FTP Server ubuntu
2013-05-24 17:02
288 查看
FTP Server
File Transfer Protocol (FTP) is a TCP protocol for uploading anddownloading files between computers. FTP works on a client/server
model. The server component is called
an FTP
daemon. It continuously listens for FTP requests from
remote clients. When a request is received, it manages the login
and sets up the connection. For the duration of the session it
executes any of commands sent by the FTP client.
Access to an FTP server can be managed in two ways:
Anonymous
Authenticated
In the Anonymous mode, remote clients can access the FTP server
by using the default user account called "anonymous" or "ftp" and
sending an email address as the password. In the Authenticated mode
a user must have an account and a password. User access to the FTP
server directories and files is dependent on the permissions
defined for the account used at login. As a general rule, the FTP
daemon will hide the root directory of the FTP server and change it
to the FTP Home directory. This hides the rest of the file system
from remote sessions.
vsftpd - FTP Server
Installation
vsftpd is an FTP daemon available in Ubuntu. It is easy toinstall, set up, and maintain. To
install vsftpd you
can run the following command:
sudo apt-get install vsftpd
Anonymous FTP
Configuration
By default vsftpd is not configuredto only allow anonymous download. If you wish to enable anonymous
download edit
/etc/vsftpd.confchanging:
anonymous_enable=Yes
During installation a ftp user is created
with a home directory of
/srv/ftp. This is the default FTP directory.
If you wish to change this location,
to
/srv/files/ftpfor example,
simply create a directory in another location and change
theftp user's home
directory:
sudo mkdir /srv/files/ftp sudo usermod -d /srv/files/ftp ftp
After making the change restart vsftpd:
sudo restart vsftpd
Finally, copy any files and directories you would like to make
available through anonymous FTP to
/srv/files/ftp, or
/srv/ftpif you wish to use the
default.
User Authenticated FTP
Configuration
By default vsftpd isconfigured to authenticate system users and allow them to download
files. If you want users to be able to upload files,
edit
/etc/vsftpd.conf:
write_enable=YES
Now restart vsftpd:
sudo restart vsftpd
Now when system users login to FTP they will start in
their home directories where
they can download, upload, create directories, etc.
Similarly, by default, the anonymous users are not allowed to
upload files to FTP server. To change this setting, you should
uncomment the following line, and
restart vsftpd:
anon_upload_enable=YES
Server ubuntu" /> | |
Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet. |
parameters. The information about each parameter is available in
the configuration file. Alternatively, you can refer to the man
page, man 5
vsftpd.conf for details of each
parameter.
Securing FTP
There are options in /etc/vsftpd.confto help
make vsftpd more
secure. For example users can be limited to their home directories
by uncommenting:
chroot_local_user=YES
You can also limit a specific list of users to just their home
directories:
chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
After uncommenting the above options, create
a
/etc/vsftpd.chroot_listcontaining
a list of users one per line. Then restartvsftpd:
sudo restart vsftpd
Also, the
/etc/ftpusersfile is a list of
users that are disallowed FTP access.
The default list includes root, daemon, nobody, etc. To disable FTP
access for additional users simply add them to the list.
FTP can also be encrypted using FTPS. Different
from SFTP, FTPS is FTP over Secure
Socket Layer (SSL). SFTP is a FTP like
session over an encrypted SSH connection. A major
difference is that users of SFTP need to have
a shell account on the
system, instead of a nologin shell.
Providing all users with a shell may not be ideal for some
environments, such as a shared web host.
To configure FTPS, edit
/etc/vsftpd.confand at the
bottom add:
ssl_enable=Yes
Also, notice the certificate and key related options:
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
By default these options are set the certificate and key
provided by the ssl-cert package.
In a production environment these should be replaced with a
certificate and key generated for the specific host. For more
information on certificates see the section
called “Certificates”.
Now restart vsftpd, and non-anonymous
users will be forced to use FTPS:
sudo restart vsftpd
To allow users with a shell of
/usr/sbin/nologinaccess to FTP,
but have no shell access, edit
/etc/shellsadding
the nologinshell:
# /etc/shells: valid login shells /bin/csh /bin/sh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh /usr/bin/esh /bin/dash /bin/bash /bin/rbash /usr/bin/screen /usr/sbin/nologin
This is necessary because, by
default vsftpd uses
PAM for authentication, and the
/etc/pam.d/vsftpdconfiguration
file contains:
auth required pam_shells.so
The shells PAM module
restricts access to shells listed in
the
/etc/shellsfile.
Most popular FTP clients can be configured connect using FTPS.
The lftp command
line FTP client has the ability to use FTPS as well.
References
See the vsftpd website formore information.
For detailed
/etc/vsftpd.confoptions see
the vsftpd.conf man
page.
The CodeGurus article FTPS vs. SFTP: What
to Choose has useful information contrasting
FTPS and SFTP.
Also, for more information see the Ubuntu Wiki
vsftpd page.
相关文章推荐
- Ubuntu Server安装gnome图形…
- ubuntu 手动安装openssh-server
- ubuntu httpd 开启 server-status
- 在Ubuntu Server 11上安装GNOME中…
- [zz]为Ubuntu server配置ssh…
- 优盘安装ubuntu server10.10
- Ubuntu Server下设置CUPS打印服务
- Ubuntu Server Rsync服…
- ubuntu linux操作系统下开发入门
- ubuntu 如何修改当前用户名【转】
- [转]安装SQL Server 2005 Manageme…
- Windows server 2008计…
- Ubuntu ecplise中连接Android真机…
- FTP 使用程序上传时,会报没有权限…
- Ubuntu 10.10 64Bit下编译Android …
- virtualbox 虚拟机 ubuntu中下添加…
- ubuntu 下使用kvm
- 开源物联网框架ServerSuperIO 3.0正式发布(C#),跨平台:Win&Win10 Iot&Ubuntu&Ubuntu Mate,一套设备驱动跨平台挂载,附:开发套件和教程。
- SQL SERVER 2012 数据库对象
- 让Windows Server 2003自动登录