简单的vsftpd架设ftp过程

junkerlee

刚刚放弃了windows,选择了SuSE，就是想学点东西，可是SuSE版块里大多是一些美化，娱乐的帖子，没办法只有靠google了，今天终于学会了用vsftpd建立FTP，下面是我安装的方法，只是最基础的步骤，不足之处请多包含。
   
  1：到ftp://vsftpd.beasts.org/users/ce ... ��的版本是2.0.1(以此为例)。虽然SuSE自带了vsftpd，但是建议删了用源码包安装。
  
  2:解压vsftpd压缩包
   #tar xzvf vsftpd-2.0.1.tar.gz
   #cd vsftpd-2.0.1
  3:安装vsftpd
  由于vsftpd的默认配置中需要用户“nobody”，所以要添加nobody.
  #useradd nobody
  同上需要添加目录/usr/share/empty  
  #mkdir /usr/share/empty
  还有匿名FTP需要用户ftp的存在，并有一个有效的主目录，
  #  mkdir /var/ftp
   #useradd -d /var/ftp ftp
  以上三个目录/用户如果安装过SuSE自带的vsftpd的话，就不用添加了。

  运行#make
     #make install
   然后将源代码，帮助手册等复制到相关路径
  #cp vsftpd /usr/sbin/vsftpd
  #cp vsftpd.conf.5 /usr/local/man/man5
  #cp vsftpd.8 /usr/local/man/man8
  还有样例配置文件
  #cp vsftpd.conf /etc
   这样vsftpd 就安装好了

下面是配置vsftpd.conf文件，文件在/etc/vsftpd.conf
vsftpd提供了standalone和xinetd两种运行模式，这里只说standalone模式/
  
    修改配置文件 /etc/vsftpd.conf
    在最后一行添加listen=YES,如果已经有了就把前面的#号除去，这样vsftpd就以standalone模式运行了。
    再添加行listen_pro=10021 ,设置vsftpd监听在10021的非标准端口上的FTP需求(FTP通常使用的端口21)

  确定你没有运行其他FTP服务，否则vsftpd不能占用FTP 所需要的21端口
  输入以下命令测试你的FTP
  #/usr/local/sbin/vsftpd &
  如果一切正常那么你的FTP就可以了，试一下连上你的FTP服务器如下：
  #ftp localhost 10021
  Trying 127.0.0.1...
  Connected to localhost.
  220 (vsFTPd 2.0.1)
  Name (localhost:camlee):ftp
  331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

配置vsftp
主要是修改/etc/vsftpd.conf就可以了,相关参数如下:

anonymous_enable=YES 是否允许匿名ftp,如否则选择NO

local_enable=YES 是否允许本地用户登录

local_umask=022 默认的umask码

anon_upload_enable=YES 是否允许匿名上传文件

anon_mkdir_write_enable=YES 是否允许匿名用户有创建目录的权利

dirmessage_enable=YES 是否显示目录说明文件,默认是YES但需要收工创建.message文件

xferlog_enable=YES 是否记录ftp传输过程

connect_from_port_20=YES 是否确信端口传输来自20(ftp-data)

chown_upload=YES
chown_username=username 是否改变上传文件的属主,如果是需要输入一个系统用户名,你可以把上传的文件都改成root属主

xferlog_file=/var/log/vsftpd.log ftp传输日志的路径和名字默认是/var/log/vsftpd.log

xferlog_std_format=YES 是否使用标准的ftp xferlog模式

idle_session_timeout=600 设置默认的断开不活跃session的时间

data_connection_timeout=120 设置数据传输超时时间

nopriv_user=ftpsecure 运行vsftpd需要的非特权系统用户默认是nobody

async_abor_enable=YES 是否允许运行特殊的ftp命令async ABOR.这里我翻译的不爽,原文如下:
When enabled, a special FTP command known as "async ABOR" will be enabled. Only ill advised FTP clients will use this feature.Addtionally, this feature is awkward to handle, so it is dis-abled by default. Unfortunately, some FTP clients will hang when cancelling a transfer unless this feature is available, so you may wish to enable it.

ascii_upload_enable=YES
ascii_download_enable=YES 是否使用ascii码方式上传和下载文件

ftpd_banner=Welcome to chenlf FTP service. 定制欢迎信息

deny_email_enable=YES
banned_email_file=/etc/vsftpd.banned_emails 是否允许禁止匿名用户使用某些邮件地址,如果是输入禁止的邮件地址的路径和文件名

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list 是否将系统用户限止在自己的home目录下,如果选择了yes那么chroot_list_file=/etc/vsftpd.chroot_list中列出的是不chroot的用户的列表

max_clients=Number 如果以standalone模式起动,那么只有$Number个用户可以连接,其他的用户将得到错误信息,默认是0不限止

message_file 设置访问一个目录时获得的目录信息文件的文件名,默认是.message

详细的帮助说明请参考man vsftpd.conf

康杰

为什么这两个相同啊?
--------------------------------------------------
anon_upload_enable=YES 是否允许匿名ftp用户访问

anon_upload_enable=YES 是否允许匿名上传文件
---------------------------------------------------

yatwql

anonymous_enable=YES 才是 是否允许匿名ftp用户访问.我使用的时候是使用xinetd模式，所以启动的
时候得打xinetd来启动vsftpd.这之前还得编辑/etc/inetd.conf
将这两句的注释#去掉
ftp    stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd
ftp    stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

zxs8208

好贴。。。应该加精了

junkerlee

最初由 康杰 发表
为什么这两个相同啊?
--------------------------------------------------
anon_upload_enable=YES 是否允许匿名ftp用户访问

anon_upload_enable=YES 是否允许匿名上传文件
---------------------------------------------------

失误啊,呵呵,这个配置表是从网上COPY的,发贴的时候没仔细看sorry.已经改回来了.

hansbj

前面步骤完成后执行vsftpd &

/usr/local/sbin # vsftpd &
500 OOPS: could not bind listening IPv4 socket
[1] 2135
[1]   Exit 1                  vsftpd
为什么啊，我的是suse linux8.0

joelau

和我一样。你看看/etc/inetd.conf是否存在？

hansbj

Post by joelau
和我一样。你看看/etc/inetd.conf是否存在？

在啊，内容如下
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the
# inetd a HUP signal with "/etc/init.d/inetd reload" or by hand:
# Do a "ps x" as root and look up the pid of inetd. Then do a
# "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
# time stream tcp nowait root internal
# time dgram udp wait root internal
#
# These are standard services.
#
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
# ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
#
# If you want telnetd not to "keep-alives" (e.g. if it runs over a ISDN
# uplink), add "-n". See 'man telnetd' for more details.
# telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
# nntp stream tcp nowait news /usr/sbin/tcpd /usr/sbin/leafnode
# smtp stream tcp nowait root /usr/sbin/sendmail sendmail -L sendmail -Am -bs
#
# Shell, login, exec and talk are BSD protocols.
# The option "-h" permits ``.rhosts'' files for the superuser. Please look at
# man-page of rlogind and rshd to see more configuration possibilities about
# .rhosts files.
# shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L
# shell stream tcp nowait root /usr/sbin/tcpd in.rshd -aL
#
# If you want rlogind not to "keep-alives" (e.g. if it runs over a ISDN
# uplink), add "-n". See 'man rlogind' for more details.
# login stream tcp nowait root /usr/sbin/tcpd in.rlogind
# login stream tcp nowait root /usr/sbin/tcpd in.rlogind -a
# exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
# talk dgram udp wait root /usr/sbin/tcpd in.talkd
# ntalk dgram udp wait root /usr/sbin/tcpd in.talkd
#
# Pop et al
#
# pop2 stream tcp nowait root /usr/sbin/tcpd ipop2d
# pop3 stream tcp nowait root /usr/sbin/tcpd ipop3d
# pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s
#
# Imapd - Interactive Mail Access Protocol server
# Attention: This service is very insecure
# imap stream tcp nowait root /usr/sbin/tcpd imapd
#
# FAM - file alteration monitor, report changes of files
# sgi_fam/1-2 stream rpc/tcp wait root /usr/sbin/fam fam
#
# Comsat - has to do with mail.
#
# comsat dgram udp wait root /usr/sbin/tcpd in.comsat
#
# The Internet UUCP service.
#
# uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#
# tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
# bootps dgram udp wait root /usr/sbin/bootpd bootpd -c /tftpboot
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable
# some or all of these services to improve security.
# Try "telnet localhost systat" and "telnet localhost netstat" to see that
# information yourself!
#
# finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -w
# systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx
# netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a
#
# For man on the fly and ht://dig (full text search)
#
# http-rman stream tcp nowait.10000 nobody /usr/sbin/tcpd /usr/sbin/http-rman
#
# For XCept4
#
# btx stream tcp nowait root /usr/sbin/tcpd /usr/lib/xcept4/bin/ceptd -i/usr/lib/xcept4/etc/init.ceptd -u/usr/lib/xcept4
/etc/users.ceptd -l/var/log/log.ceptd
#
# For rplay daemon
#
# Old versions of rplay:
# rplay dgram udp wait root /usr/sbin/tcpd rplayd -b 8192 -c 60 -s 8192
# New Versions of rplay (>=3.3.0)
# rplay dgram udp wait root /usr/sbin/tcpd rplayd -t 30 -c 60 -s 16384 -F0 --inetd
#
# vbox (Voice Box)
# vboxd stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vboxd
#
# For midinetd
# midinet stream tcp nowait root /usr/sbin/tcpd in.midinetd
#
# swat is the Samba Web Administration Tool
# swat stream tcp nowait.400 root /usr/sbin/swat swat
#
#
# amanda backup server with indexing capabilities
# amandaidx stream tcp nowait amanda /usr/lib/amanda/amindexd amindexd
# amidxtape stream tcp nowait amanda /usr/lib/amanda/amidxtaped amidxtaped
#
# amanda backup client
# amanda dgram udp wait amanda /usr/lib/amanda/amandad amandad
#
# the rsync daemon
# rsync stream tcp nowait root /usr/sbin/tcpd /usr/sbin/rsyncd --daemon
#
#
# Mimer database
# mimer stream tcp nowait root /opt/mimer/bin/mimtcp mimtcp -l
#
# CVS pserver (remote acces to your CVS repositories)
# Please read the section on security and passwords in the CVS manual,
# before you enable this.
# cvspserver stream tcp nowait root /usr/sbin/tcpd /usr/bin/cvs -f --allow-root=/home/cvsroot pserver
#
# procstatd deamon (cluster software)
# procstatd stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/procstatd -i 7885
#
#
# LPD client support of CUPS
# Please enable only, after reading the manual, if no LPD daemon is running,
# and after cups-lpd (package: cups.rpm) is installed.
# printer stream tcp nowait lp /usr/lib/cups/daemon/cups-lpd cups-lpd -o document-format=application/octet-stream
#
# End.

joelau

Post by yatwql
anonymous_enable=YES 才是 是否允许匿名ftp用户访问.我使用的时候是使用xinetd模式，所以启动的
时候得打xinetd来启动vsftpd.这之前还得编辑/etc/inetd.conf
将这两句的注释#去掉
ftp    stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd
ftp    stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

试试看啊！  我的SuSe为什么没有inetd.conf呢 :help

joelau

编辑/etc/xinetd.d/vsftpd，将里面的disable=off换成disable=on,然后再重启服务，就可以了。