Linux系统之FTP服务

最新推荐文章于 2021-04-29 22:50:42 发布

局外人^旁观者

最新推荐文章于 2021-04-29 22:50:42 发布

阅读量735

点赞数

CC 4.0 BY-SA版权

分类专栏： linux 文章标签： Linux系统之FTP服务

本文链接：https://blog.youkuaiyun.com/bread_winner/article/details/97931324

linux 专栏收录该内容

31 篇文章

订阅专栏

本文详细介绍了Linux系统中FTP服务的安装、配置与管理，包括vsftpd服务的安装、匿名用户的设定、本地用户设定、黑白名单的建立以及FTP虚拟账户的配置，涉及用户权限、目录权限、文件上传下载等多个方面。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

什么是ftp

文件传输协议（File Transfer Protocol，FTP）是用于在网络上进行文件传输的一套标准协议，它工作在 OSI 模型的第七层， TCP 模型的第四层，即应用层，使用 TCP 传输而不是 UDP，客户在和服务器建立连接前要经过一个“三次握手”的过程，保证客户与服务器之间的连接是可靠的，而且是面向连接，为数据传输提供可靠保证。
FTP允许用户以文件操作的方式（如文件的增、删、改、查、传送等）与另一主机相互通信。然而，用户并不真正登录到自己想要存取的计算机上面而成为完全用户，可用FTP程序访问远程资源，实现用户往返传输文件、目录管理以及访问电子邮件等等，即使双方计算机可能配有不同的操作系统和文件存储方式。

ftp服务的基本信息

1.软件安装包：vsftpd

2.默认发布目录：/var/ftp

服务配置目录： #服务配置目录

3.协议接口: 21/tcp

4.服务配置文件：/etc/vsftpd/vsftpd.conf 更改后要重起服务

5.报错id的解析

500 #权限过大
550 #服务本身不允许
553 #本地文件权限过小
530 #用户认证失败

部署ftp服务

##下载服务
[root@localhost ~]# yum install vsftpd -y
##启动服务
[root@localhost ~]# systemctl start vsftpd
##关闭防火墙
[root@localhost ~]# systemctl stop firewalld
##也可以通过将ftp服务列入firewall-cmd --list-all中，过程如下：
[root@localhost ~]# firewall-cmd --add-service=ftp
success
[root@localhost ~]# firewall-cmd --reload
success

##测试，lftp后面跟ftp服务器ip,出现下面内容，则服务器打开成功
[root@localhost Desktop]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls drwxr-xr-x 2 0 0 6 Aug 03 2015 pub

如果出现bsah：lftp：command not found…时，则说明你的系统中没有lftp，lftp相当于浏览器，安装即可
解决方法：yum install lftp即可
一定要关闭seLinux服务，输入gentenforce，如果出现Disable，证明该服务关闭，如果是其他状态，一定要关闭该服务

匿名用户的相关设定

##匿名用户是否可以登陆——anonymous_enable=NO|YES

## lftp id 后面不加用户名表示匿名登陆
[root@localhost ~]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxr-xr-x 2 0 0 6 Jun 23 2016 pub
lftp 172.25.254.170:/> exit
##修改 /etc/vsftpd/vsftpd.conf更改设定
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf

##重启服务
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
`ls’ at 0 [Delaying before reconnect: 9]

##匿名用户是否可以上传文件——write_enable=YES；anon_upload_enable=YES

## write_enable=YES和anon_upload_enable=YES决定匿名用户是否可以上传文件
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 6 Aug 01 01:01 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
lftp 172.25.254.170:/pub> put /etc/passwd
put: Access failed: 550 Permission denied. (passwd)
lftp 172.25.254.170:/pub> exit
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf

[root@localhost pub]# systemctl restart vsftpd
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 6 Aug 01 01:01 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> put /etc/passwd
2289 bytes transferred
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
lftp 172.25.254.170:/pub> exit

##匿名用户家目录修改——anon_root=/directory

## anon_root=/directory决定匿名用户家目录的修改
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 20 Aug 01 01:04 pub
lftp 172.25.254.170:/> pwd
ftp://172.25.254.170/
lftp 172.25.254.170:/> exit
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf

[root@localhost pub]# mkdir /ftp
[root@localhost pub]# systemctl restart vsftpd
[root@localhost pub]# touch /ftp/file{1…4}
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 01:11 file1
-rw-r–r-- 1 0 0 0 Aug 01 01:11 file2
-rw-r–r-- 1 0 0 0 Aug 01 01:11 file3
-rw-r–r-- 1 0 0 0 Aug 01 01:11 file4
lftp 172.25.254.170:/> pwd
ftp://172.25.254.170/
lftp 172.25.254.170:/>

##匿名用户上传文件默认权限修改——anon_umask=xxx

##anon_umask=xxx决定匿名用户上传文件默认权限
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf

[root@localhost pub]# systemctl restart vsftpd
[root@localhost pub]# ls -ld /etc/shadow
----------. 1 root root 1275 Jul 26 01:17 /etc/shadow
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 20 Aug 01 01:04 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
lftp 172.25.254.170:/pub> put /etc/shadow
1275 bytes transferred
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> exit

##匿名用户建立目录——anon_mkdir_write_enable=YES|NO

##anon_mkdir_write_enable决定匿名用户是否可以建立目录
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 01:18 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> mkdir westos
mkdir: Access failed: 550 Permission denied. (westos)
lftp 172.25.254.170:/pub> exit
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf

[root@localhost pub]# systemctl restart vsftpd
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 01:18 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> mkdir westos
mkdir ok, `westos’ created
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 01:21 westos
lftp 172.25.254.170:/pub> exit

##匿名用户删除——anon_other_write_enable=YES|NO

## anon_other_write_enable进行匿名用户删除
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 3 0 50 48 Aug 01 01:21 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 01:21 westos
lftp 172.25.254.170:/pub> mkdir -fr westos/
mkdir: invalid option – ‘f’
lftp 172.25.254.170:/pub> exit
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf
[root@localhost pub]# systemctl restart vsftpd
[root@localhost pub]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 3 0 50 48 Aug 01 01:21 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 01:21 westos
lftp 172.25.254.170:/pub> rm -rf westos
rm ok, `westos’ removed
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> exit

##匿名用户下载——anon_world_readable_only=YES|NO #参数值为NO时表示可以下载

##anon_world_readable_only决定匿名用户是否可以下载
[root@localhost download]# pwd
/download
[root@localhost download]# ls
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 01:26 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> get passwd
get: Access failed: 550 Failed to open file. (passwd)
lftp 172.25.254.170:/pub> exit
[root@localhost download]# vim /etc/vsftpd/vsftpd.conf

[root@localhost download]# systemctl restart vsftpd
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 01:26 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> get shadow
1275 bytes transferred
lftp 172.25.254.170:/pub> exit
[root@localhost download]# ls
shadow

##匿名用户登陆后身份修改——chown_uploads=YES；chown_username=student

## chown_uploads和chown_username决定匿名用户登陆可以用的身份chown_username后加的必须是真实存在的用户
[root@localhost ~]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 02:15 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> exit
[root@localhost ~]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
[root@localhost ~]# id tian
uid=1000(tian) gid=1000(tian) groups=1000(tian)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 2 0 50 34 Aug 01 02:15 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> put /etc/group
985 bytes transferred
lftp 172.25.254.170:/pub> ls
-rw------- 1 1000 50 985 Aug 01 02:16 group
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
lftp 172.25.254.170:/pub> mkdir tian
mkdir ok, `tian’ created
lftp 172.25.254.170:/pub> ls
-rw------- 1 1000 50 985 Aug 01 02:16 group
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 02:16 tian
lftp 172.25.254.170:/pub> exit

##最大上传速率——anon_max_rate=102400 #默认单位是k

##anon_max_rate限制用户的上传速率
[root@localhost download]# dd if=/dev/zero of=/download/bigfile bs=1M count=1500
1500+0 records in
1500+0 records out
1572864000 bytes (1.6 GB) copied, 2.83941 s, 554 MB/s
[root@localhost download]# du -sh bigfile
1.5G bigfile
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 3 0 50 59 Aug 01 02:30 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> put bigfile
put: Access failed: 553 Could not create file. (bigfile)
lftp 172.25.254.170:/pub> ls
-rw------- 1 1000 50 554934272 Aug 01 02:33 bigfile
-rw------- 1 1000 50 985 Aug 01 02:16 group
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 02:16 tian
lftp 172.25.254.170:/pub> exit
[root@localhost download]# vim /etc/vsftpd/vsftpd.conf

[root@localhost download]# systemctl restart vsftpd
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 3 0 50 74 Aug 01 02:33 pub
lftp 172.25.254.170:/> cd pub/
lftp 172.25.254.170:/pub> ls
-rw------- 1 1000 50 554934272 Aug 01 02:33 bigfile
-rw------- 1 1000 50 985 Aug 01 02:16 group
-rw------- 1 14 50 2289 Aug 01 01:04 passwd
-rw-r–r-- 1 14 50 1275 Aug 01 01:18 shadow
drwx------ 2 14 50 6 Aug 01 02:16 tian
lftp 172.25.254.170:/pub> rm -rf bigfile
rm ok, bigfile' removed lftp 172.25.254.170:/pub> put bigfilebigfile’ at 11150307 (0%) 125.0K/s eta:2h17m [Sending data]

##最大连接数——max_clients=2

##由图可以看出，刚开始可以加入n个用户，当设置完用户个数后登陆用户有了限制

[root@localhost download]# vim /etc/vsftpd/vsftpd.conf

[root@localhost download]# systemctl restart vsftpd
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
drwxrwxr-x 3 0 50 74 Aug 01 02:36 pub
lftp 172.25.254.170:/> exit
[root@localhost download]# lftp 172.25.254.170
lftp 172.25.254.170:~> ls
Interrupt
lftp 172.25.254.170:~> exit
[root@localhost download]# vim /etc/vsftpd/vsftpd.conf

在这里插入图片描述

本地用户设定

##本地用户登陆权限和本地用户写权限限制——local_enable=YES|NO；write_enable=YES|NO

## local_enable和write_enable和决定了本地用户登陆本地用户写权限限制
[root@localhost ~]# ls /home/
tian westos
[root@localhost ~]# touch /home/tian/file{1…3}
[root@localhost ~]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
lftp tian@172.25.254.170:~> put /etc/passwd
2332 bytes transferred
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> exit
[root@localhost ~]# ls /home/tian/
file1 file2 file3 passwd
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
ls: Login failed: 530 This FTP server is anonymous only.

##本地用户家目录修改——local_root=/directory

##local_root可以修改本地用户家目录
[root@localhost ~]# cd /home/tian/
[root@localhost tian]# ls
file1 file2 file3 passwd
[root@localhost tian]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> exit
[root@localhost tian]# cd /ftp/
[root@localhost ftp]# ls
[root@localhost ftp]# touch a{1…3}
[root@localhost ftp]# ls
a1 a2 a3
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> exit
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:57 a1
-rw-r–r-- 1 0 0 0 Aug 01 02:57 a2
-rw-r–r-- 1 0 0 0 Aug 01 02:57 a3
lftp tian@172.25.254.170:~>

##本地用户上传文件权限——local_umask=xxx

##local_umask可以决定本地用户上传文件权限
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> exit
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> put /etc/group
985 bytes transferred
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> exit

##限制本地用户浏览/目录——chroot_local_user=YES|NO

##用户不能进入/目录，被锁定在自己的家目录——chroot_local_user
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> cd /
cd ok, cwd=/
lftp tian@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Jul 24 22:13 1
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 bin -> usr/bin
dr-xr-xr-x 3 0 0 4096 Jul 24 22:56 boot
drwxr-xr-x 20 0 0 3140 Aug 01 00:58 dev
drwxr-xr-x 2 0 0 21 Aug 01 02:33 download
drwxr-xr-x 143 0 0 8192 Aug 01 01:59 etc
drwxr-xr-x 2 0 0 36 Aug 01 02:57 ftp
drwxr-xr-x 4 0 0 32 Aug 01 01:58 home
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 Jul 24 22:09 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 10 2016 media
drwxr-xr-x 2 0 0 97 Jul 25 13:08 mnt
drwxr-xr-x 3 0 0 16 Jul 24 22:19 opt
dr-xr-xr-x 175 0 0 0 Aug 01 00:58 proc
dr-xr-x— 21 0 0 4096 Aug 01 03:05 root
drwxr-xr-x 38 0 0 1180 Aug 01 00:58 run
lrwxrwxrwx 1 0 0 8 Jul 24 22:09 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 10 2016 srv
dr-xr-xr-x 13 0 0 0 Aug 01 00:58 sys
drwxrwxrwt 39 0 0 4096 Aug 01 02:57 tmp
drwxr-xr-x 13 0 0 155 Jul 24 22:09 usr
drwxr-xr-x 22 0 0 4096 Aug 01 00:58 var
lftp tian@172.25.254.170:/> exit
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# chmod u-w /home/tian
[root@localhost ftp]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> cd /
lftp tian@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> exit

黑白名单的建立

##chroot_local_user=NO;chroot_list_enable=YES;chroot_list_file=/etc/vsftpd/chroot_list
当chroot_local_user=NO时，chroot_list名单内的文件不能切换到/目录
当chroot_local_user=YES时，chroot_list名单内的文件能切换到/目录
但他们都可以登陆ftp
[root@localhost ~]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:~> cd /
cd ok, cwd=/
lftp tian@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Jul 24 22:13 1
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 bin -> usr/bin
dr-xr-xr-x 3 0 0 4096 Jul 24 22:56 boot
drwxr-xr-x 20 0 0 3140 Aug 01 00:58 dev
drwxr-xr-x 2 0 0 21 Aug 01 02:33 download
drwxr-xr-x 143 0 0 8192 Aug 01 01:59 etc
drwxr-xr-x 2 0 0 36 Aug 01 02:57 ftp
drwxr-xr-x 4 0 0 32 Aug 01 01:58 home
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 Jul 24 22:09 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 10 2016 media
drwxr-xr-x 2 0 0 97 Jul 25 13:08 mnt
drwxr-xr-x 3 0 0 16 Jul 24 22:19 opt
dr-xr-xr-x 177 0 0 0 Aug 01 00:58 proc
dr-xr-x— 21 0 0 4096 Aug 01 03:26 root
drwxr-xr-x 38 0 0 1180 Aug 01 00:58 run
lrwxrwxrwx 1 0 0 8 Jul 24 22:09 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 10 2016 srv
dr-xr-xr-x 13 0 0 0 Aug 01 00:58 sys
drwxrwxrwt 39 0 0 4096 Aug 01 03:17 tmp
drwxr-xr-x 13 0 0 155 Jul 24 22:09 usr
drwxr-xr-x 22 0 0 4096 Aug 01 00:58 var
lftp tian@172.25.254.170:/> exit
[root@localhost ~]# lftp 172.25.254.170 -u westos
Password:
lftp westos@172.25.254.170:~> ls
lftp westos@172.25.254.170:~> cd /
cd ok, cwd=/
lftp westos@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Jul 24 22:13 1
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 bin -> usr/bin
dr-xr-xr-x 3 0 0 4096 Jul 24 22:56 boot
drwxr-xr-x 20 0 0 3140 Aug 01 00:58 dev
drwxr-xr-x 2 0 0 21 Aug 01 02:33 download
drwxr-xr-x 143 0 0 8192 Aug 01 01:59 etc
drwxr-xr-x 2 0 0 36 Aug 01 02:57 ftp
drwxr-xr-x 4 0 0 32 Aug 01 01:58 home
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 Jul 24 22:09 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 10 2016 media
drwxr-xr-x 2 0 0 97 Jul 25 13:08 mnt
drwxr-xr-x 3 0 0 16 Jul 24 22:19 opt
dr-xr-xr-x 176 0 0 0 Aug 01 00:58 proc
dr-xr-x— 21 0 0 4096 Aug 01 03:26 root
drwxr-xr-x 38 0 0 1180 Aug 01 00:58 run
lrwxrwxrwx 1 0 0 8 Jul 24 22:09 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 10 2016 srv
dr-xr-xr-x 13 0 0 0 Aug 01 00:58 sys
drwxrwxrwt 39 0 0 4096 Aug 01 03:17 tmp
drwxr-xr-x 13 0 0 155 Jul 24 22:09 usr
drwxr-xr-x 22 0 0 4096 Aug 01 00:58 var
lftp westos@172.25.254.170:/> exit
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf

[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# vim /etc/vsftpd/chroot_list
[root@localhost ~]# cat /etc/vsftpd/chroot_list
tian
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> cd /
lftp tian@172.25.254.170:/> l
Ambiguous command `l’.
lftp tian@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> exit
[root@localhost ~]# lftp 172.25.254.170 -u westos
Password:
lftp westos@172.25.254.170:~> ls
lftp westos@172.25.254.170:~> cd /
cd ok, cwd=/
lftp westos@172.25.254.170:/> ls
-rw-r–r-- 1 0 0 0 Jul 24 22:13 1
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 bin -> usr/bin
dr-xr-xr-x 3 0 0 4096 Jul 24 22:56 boot
drwxr-xr-x 20 0 0 3140 Aug 01 00:58 dev
drwxr-xr-x 2 0 0 21 Aug 01 02:33 download
drwxr-xr-x 143 0 0 8192 Aug 01 01:59 etc
drwxr-xr-x 2 0 0 36 Aug 01 02:57 ftp
drwxr-xr-x 4 0 0 32 Aug 01 01:58 home
lrwxrwxrwx 1 0 0 7 Jul 24 22:09 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 Jul 24 22:09 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 10 2016 media
drwxr-xr-x 2 0 0 97 Jul 25 13:08 mnt
drwxr-xr-x 3 0 0 16 Jul 24 22:19 opt
dr-xr-xr-x 177 0 0 0 Aug 01 00:58 proc
dr-xr-x— 21 0 0 4096 Aug 01 03:28 root
drwxr-xr-x 38 0 0 1180 Aug 01 00:58 run
lrwxrwxrwx 1 0 0 8 Jul 24 22:09 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 10 2016 srv
dr-xr-xr-x 13 0 0 0 Aug 01 00:58 sys
drwxrwxrwt 39 0 0 4096 Aug 01 03:28 tmp
drwxr-xr-x 13 0 0 155 Jul 24 22:09 usr
drwxr-xr-x 22 0 0 4096 Aug 01 00:58 var
lftp westos@172.25.254.170:/> exit

##黑名单：写入user_list文件文件中的用户都会被禁止登陆ftp

[root@localhost vsftpd]# lftp 172.25.254.170 -u westos
Password:
lftp westos@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file1
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file2
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file3
lftp westos@172.25.254.170:~> exit
[root@localhost vsftpd]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> exit
[root@localhost vsftpd]# vim /etc/vsftpd/user_list
[root@localhost vsftpd]# tail -n 1 /etc/vsftpd/user_list
tian
[root@localhost vsftpd]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
ls: Login failed: 530 Permission denied.
lftp tian@172.25.254.170:~> exit
[root@localhost vsftpd]# lftp 172.25.254.170 -u westos
Password:
lftp westos@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file1
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file2
-rw-r–r-- 1 0 0 0 Aug 01 03:54 file3
lftp westos@172.25.254.170:~> exit

##当在/etc/vsftpd/vsftpd.conf 中写入userlist_deny=NO时，该名单由黑名单转化为白名单

[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf
[root@localhost vsftpd]# tail -n 1 /etc/vsftpd/user_list
tian
[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]#
[root@localhost vsftpd]# lftp 172.25.254.170 -u student
Password:
lftp student@172.25.254.170:~> exit
[root@localhost vsftpd]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file1
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file2
-rw-r–r-- 1 0 0 0 Aug 01 02:49 file3
-rw-rw-rw- 1 1000 1000 985 Aug 01 03:02 group
-rw-r–r-- 1 1000 1000 2332 Aug 01 02:50 passwd
lftp tian@172.25.254.170:/> exit
[root@localhost vsftpd]# lftp 172.25.254.170 -u westos
Password:
lftp westos@172.25.254.170:~> ls
ls: Login failed: 530 Permission denied.
lftp westos@172.25.254.170:~> exit

##ftpusers：永久黑名单——该名单中只能是用户黑名单，且不受任何参数限制。

[root@localhost vsftpd]# tail -n 1 /etc/vsftpd/user_list
tian
[root@localhost vsftpd]# vim /etc/vsftpd/ftpusers
[root@localhost vsftpd]# lftp 172.25.254.170 -u tian
Password:
lftp tian@172.25.254.170:~> ls
ls: Login failed: 530 Login incorrect.
lftp tian@172.25.254.170:~> exit

FTP虚拟账户的设定

##虚拟用户的设定

##编写虚拟用户的帐号密码
[root@localhost vsftpd]# vim /etc/vsftpd/tian
[root@localhost vsftpd]# cat /etc/vsftpd/tian
user1
123
user2
123
user3
123
##查看vsftpd.conf,认证的时候使用pam认证
[root@localhost vsftpd]# db_load -T -t hash -f /etc/vsftpd/tian /etc/vsftpd/tian.db
[root@localhost vsftpd]# vim /etc/pam.d/tian
[root@localhost vsftpd]# cat /etc/pam.d/tian
account		required	pam_userdb.so	db=/etc/vsftpd/tian

auth		required	pam_userdb.so	db=/etc/vsftpd/tian
##修改pam_service_name=tian和guest_enable=YES。pam加密的文件为tian并且允许游客（虚拟用户）登陆
[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf 
[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]# lftp 172.25.254.170 -u user1
Password: 
lftp user1@172.25.254.170:~> ls        
drwxrwxr-x    3 0        50             74 Aug 01 02:36 pub
lftp user1@172.25.254.170:/> exit

##虚拟帐号身份指定

##修改guest_username=tian。表示虚拟用户登陆的家目录不再是/pub，而是tian用户的家目录
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf 
[root@localhost westos]# systemctl restart vsftpd
[root@localhost westos]# lftp 172.25.254.170 -u user1
Password: 
lftp user1@172.25.254.170:~> ls        
-rw-r--r--    1 0        0               0 Aug 01 02:49 file1
-rw-r--r--    1 0        0               0 Aug 01 02:49 file2
-rw-r--r--    1 0        0               0 Aug 01 02:49 file3
-rw-rw-rw-    1 1000     1000          985 Aug 01 03:02 group
-rw-r--r--    1 1000     1000         2332 Aug 01 02:50 passwd
lftp user1@172.25.254.170:/> exit

##虚拟帐号家目录独立设定

##local_root=/ftphome/$USER和user_sub_token=$USER。指定虚拟用户的家目和这个设置将依据一个模板为每个虚拟用户创建home目录
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf 
[root@localhost westos]# mkdir /ftphome/user1/user1dir -p
[root@localhost westos]# mkdir /ftphome/user2/user2dir -p
[root@localhost westos]# chgrp ftp /ftphome/ -R 
[root@localhost westos]# ll /ftphome/user*
/ftphome/user1:
total 0
drwxr-xr-x 2 root ftp 6 Aug  1 16:43 user1dir

/ftphome/user2:
total 0
drwxr-xr-x 2 root ftp 6 Aug  1 16:43 user2dir
[root@localhost westos]# chmod 775 /ftphome/user1/user1dir/
[root@localhost westos]# chmod 775 /ftphome/user2/user2dir/
[root@localhost westos]# vim /etc/vsftpd/userconf/user1
[root@localhost westos]# cd /etc/vsftpd/
[root@localhost vsftpd]# ls
chroot_list  tian     user_list    vsftpd_conf_migrate.sh
ftpusers     tian.db  vsftpd.conf
[root@localhost vsftpd]# mkdir userconf
[root@localhost vsftpd]# ls
chroot_list  tian     userconf   vsftpd.conf
ftpusers     tian.db  user_list  vsftpd_conf_migrate.sh
[root@localhost vsftpd]# cd userconf/
[root@localhost userconf]# ls
[root@localhost userconf]# touch user1
[root@localhost userconf]# vim user1 
[root@localhost userconf]# systemctl restart vsftpd
[root@localhost userconf]# lftp 172.25.254.170 -u user1
Password: 
lftp user1@172.25.254.170:~> ls        
drwxrwxr-x    2 0        50              6 Aug 01 08:43 user1dir
lftp user1@172.25.254.170:/> put /etc/passwd
put: Access failed: 550 Permission denied. (passwd)
lftp user1@172.25.254.170:/> exit
[root@localhost userconf]# lftp 172.25.254.170 -u user2
Password: 
lftp user2@172.25.254.170:~> ls        
drwxrwxr-x    2 0        50              6 Aug 01 08:43 user2dir
lftp user2@172.25.254.170:/> exit