ubuntu下安装与配置vsftpd服务请参考:
http://wiki.ubuntu.org.cn/Vsftpd
此问说明的比较详尽。
配置文件详解可使用:
man 5 /etc/vsftpd.conf
值得注意的问题是:
1,如果本地用户可登录时,如果用户家目录可写,会提示错误:vsftpd: refusing to run with writable root inside chroot()
为了避免一个安全漏洞,从 vsftpd 2.3.5 开始,chroot 目录必须不可写。使用命令:
# chmod 555 /home/user
2,关于chroot
chroot_list_enable
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.
Default: NO
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.
Default: NO
3,关于登录用户
userlist_deny
This option is examined if userlist_enable is activated. If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by
userlist_file. When login is denied, the denial is issued before the user is asked for a password.
Default: YES
userlist_enable
If enabled, vsftpd will load a list of usernames, from the filename given by userlist_file. If a user tries to log in using a name in this file, they will be denied before they are asked
for a password. This may be useful in preventing cleartext passwords being transmitted. See also userlist_deny.
Default: NO