通过修改改/etc/hosts.allow 来实现访问控制 但是有个小问题(详见155楼(第11页))

上网、浏览、聊天、下载等
回复
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#106

帖子 qy117121 » 2013-06-19 14:08

我的配置文件
#chown_uploads=YES
#chown_username=root
这两行是被注释了,不注释的话,上传的文件不能下载

[c]# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
#local_root=/home/ftp
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES

# 匿名用户删除
anon_other_write_enable=yes

anon_umask=022
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem[/c]
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#107

帖子 qy117121 » 2013-06-19 14:09

图片

上传正常
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#108

帖子 243750496 » 2013-06-19 14:10

qy117121 写了:我的配置文件
#chown_uploads=YES
#chown_username=root
这两行是被注释了,不注释的话,上传的文件不能下载

[c]# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
#local_root=/home/ftp
#allow_writable_root=YES
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES

# 匿名用户删除
anon_other_write_enable=yes

anon_umask=022
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem[/c]

不是我不能下载而是在去掉注释的‘#’后
不能上传也不能下载了 之前能上传 这里说的是上传不是下载!!!!!!!!!!!!
上次由 243750496 在 2013-06-19 14:12,总共编辑 1 次。
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#109

帖子 qy117121 » 2013-06-19 14:12

把你的配置文件换成我的
不然我给你配置文件干嘛
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#110

帖子 243750496 » 2013-06-19 14:19

我试了 很奇怪去掉这里#
#chown_uploads=YES
#chown_username=root
后依旧报错
是不是我/var/ftp权限的事 因为和你的子文件夹权限一样所以不是子文件夹的事
4的屏幕截图.png
我又试了下一注释掉他们立刻就正常了能上传能下载。。。。
大神给我发个你的ftp根目录 权限图 如果一样我就重装电脑去了 如果不一样我再试试
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#111

帖子 qy117121 » 2013-06-19 14:41

/home/ftp 所有者 和组都 是lengxx 权限 755
/home/ftp/123 所有者和组都是root 权限777
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#112

帖子 243750496 » 2013-06-19 21:51

还是不行 还是同样的配方还是同样的错误
只不过这次更清楚了 如果我不加anon_umask=022
匿名用户能上传但谁都不能下载(包括匿名用户) !在FileZilla中显示该文件权限为r-w-------
FileZilla显示:
上传dd并尝试下载该文件
状态: 开始上传 /bin/dd
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,71,182).
命令: STOR dd
响应: 150 Ok to send data.
响应: 226 Transfer complete.
状态: 文件传输成功,传输了 56.4 KB (用时1 秒)
状态: 读取目录列表...
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,83,8).
命令: LIST
响应: 150 Here comes the directory listing.
响应: 226 Directory send OK.
状态: 列出目录成功
状态: 开始下载 /111/dd
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,111,145).
命令: RETR dd
响应: 550 Failed to open file.
错误: 严重文件传输错误
幕截图5.png
如果加上anon_umask=022匿名用户可上传可下载 其他人也可以下载 在FileZilla中显示该文件权限为r-w-r--r
FileZilla显示:
状态: 开始上传 /bin/bzless
命令: CWD /111
响应: 250 Directory successfully changed.
命令: PWD
响应: 257 "/111"
命令: TYPE A
响应: 200 Switching to ASCII mode.
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,78,158).
命令: STOR bzless
响应: 150 Ok to send data.
响应: 226 Transfer complete.
状态: 文件传输成功,传输了 1.4 KB (用时1 秒)
状态: 读取目录列表...
命令: TYPE I
响应: 200 Switching to Binary mode.
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,239,28).
命令: LIST
响应: 150 Here comes the directory listing.
响应: 226 Directory send OK.
状态: 列出目录成功
状态: 开始下载 /111/bzless
命令: TYPE A
响应: 200 Switching to ASCII mode.
命令: PASV
响应: 227 Entering Passive Mode (10,198,47,29,31,212).
命令: RETR bzless
响应: 150 Opening BINARY mode data connection for bzless (1358 bytes).
响应: 226 Transfer complete.
状态: 文件传输成功,传输了 1.4 KB (用时1 秒)
幕截图6.png
如果去掉
#chown_uploads=YES
#chown_username=root
的#注释
那么就会报错
幕截图100.png
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#113

帖子 qy117121 » 2013-06-19 21:54

#chown_uploads=YES
#chown_username=root
这两条,你为什么要去掉注释?
什么理由?
而且我去提注释也是正常的,怀疑你修改了别的什么选项导致的
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#114

帖子 qy117121 » 2013-06-19 22:00

但是让你用我的配置文件你也不换,当然没说吧
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#115

帖子 243750496 » 2013-06-19 22:22

qy117121 写了:但是让你用我的配置文件你也不换,当然没说吧
我用了,错误一样,所以才问你的文件夹权限
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#116

帖子 243750496 » 2013-06-19 22:22

qy117121 写了:#chown_uploads=YES
#chown_username=root
这两条,你为什么要去掉注释?
什么理由?
而且我去提注释也是正常的,怀疑你修改了别的什么选项导致的
去掉注释前的#号 恕我说的不清楚。。。
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#117

帖子 243750496 » 2013-06-19 22:27

用了你的文件替换后 去掉注释#号和添加注释#号依旧出现相同问题 如果真是我改了某个选项 我重试那么多遍 而且现在重装过后 再改还是报同样错误 所以肯定不是我改了啥别的选项(总部可能那么多次都那么巧都改到了一个相同的注释吧)
头像
qy117121
论坛版主
帖子: 50008
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
送出感谢: 18 次
接收感谢: 340 次
联系:

Re: wiki上的vsftp教程有一点不懂求解释

#118

帖子 qy117121 » 2013-06-19 22:31

那就不要去掉#号呗,我折腾虚拟用户去了,wiki上的虚拟用户设置过时了。。。
渠月 · QY    https://vz.rs/u
本人只会灌水,不负责回答问题

无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏览起自动翻译使用
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#119

帖子 243750496 » 2013-06-19 22:32

我的配置文件
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=root
anon_umask=022
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
243750496
帖子: 1034
注册时间: 2012-06-09 15:40
送出感谢: 0
接收感谢: 7 次

Re: wiki上的vsftp教程有一点不懂求解释

#120

帖子 243750496 » 2013-06-19 22:49

未修改的原文件(vsftpd.conf.old(备份))
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
回复

回到 “因特网相关软件”