操作 |
551 | 请求的命令终止,类型未知 | 552 | 请求的文件终止,储存位溢出 |
553 | 未执行请求的的命令,名称不正确 |
1) 匿名用户登录FTP
Ø 配置
![](http://img1.51cto.com/attachment/201010/220752284.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
安装完成后,service vsftpd start启动服务
Ø 测试
![](http://img1.51cto.com/attachment/201010/220813512.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
在XP下连接FTP,可以看到登陆成功,用户名为ftp,即为匿名用户,anonymous也为匿名用户,vsFTP默认的配置匿名用户就可登录
2) 实名用户登录FTP
Ø 配置
![](http://img1.51cto.com/attachment/201010/220921438.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
mkdir -p /var/ftp/pub/zwb:建立用户登录根目录
useradd -G ftp -d /var/ftp/pub/zwb -M zwb:建立实名用户
passwd zwb:设置实名用户登录密码
Ø 测试
![](http://img1.51cto.com/attachment/201010/220949891.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
3) 只允许匿名登录,不允许实名登录
Ø 配置
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/221117141.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221127192.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将local_enable=YES改为NO,保存退出
l 重启服务
![](http://img1.51cto.com/attachment/201010/221143152.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/221207528.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
4) 不允许匿名登录,只允许实名登录
Ø 配置
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/221424654.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221435822.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将local_enable=NO改为YES,anonymous_enable=YES改为NO,退出保存
l 重启服务
![](http://img1.51cto.com/attachment/201010/221528643.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/221547700.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
5) 黑、白名单
Ø 黑名单
l 配置
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/221618677.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/221630800.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
anonymous_enable=NO改为anonymous_enable=YES,还原初始配置
u 添加黑名单
![](http://img1.51cto.com/attachment/201010/221914993.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将zwb用户追加进黑名单
l 测试
![](http://img1.51cto.com/attachment/201010/221946623.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户登录失败
Ø 白名单
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/222042965.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222110961.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将上面追加进黑名单的用户zwb移除并保存退出
u 设置白名单
![](http://img1.51cto.com/attachment/201010/222154987.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222214596.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加userlist_deny=NO与userlist_file=/etc/vsftpd/user_list这2行
u 添加白名单
![](http://img1.51cto.com/attachment/201010/222455284.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
除user_list里的用户外,都不可登陆
u 重启服务
![](http://img1.51cto.com/attachment/201010/222432741.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/222622721.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
6) 限制客户数
Ø 配置
l 还原设置
u 还原白名单
![](http://img1.51cto.com/attachment/201010/222738261.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222747488.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将上面追加进黑名单的用户zwb移除并保存退出
u 还原配置文件
![](http://img1.51cto.com/attachment/201010/222857224.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222907349.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉userlist_deny=NO与userlist_file=/etc/vsftpd/user_list
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/222946906.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/222957247.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加max_clients=1,指明最大客户连接数量为1
l 重启服务
![](http://img1.51cto.com/attachment/201010/223105993.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
![](http://img1.51cto.com/attachment/201010/223128578.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
ftp用户登录成功,不要退出,再次开启一个命令行
![](http://img1.51cto.com/attachment/201010/223155871.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
在才开启的命令行上连接FTP,错误代码421,提示There are too many connected users,please try later(有太多的用户连接,稍后再试),使用zwb用户登录Connection closed by remote host(远程主机连接关闭)
7) 速率限制
Ø 匿名用户与实名用户速率限制
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/223231601.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223243752.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉max_clients=1
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/223331252.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223341896.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
单位为bytes,local_max_rate表示实名用户的下载速度,anon_max_rate表示匿名用户的下载速度
u 重启服务
![](http://img1.51cto.com/attachment/201010/223410331.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
u 创建测试文件
![](http://img1.51cto.com/attachment/201010/223500220.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
dd if=/dev/zero of=get_test bs=126k count=1创建一个大小为126k的文件,用0填满,作为测试文件,实际创建了一个129k的文件
u 测试
![](http://img1.51cto.com/attachment/201010/223528351.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户用时为0.77Seconds,速率为168.44Kbytes/sec。ftp用户用时为6.20Seconds,速率为20.80Kbytes/sec
Ø 不同实名用户分等级下载限制
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/223605333.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/223909128.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
去掉local_max_rate与anon_max_rate
u 添加用户
![](http://img1.51cto.com/attachment/201010/223618175.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
建立zzj用户的用户根目录,添加zzj用户,设置zzj用户密码
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/224038698.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224047579.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
添加user_config_dir=/etc/vsftpd,设置用户配置目录
u 添加用户配置文件
n 为zwb用户添加配置文件
![](http://img1.51cto.com/attachment/201010/224210133.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224219334.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
n 为zzj用户添加配置文件
![](http://img1.51cto.com/attachment/201010/224232319.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224240466.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 重启服务
![](http://img1.51cto.com/attachment/201010/224340636.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/224404882.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
zwb用户用时为0.78Seconds,速率为165.20Kbytes/sec。zzj用户用时为6.20Seconds,速率为20.80Kbytes/sec
8) 上传
Ø 匿名用户上传
l 配置
u 还原设置
![](http://img1.51cto.com/attachment/201010/224532538.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224609979.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
把user_config_dir=/etc/vsftpd去掉
u 修改配置文件
![](http://img1.51cto.com/attachment/201010/224625564.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/224641127.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
取消anon_upload_enable=YES与anon_mkdir_write_enable=YES前的注释,添加anon_other_write_enable=YES,表示允许文件改名、删除
u 权限配置
![](http://img1.51cto.com/attachment/201010/224715812.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
chmod -R 777 pub:
将pub目录改为777的权限
chcon -R -t public_content_rw_t pub:
将pub目录的文件类型改为public_content_rw_t
getsebool -a | grep ftp:
查看sebool值中关于ftp的值
setsebool -P allow_ftpd_anon_write on:
修改sebool中allow_ftpd_anon_write的值为on
u 重启服务
![](http://img1.51cto.com/attachment/201010/224816661.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
u 创建测试文件
![](http://img1.51cto.com/attachment/201010/224840991.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 测试
![](http://img1.51cto.com/attachment/201010/224852955.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
匿名用户需要上传在pub目录下
Ø 实名用户上传
l 配置
u 还原设置
n 还原配置文件
![](http://img1.51cto.com/attachment/201010/224951887.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225004480.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将anonymous_enable=YES注释
![](http://img1.51cto.com/attachment/201010/225119736.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将anon_upload_enable=YES与anon_mkdir_write_enable=YES注释
n 还原sebool值
![](http://img1.51cto.com/attachment/201010/225141830.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 设置sebool值
![](http://img1.51cto.com/attachment/201010/225223810.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
u 设置用户根目录权限
![](http://img1.51cto.com/attachment/201010/225234630.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
将用户主目录/var/ftp/pub/zwb改成777的权限
u 重启服务
![](http://img1.51cto.com/attachment/201010/225306919.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/225322631.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
9) 更改默认共享目录
Ø 配置
l 还原设置
![](http://img1.51cto.com/attachment/201010/225400574.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225411870.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 修改配置文件
![](http://img1.51cto.com/attachment/201010/225453178.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
![](http://img1.51cto.com/attachment/201010/225504741.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 重启服务
![](http://img1.51cto.com/attachment/201010/225532393.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 创建实名用户根目录
![](http://img1.51cto.com/attachment/201010/225618259.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 修改目录类型
![](http://img1.51cto.com/attachment/201010/225631897.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
Ø 测试
l 创建文件
![](http://img1.51cto.com/attachment/201010/225711794.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
l 测试
![](http://img1.51cto.com/attachment/201010/225722779.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
实名用户登录后ls可以看到文件A,证明在/home/zwb文件目录下,或者可以使用pwd命令,查看当前所在目录
![](http://img1.51cto.com/attachment/201010/225747295.jpg)
650) this.width=650;" onsubmit onchange onunload onselect onreset>
匿名用户ftp登录后,ls可以看到文件B,证明在/home文件目录下
相关文章推荐
- [RHEL5企业级Linux服务攻略]--第6季 Vsftpd服务全攻略之常规配置 推荐
- linux上安装配置vsftpd(转)
- 【识记】Linux Vsftpd 企业级配置
- linux上安装配置vsftpd
- linux(ftp服务器) vsftpd 配置文件详解
- RedHat Linux vsftpd root用户上传下载 配置中遇到问题及解决办法
- linux的vsftpd配置教程-本人亲测
- Linux下vsftpd安装配置
- Linux安装及配置vsftpd
- linux安装vsftpd和vsftpd配置步骤
- linux下 vsftpd的配置
- linux上安装配置vsftpd
- linux下vsftpd的安装及配置
- linux vsftpd配置
- 在Linux上配置vsftpd
- Linux下配置vsftpd和虚拟用户 成功
- Red_Hat_Enterprise_Linux_5服务器配置之Vsftpd配置
- Linux下vsftpd配置
- linux上安装配置vsftpd