{"id":94,"date":"2016-05-12T11:15:04","date_gmt":"2016-05-12T03:15:04","guid":{"rendered":"http:\/\/www.lnzdl.com\/blog\/?p=94"},"modified":"2016-05-12T11:15:04","modified_gmt":"2016-05-12T03:15:04","slug":"linux-ftp%e9%85%8d%e7%bd%ae%e8%af%a6%e8%a7%a3","status":"publish","type":"post","link":"http:\/\/www.lnzdl.com\/blog\/linux-ftp%e9%85%8d%e7%bd%ae%e8%af%a6%e8%a7%a3\/","title":{"rendered":"linux FTP\u914d\u7f6e\u8be6\u89e3"},"content":{"rendered":"

\u4e00<\/b>.vsftpd<\/b>\u8bf4\u660e<\/b>:<\/b> <\/p>\n

LINUX\u4e0b\u5b9e\u73b0FTP\u670d\u52a1\u7684\u8f6f\u4ef6\u5f88\u591a,\u6700\u5e38\u89c1\u7684\u6709vsftpd,Wu-ftpd\u548cProftp\u7b49.Red Hat Enterprise Linux\u4e2d\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fvsftpd. <\/p>\n

\u8bbf\u95eeFTP\u670d\u52a1\u5668\u65f6\u9700\u8981\u7ecf\u8fc7\u9a8c\u8bc1,\u53ea\u6709\u7ecf\u8fc7\u4e86FTP\u670d\u52a1\u5668\u7684\u76f8\u5173\u9a8c\u8bc1,\u7528\u6237\u624d\u80fd\u8bbf\u95ee\u548c\u4f20\u8f93\u6587\u4ef6.vsftpd\u63d0\u4f9b\u4e863\u79cdftp\u767b\u5f55\u5f62\u5f0f: <\/p>\n

(1)anonymous(<\/b>\u533f\u540d\u5e10\u53f7)<\/b> <\/p>\n

\u4f7f\u7528anonymous\u662f\u5e94\u7528\u5e7f\u6cdb\u7684\u4e00\u79cdFTP\u670d\u52a1\u5668.\u5982\u679c\u7528\u6237\u5728FTP\u670d\u52a1\u5668\u4e0a\u6ca1\u6709\u5e10\u53f7,\u90a3\u4e48\u7528\u6237\u53ef\u4ee5\u4ee5anonymous\u4e3a\u7528\u6237\u540d,\u4ee5\u81ea\u5df1\u7684\u7535\u5b50\u90ae\u4ef6\u5730\u5740\u4e3a\u5bc6\u7801\u8fdb\u884c\u767b\u5f55.\u5f53\u533f\u540d\u7528\u6237\u767b\u5f55FTP\u670d\u52a1\u5668\u540e,\u5176\u767b\u5f55\u76ee\u5f55\u4e3a\u533f\u540dFTP\u670d\u52a1\u5668\u7684\u6839\u76ee\u5f55\/var\/ftp.\u4e3a\u4e86\u51cf\u8f7bFTP\u670d\u52a1\u5668\u7684\u8d1f\u8f7d,\u4e00\u822c\u60c5\u51b5\u4e0b,\u5e94\u5173\u95ed\u533f\u540d\u5e10\u53f7\u7684\u4e0a\u4f20\u529f\u80fd. <\/p>\n

  (2)real(<\/b>\u771f\u5b9e\u5e10\u53f7)<\/b> <\/p>\n

real\u4e5f\u79f0\u4e3a\u672c\u5730\u5e10\u53f7,\u5c31\u662f\u4ee5\u771f\u5b9e\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u767b\u5f55,\u4f46\u524d\u63d0\u6761\u4ef6\u662f\u7528\u6237\u5728FTP\u670d\u52a1\u5668\u4e0a\u62e5\u6709\u81ea\u5df1\u7684\u5e10\u53f7.\u7528\u771f\u5b9e\u5e10\u53f7\u767b\u5f55\u540e,\u5176\u767b\u5f55\u7684\u76ee\u5f55\u4e3a\u7528\u6237\u81ea\u5df1\u7684\u76ee\u5f55,\u8be5\u76ee\u5f55\u5728\u7cfb\u7edf\u5efa\u7acb\u5e10\u53f7\u65f6\u7cfb\u7edf\u5c31\u81ea\u52a8\u521b\u5efa. <\/p>\n

(3)guest(<\/b>\u865a\u62df\u5e10\u53f7)<\/b> <\/p>\n

\u5982\u679c\u7528\u6237\u5728FTP\u670d\u52a1\u5668\u4e0a\u62e5\u6709\u5e10\u53f7,\u4f46\u6b64\u5e10\u53f7\u53ea\u80fd\u7528\u4e8e\u6587\u4ef6\u4f20\u8f93\u670d\u52a1,\u90a3\u4e48\u8be5\u5e10\u53f7\u5c31\u662fguest,guest\u662f\u771f\u5b9e\u5e10\u53f7\u7684\u4e00\u79cd\u5f62\u5f0f,\u5b83\u4eec\u7684\u4e0d\u540c\u4e4b\u5904\u5728\u4e8e,geust\u767b\u5f55FTP\u670d\u52a1\u5668\u540e,\u4e0d\u80fd\u8bbf\u95ee\u9664\u5bbf\u4e3b\u76ee\u5f55\u4ee5\u5916\u7684\u5185\u5bb9. <\/p>\n

\u4e8c<\/b>.FTP<\/b>\u76f8\u5173\u914d\u7f6e\u6587\u4ef6\u8bf4\u660e<\/b><\/b> <\/p>\n

\u5176\u76f8\u5173\u914d\u7f6e\u6587\u4ef6\u6709\/etc\/vsftpd\/vsftpd.conf,  \/etc\/vsftpd.ftpusers,  \/etc\/vsftpd.user_list,\u5728\u914d\u7f6eFTP\u670d\u52a1\u5668\u65f6,\u4e3b\u8981\u662f\u4fee\u6539\u8fd9\u4e9b\u6587\u4ef6\u4e2d\u7684\u76f8\u5173\u8bed\u53e5. <\/p>\n

1.vsftpd.conf<\/b>\u6587\u4ef6\u8bf4\u660e<\/b> <\/p>\n

# Example config file \/etc\/vsftpd\/vsftpd.conf <\/p>\n

# <\/p>\n

# The default compiled in settings are fairly paranoid. This sample file <\/p>\n

# loosens things up a bit, to make the ftp daemon more usable. <\/p>\n

# Please see vsftpd.conf.5 for all compiled in defaults. <\/p>\n

# <\/p>\n

# READ THIS: This example file is NOT an exhaustive list of vsftpd options. <\/p>\n

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd’s <\/p>\n

# capabilities. <\/p>\n

# <\/p>\n

# Allow anonymous FTP? (Beware – allowed by default if you comment this out). <\/p>\n

anonymous_enable=YES <\/b> \/\/\u662f\u5426\u5141\u8bb8anonymous\u767b\u5f55FTP\u670d\u52a1\u5668,\u9ed8\u8ba4\u662f\u5141\u8bb8\u7684. <\/p>\n

# <\/p>\n

# Uncomment this to allow local users to log in. <\/p>\n

local_enable=YES<\/b> \/\/\u662f\u5426\u5141\u8bb8\u672c\u5730\u7528\u6237\u767b\u5f55FTP\u670d\u52a1\u5668,\u9ed8\u8ba4\u662f\u5141\u8bb8 <\/p>\n

# <\/p>\n

# Uncomment this to enable any form of FTP write command. <\/p>\n

write_enable=YES<\/b>  \/\/\u662f\u5426\u5141\u8bb8\u7528\u6237\u5177\u6709\u5728FTP\u670d\u52a1\u5668\u6587\u4ef6\u4e2d\u6267\u884c\u5199\u7684\u6743\u9650,\u9ed8\u8ba4\u662f\u5141\u8bb8 <\/p>\n

# <\/p>\n

# Default umask for local users is 077. You may wish to change this to 022, <\/p>\n

# if your users expect that (022 is used by most other ftpd’s) <\/p>\n

local_umask=022 \/\/\u8bbe\u7f6e\u672c\u5730\u7528\u6237\u7684\u6587\u4ef6\u751f\u6210\u63a9\u7801\u4e3a022,\u9ed8\u8ba4\u662f077 <\/p>\n

# <\/p>\n

# Uncomment this to allow the anonymous FTP user to upload files. This only <\/p>\n

# has an effect if the above global write enable is activated. Also, you will <\/p>\n

# obviously need to create a directory writable by the FTP user. <\/p>\n

#anon_upload_enable=YES <\/p>\n

# <\/p>\n

# Uncomment this if you want the anonymous FTP user to be able to create <\/p>\n

# new directories. <\/p>\n

#anon_mkdir_write_enable=YES  \/\/\u662f\u5426\u5141\u8bb8\u533f\u540d\u8d26\u6237\u5728FTP\u670d\u52a1\u5668\u4e2d\u521b\u5efa\u76ee\u5f55 <\/p>\n

# <\/p>\n

# Activate directory messages – messages given to remote users when they <\/p>\n

# go into a certain directory. <\/p>\n

dirmessage_enable=YES \/\/\u6fc0\u6d3b\u76ee\u5f55\u4fe1\u606f,\u5f53\u8fdc\u7a0b\u7528\u6237\u66f4\u6539\u76ee\u5f55\u65f6,\u5c06\u51fa\u73b0\u63d0\u793a\u4fe1\u606f <\/p>\n

# <\/p>\n

# Activate logging of uploads\/downloads. <\/p>\n

xferlog_enable=YES  \/\/\u542f\u7528\u4e0a\u4f20\u548c\u4e0b\u8f7d\u65e5\u5fd7\u529f\u80fd <\/p>\n

# <\/p>\n

# Make sure PORT transfer connections originate from port 20 (ftp-data). <\/p>\n

connect_from_port_20=YES   \/\/\u542f\u7528FTP\u6570\u636e\u7aef\u53e3\u7684\u8fde\u63a5\u8bf7\u6c42 <\/p>\n

# <\/p>\n

# If you want, you can arrange for uploaded anonymous files to be owned by <\/p>\n

# a different user. Note! Using “root” for uploaded files is not <\/p>\n

# recommended! <\/p>\n

#chown_uploads=YES <\/p>\n

#chown_username=whoever <\/p>\n

# <\/p>\n

# You may override where the log file goes if you like. The default is shown <\/p>\n

# below. <\/p>\n

#xferlog_file=\/var\/log\/vsftpd.log  \/\/\u8bbe\u7f6e\u65e5\u5fd7\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u548c\u5b58\u50a8\u8def\u5f84,\u8fd9\u662f\u9ed8\u8ba4\u7684 <\/p>\n

# <\/p>\n

# If you want, you can have your log file in standard ftpd xferlog format <\/p>\n

xferlog_std_format=YES\/\/\u662f\u5426\u4f7f\u7528\u6807\u51c6\u7684ftpd xferlog\u65e5\u5fd7\u6587\u4ef6\u683c\u5f0f <\/p>\n

# <\/p>\n

# You may change the default value for timing out an idle session. <\/p>\n

#idle_session_timeout=600  \/\/\u8bbe\u7f6e\u7a7a\u95f2\u7684\u7528\u6237\u4f1a\u8bdd\u4e2d\u65ad\u65f6\u95f4,\u9ed8\u8ba4\u662f10\u5206\u949f <\/p>\n

# <\/p>\n

# You may change the default value for timing out a data connection. <\/p>\n

#data_connection_timeout=120\/\/\u8bbe\u7f6e\u6570\u636e\u8fde\u63a5\u8d85\u65f6\u65f6\u95f4,\u9ed8\u8ba4\u662f120\u79d2. <\/p>\n

# <\/p>\n

# It is recommended that you define on your system a unique user which the <\/p>\n

# ftp server can use as a totally isolated and unprivileged user. <\/p>\n

#nopriv_user=ftpsecure <\/p>\n

# <\/p>\n

# Enable this and the server will recognise asynchronous ABOR requests. Not <\/p>\n

# recommended for security (the code is non-trivial). Not enabling it, <\/p>\n

# however, may confuse older FTP clients. <\/p>\n

#async_abor_enable=YES <\/p>\n

# <\/p>\n

# By default the server will pretend to allow ASCII mode but in fact ignore <\/p>\n

# the request. Turn on the below options to have the server actually do ASCII <\/p>\n

# mangling on files when in ASCII mode. <\/p>\n

# Beware that turning on ascii_download_enable enables malicious remote parties <\/p>\n

# to consume your I\/O resources, by issuing the command “SIZE \/big\/file” in <\/p>\n

# ASCII mode. <\/p>\n

# These ASCII options are split into upload and download because you may wish <\/p>\n

# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), <\/p>\n

# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be <\/p>\n

# on the client anyway.. <\/p>\n

#ascii_upload_enable=YES <\/p>\n

#ascii_download_enable=YES <\/b>\/\/\u662f\u5426\u5141\u8bb8\u4f7f\u7528ASCII\u683c\u5f0f\u6765\u4e0a\u4f20\u548c\u4e0b\u8f7d\u6587\u4ef6 <\/p>\n

# <\/p>\n

# You may fully customise the login banner string: <\/p>\n

#ftpd_banner=Welcome to blah FTP service.\/\/\u5728FTP\u670d\u52a1\u5668\u4e2d\u8bbe\u7f6e\u6b22\u8fce\u767b\u5f55\u7684\u4fe1\u606f. <\/p>\n

# <\/p>\n

# You may specify a file of disallowed anonymous e-mail addresses. Apparently <\/p>\n

# useful for combatting certain DoS attacks. <\/p>\n

#deny_email_enable=YES <\/p>\n

# (default follows) <\/p>\n

#banned_email_file=\/etc\/vsftpd.banned_emails <\/p>\n

# <\/p>\n

# You may specify an explicit list of local users to chroot() to their home <\/p>\n

# directory. If chroot_local_user is YES, then this list becomes a list of <\/p>\n

# users to NOT chroot(). <\/p>\n

#chroot_list_enable=YES <\/b>\/\/\u5982\u679c\u5e0c\u671b\u7528\u6237\u767b\u5f55\u540e\u4e0d\u80fd\u5207\u6362\u5230\u81ea\u5df1\u76ee\u5f55\u4ee5\u5916\u7684\u5176\u5b83\u76ee\u5f55,\u9700\u8981\u8bbe\u7f6e\u8be5\u9879,\u5982\u679c\u8bbe\u7f6echroot_list_enable=YES,\u90a3\u4e48\u53ea\u5141\u8bb8\/etc\/vsftpd.chroot_list\u4e2d\u5217\u51fa\u7684\u7528\u6237\u5177\u6709\u8be5\u529f\u80fd.\u5982\u679c\u5e0c\u671b\u6240\u6709\u7684\u672c\u5730\u7528\u6237\u90fd\u6267\u884c\u8005chroot,\u53ef\u4ee5\u589e\u52a0\u4e00\u884c:chroot_local_user=YES<\/b> <\/p>\n

# (default follows) <\/p>\n

#chroot_list_file=\/etc\/vsftpd.chroot_list <\/p>\n

# <\/p>\n

# You may activate the “-R” option to the builtin ls. This is disabled by <\/p>\n

# default to avoid remote users being able to cause excessive I\/O on large <\/p>\n

# sites. However, some broken FTP clients such as “ncftp” and “mirror” assume <\/p>\n

# the presence of the “-R” option, so there is a strong case for enabling it. <\/p>\n

#ls_recurse_enable=YES <\/p>\n

pam_service_name=vsftpd  \/\/\u8bbe\u7f6ePAM\u8ba4\u8bc1\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u540d\u79f0,\u8be5\u6587\u4ef6\u5b58\u653e\u5728\/etc\/pam.d\/\u76ee\u5f55\u4e0b. <\/p>\n

userlist_enable=YES<\/b> \/\/\u7528\u6237\u5217\u8868\u4e2d\u7684\u7528\u6237\u662f\u5426\u5141\u8bb8\u767b\u5f55FTP\u670d\u52a1\u5668,\u9ed8\u8ba4\u662f\u4e0d\u5141\u8bb8 <\/p>\n

#enable for standalone mode <\/p>\n

listen=YES  \/\/\u4f7fvsftpd \u5904\u4e8e\u72ec\u7acb\u542f\u52a8\u6a21\u5f0f <\/p>\n

tcp_wrappers=YES  \/\/\u4f7f\u7528tcp_wrqppers\u4f5c\u4e3a\u4e3b\u673a\u8bbf\u95ee\u63a7\u5236\u65b9\u5f0f <\/p>\n

2.vsftpd.ftpusers<\/b>\u6587\u4ef6\u8bf4\u660e<\/b><\/b> <\/p>\n

\u8fd9\u4e2a\u6587\u4ef6\u662f\u7528\u6765\u8bb0\u5f55”<\/b>\u4e0d\u5141\u8bb8”<\/b>\u767b\u5f55\u5230FTP<\/b>\u670d\u52a1\u5668\u7684\u7528\u6237<\/b>,\u901a\u5e38\u662f\u4e00\u4e9b\u7cfb\u7edf\u9ed8\u8ba4\u7684\u7528\u6237. <\/p>\n

\u4e0b\u9762\u662f\u8be5\u6587\u4ef6\u4e2d\u9ed8\u8ba4\u7684\u4e0d\u5141\u8bb8\u767b\u5f55\u7684\u540d\u5355: <\/p>\n

# Users that are not allowed to login via ftp <\/p>\n

root \/\/\u9ed8\u8ba4\u60c5\u51b5\u4e0b,root\u548c\u5b83\u4ee5\u4e0b\u7684\u7528\u6237\u662f\u4e0d\u5141\u8bb8\u767b\u5f55FTP\u670d\u52a1\u5668\u7684.\u53ef\u4ee5\u5c06\u4e0d\u5141\u8bb8\u767b\u5f55\u7684\u7528\u6237\u6dfb\u52a0\u5230\u8fd9\u91cc\u6765.\u4f46\u5207\u8bb0\u6bcf\u4e2a\u7528\u6237\u90fd\u8981\u5355\u72ec\u5360\u7528\u4e00\u884c. <\/p>\n

bin <\/p>\n

daemon <\/p>\n

adm <\/p>\n

lp <\/p>\n

sync <\/p>\n

shutdown <\/p>\n

halt <\/p>\n

mail <\/p>\n

news <\/p>\n

uucp <\/p>\n

operator <\/p>\n

games <\/p>\n

nobody <\/p>\n

3.vsftpd.user_list<\/b>\u6587\u4ef6\u8bf4\u660e<\/b><\/b> <\/p>\n

\u5176\u5b9e\u5b83\u7684\u5185\u5bb9\u8ddf\u4e0a\u9762\u90a3\u4e2a\u6587\u4ef6\u5185\u5bb9\u4e00\u6837,<\/b>\u53ea\u662f\u5728\u7cfb\u7edf\u5bf9\u6587\u4ef6vsftpd.conf <\/b>\u8fdb\u884c\u68c0\u6d4b\u65f6,<\/b>\u4f1a\u68c0\u6d4b\u5230”userlist_deny=YES”,<\/b>\u56e0\u6b64\u8fd9\u4e2a\u6587\u4ef6\u5fc5\u987b\u5b58\u5728.<\/b>\u4e0b\u9762\u662f\u8fd9\u4e2a\u6587\u4ef6\u7684\u5185\u5bb9. <\/p>\n

# vsftpd userlist <\/p>\n

# If userlist_deny=NO, only allow users in this file <\/p>\n

# If userlist_deny=YES (default), never allow users in this file, and <\/p>\n

# do not even prompt for a password. <\/p>\n

# Note that the default vsftpd pam config also checks \/etc\/vsftpd.ftpusers <\/p>\n

# for users that are denied. <\/p>\n

root <\/p>\n

bin <\/p>\n

daemon <\/p>\n

adm <\/p>\n

lp <\/p>\n

sync <\/p>\n

shutdown <\/p>\n

halt <\/p>\n

mail <\/p>\n

news <\/p>\n

uucp <\/p>\n

operator <\/p>\n

games <\/p>\n

nobody<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4e00.vsftpd\u8bf4\u660e: LINUX\u4e0b\u5b9e\u73b0FTP\u670d\u52a1\u7684\u8f6f\u4ef6\u5f88\u591a,\u6700\u5e38\u89c1\u7684\u6709vsftpd,Wu-ftpd\u548cProftp\u7b49.Red Hat Enterprise Linux\u4e2d\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fvsftpd. \u8bbf\u95eeFTP\u670d\u52a1\u5668\u65f6\u9700\u8981\u7ecf\u8fc7\u9a8c\u8bc1,\u53ea\u6709\u7ecf\u8fc7\u4e86FTP\u670d\u52a1\u5668\u7684\u76f8\u5173\u9a8c\u8bc1,\u7528\u6237\u624d\u80fd\u8bbf\u95ee\u548c\u4f20\u8f93\u6587\u4ef6.vsftpd\u63d0\u4f9b\u4e863\u79cdftp\u767b\u5f55\u5f62\u5f0f: (1)anonymous(\u533f\u540d\u5e10\u53f7) \u4f7f\u7528anonymous\u662f\u5e94\u7528\u5e7f\u6cdb\u7684\u4e00 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/posts\/94"}],"collection":[{"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/comments?post=94"}],"version-history":[{"count":1,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/posts\/94\/revisions"}],"predecessor-version":[{"id":95,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/posts\/94\/revisions\/95"}],"wp:attachment":[{"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/media?parent=94"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/categories?post=94"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.lnzdl.com\/blog\/wp-json\/wp\/v2\/tags?post=94"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}