Reprinted from Building an FTP server under Linux (Ubuntu16.04)
1. Install the vsftpd package
sudo apt-get install vsftpd
2. Open the configuration file
vim /etc/vsftpd.conf
3. Modify parameters
Some parameters can be activated by removing comments. For convenience, you can comment all of them, and then add the following settings
#These settings are enabled by default in the system, you can listen=NO listen_ipv6=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES #The following is to customize the settings, it is recommended that the system be left alone, and then copy the following #Whether anonymous access is allowed, NO is not allowed anonymous_enable=NO #Whether to allow local users to access, it is the user that exists in the Linux machine, YES allows local_enable=YES #Whether to enable write mode, YES to enable write_enable=YES #New file permission, generally set to 022, then the permission of the newly created file is 777 - 022 = 755 local_umask = 022 #Whether to enable userlist as pass mode, if YES, only users that exist in the userlist file can log in to ftp (it can be understood that userlist is a whitelist), if NO, the whitelist is invalid, and it is used in conjunction with the following parameter userlist_enable=YES #Whether to enable userlist to prohibit mode, YES means that users in userlist are forbidden to log in to ftp (blacklist), NO means blacklist is invalid, we have made userlist a whitelist, so there is no need to use the blacklist function userlist_deny=NO #Specify which file is the userlist file, we will edit this file later userlist_file=/etc/vsftpd.user_list #Whether to restrict the permission of all local users to switch the root directory, YES is to enable the restriction, that is, the logged-in user cannot access directories other than the ftp root directory, of course, it must be restricted chroot_local_user=YES #Whether to start the list of restricted users list is allowed mode, the above YES restricts all users, you can use this list as a white list, as an exception to allow access outside the ftp root directory chroot_list_enable=YES #Set which file is the list file, users in it will have unlimited access to directories other than the ftp root directory chroot_list_file=/etc/vsftpd.chroot_list #Whether to enable write mode, after enabling, you can perform write operations such as creating folders allow_writeable_chroot=YES #Set the location of the ftp root directory, this file will be created by ourselves later local_root=/var/myftp
restart vsftpd
sudo /etc/init.d/vsftpd restart
4. Add ftp user
By the way, set the user directory to our ftp root directory above
sudo useradd -d /var/myftp ftpuser
Set user password
sudo passwd ftpuser
5. Create the required files and set the folder permissions
We have specified two files above, the userlist file and the list file. Sometimes the system will not create it automatically, you have to create it yourself
vim /etc/vsftpd.user_list
Then add ftpuser as a member of the whitelist
vim /etc/vsftpd.chroot_list
Can be set to empty
Create user folders, set permissions
mkdir / var / myftp
Permission settings can be set according to your usage scenario. I prohibit this user from writing in the root directory, and then create two folders below, one download only allows reading, and upload allows writing and reading
chmod 555 / var / myftp cd /var/myftp mkdir upload chmod 755 upload mkdir download chmod 555 download
最后检查一下文件所有者,都改为ftpuser
6.使用ftp,解决各种问题
linux访问输入ftp 加 你的IP
ftp xxx.xxx.xxx.xxx
输入用户名ftpuser和密码
如果登录出现530错误:
vim /etc/pam.d/vsftpd
注释掉#auth required pam_shells.so
然后ls一下,如果失败了,切换到被动模式即可
passive mode
然后mkdir一下发现无法创建文件夹 550 create directory operation failed
setsebool -P ftpd_disable_trans on
/etc/init.d/vsftpd restart
即可
PS:创建成功后使用发现提示"该用户没有写入权限"和"无法创建子目录",后来我对ftp的配置文件进行了如下修改:
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
chroot_local_user=NO