Reprinted from: http://blog.csdn.net/rainysia/article/details/7987459
1: Install vsftpd
#aptitude install vsftpd
2: Configure vsftpd
#vim /etc/vsftpd.conf
- # The server runs in standalone mode, so that the following controls can be performed
- listen=YES
- # accept anonymous users
- anonymous_enable=YES
- # Do not ask for password when an anonymous user logs in
- no_anon_password=YES
- # accept local users
- local_enable=YES
- # Can upload (global control). If you want anonymous users to upload, you need to set anon_upload_enable=YES,
- # If you want anonymous users to create directories, you need to set anon_mkdir_write_enable=YES. Here, anonymous users are prohibited from uploading, so these two items are not set
- write_enable=YES
- # The umask of the file uploaded by the local user
- local_umask=022
- # If set to YES, anonymous logins will be allowed to upload directory permissions, of course, anonymous users must have the right
- # Write permission for the layer directory.
- anon_upload_enable=YES
- # Define the username for anonymous login. Default is ftp
- ftp_username=ftp
- # If set to YES, anonymous logins will be allowed to add directories. Of course, anonymous users must have access to the upper directory
- # write rights.
- anon_mkdir_write_enable=YES
- # For YES, when entering the directory, display the text file specified by the message_file option in this directory
- # (, defaults to the content of .message)
- dirmessage_enable=YES
- # The directory where the local user is after logging in. If this item is not set, the local user will be in his home directory after logging in.
- # (/etc/passwd的第六个字段)中.匿名用户的对应选项是anon_root
- # local_root=/home
- anon_root=/home/ftp/
- # 使用上传/下载日志,日志文件默认为/var/log/vsftpd.log,可以通过xferlog_file
- # 选项修改
- xferlog_enable=YES
- # Make sure PORT transfer connections originate from port 20 (ftp-data).
- connect_from_port_20=YES
- # 日志使用标准xferlog格式
- xferlog_std_format=YES
- # You may change the default value for timing out a data connection.
- data_connection_timeout=120
- # 关闭本地用户chroot()
- chroot_local_user=NO
- # 设置为yes则下面的控制有效。
- # 开启要设置chroot()用户项.
- chroot_list_enable=YES
- # (default follows)
- # 指定要设置chroot()的特定用户文件
- chroot_list_file=/etc/vsftpd.chroot_list
- # 若设置为YES则记录在userlist_file选项指定文件(默认是/etc/vsftpd.user_list)
- # 中的用户无法login,并且将检察下面的userlist_deny选项
- userlist_enable=YES
- # 若为NO,则仅接受记录在userlist_file选项指定文件(默认是/etc/vsftpd.user_list)
- # 中的用户的login请求.若为YES则不接受这些用户的请求.
- userlist_deny=NO
- # 注意!!!vsftpd还要检察/etc/vsftpd.ftpusers文件,记录在这个文件中的用户将
- # 无法login!!
- # 匿名用户的传输比率(b/s)
- anon_max_rate=512000
- # 本地用户的传输比率(b/s)
- local_max_rate=1024000
- # 可接受的最大client数目
- max_clients=100
- # 每个ip的最大client数目
- max_per_ip=5
- # This option should be the name of a directory which is empty. Also, the
- # directory should not be writable by the ftp user. This directory is used
- # as a secure chroot() jail at times vsftpd does not require filesystem access.
- secure_chroot_dir=/var/run/vsftpd
- # This string is the name of the PAM service vsftpd will use.
- pam_service_name=vsftpd
- tcp_wrappers=YES
- # This option specifies the location of the RSA certificate to use for SSL
- # encrypted connections.
- rsa_cert_file=/etc/ssl/certs/vsftpd.pem
- # 每一个联机,都能以独立的process 来呈现.
- setproctitle_enable=YES
- # 若是启动,所有匿名上传数据的拥有者将被更换为chown_username当中所设定的使用
- # 者。这样的选项对于安全及管理,是很有用的。
- chown_uploads=YES
- # 这里可以定义当匿名登入者上传档案时,该档案的拥有者将被置换的使用者名称。预
- # 设值为root。
- chown_username=root
3: 增加用户名 用户组
#groupadd ftpuser
#mkdir /home/tom/
#useradd -g ftpuser tom
passwrd tom
4:修改权限
#vim /etc/passwd
最后面是权限
tom:x:1001:1001::/home/tom:
增加/bin/bash
tom:x:1001:1001::/home/tom:/bin/bash
更改文件所有者权限
#chown -v -R tom:ftpuser /home/tom/
#chmod -v -R 700 /home/tom/
共享给ftpuser组一个文件夹,做一个连接
#ln -v -s /home/ftpuser/ /home/tom/ftpuser
设置欢迎信息,在每个用户的文件夹中新建.message
编辑/etc/vsftpd.user_list 填写所有ftp的用户,包括匿名的anonymous
编辑/etc/vsftpd.chroot_list 填写不准进入上层目录的用户名
给/home/ftp/ 中允许匿名写的目录的修改权限,没有新建
保存后重启vsftpd
#/etc/init.d/vsftpd restart
chmod -v 777 /home/ftp/temp/
5. vsftpd的log默认在/var/log/vsftpd.log
ftp的目录在/home/ftp
如果用户登录报错530
那么检查下/etc/passwd 的shell,改为/sbin/ nologin
并且在 /etc/shell里面加入上面的地址 保存后重启vsftpd
要挂载非ftp的目录,比如其他的路径,使用mount --bind
比如要挂在/home/music 到/home/ftp/music 先mkdir /home/ftp/music
#mount --bind /home/music /home/ftp/music
Just
If you need to automatically mount after restart, you need to modify /etc/fstab
Add the device name, mount point, filessystem, options that need to be mounted
Or directly add the mount command in /etc/rc.local to let it mount automatically when it starts up
- mount --bind /home/media/ /home/ftpuser/media/
- mount --bind /home/manual/ /home/ftpuser/manual/
- mount --bind /home/tools/ /home/ftpuser/software/