能解决的是 使用 proftpd 提供 ftp服务,别人无法下载文件的常见问题
安装与启动proftpd
切换到root (su - root)
yum install proftpd
或
yum install -y proftpd
【yum -y install与yum install有什么不同 https://blog.csdn.net/aiynmimi/article/details/76819961】
启动:
/etc/init.d/proftpd start/stop/restart
( or service proftpd start/stop/restart)
虚机开启ftp服务
参考: http://wiki.baidu.com/pages/viewpage.action?pageId=259069984
启动ftp服务后,并不代表别的机器就能从本ftp服务器下载东西,还需要使用其他机器进行测试链接,并解决
常见问题一:没有开启ftp服务(Connection refused)
别的机器尝试链接ftp服务器下载文件,遇到: connectoin refused
为了避免这一问题,你可以启动在服务器机器上开启ftp服务:
root用户:
service proftpd start
或
/etc/init.d/proftpd start
常见问题二:没有开启匿名ftp下载权限(Connection refused)
别的机器尝试链接ftp服务器下载文件,遇到:
Logging in as anonymous …
Login incorrect.
这是因为ftp服务器,没有设置 允许匿名登录的原因
先确认proftpd版本,我的版本是: ProFTPD Version 1.3.3g
proftpd -v
ProFTPD Version 1.3.3g
这个版本,设置允许匿名登录的方法是:
1. 查看配置 : /etc/proftpd.conf 关于匿名 的设置:
关键是这里: “< IfDefine ANONYMOUS_FTP>”, 以及 配置文件的说明:
Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
配置文件说的很清楚了,让我们去修改 /etcsysconfig/proftpd文件:
打开 /etc/sysconfig/proftpd,发现是:
所以,默认是没有开启匿名配置的,改成:
PROFTPD_OPTIONS="-DANONYMOUS_FTP"
保存退出,然后重启服务
service proftpd restart 或 /etc/init.d/proftpd restart
常见问题三:匿名无法下载
假设我希望允许 匿名用户能够默认在服务器的 /home/work (默认是 /var/ftp目录,而非/home/work目录)目录下,下载东西
无法wget的原因
原因1: 要下载的文件的父目录(匿名用户)没有读权限
检查自己的目录, other 用户是否有读权限;
再简单来说,,则:
chmod o+rx /home/work
或: 修改目录权限密码:chmod 755 work
原因2:匿名用户的根目录不正确
用匿名用户下载 /home/work下的某个文件,缺一直不成功
解决办法:
1. 用root用户,修改ftp用户的默认目录:usermod -d / ftp
2. 重启ftp服务(同上)
『匿名用户的根目录不正确』原因分析:
A. 用root用户,检查 ftp 用户的默认目录
cat /etc/passwd | grep ftp
显示: ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
所以, 默认是:/var/ftp, 通过 usermod -d / ftp, 改为了 /
B. 通过在在其他机器(下称B机器),用ftp 命令链接 ftp服务器(下称A机器) ,查看文件夹文件,确认到底登录到服务器的哪个目录下:
B机器,命令行输入: ftp,进入ftp命令行,然后输入:
open FTP服务器的的IP
提示输入Name: ftp(然后回车)
提示输入Password: (直接回车)
提示登录成功
查看ftp登录后的位置
再查看里面有什么文件
发现这个目录下的文件,实际上就是 /var/ftp 目录
所以,由于用 ftp用户登录后,根目录 / 实际是 /var/ftp
而/var/ftp下面根本没有 home/work目录,所以才会出现:
原因3: 开启了虚拟用户配置
上图表示,登录成功,cd到目标目录成功,却访问不了文件
(先确认了 文件给予了other用户read权限; )
解决方法:
修改 /etc/proftpd.conf
把VrootEngine 关闭 on -> off
重启ftp服务
以上是我遇到的ftp服务无法下载文件的各种情况。
配置文件参考
proftpd.conf 配置文件路径备忘:/etc/proftpd.conf
我的proftpd.conf 整体如下,上面的方法如果还是解决不了,可以用我的 proftpd.conf 试试
| AllowOverwrite no <Limit READ> DenyAll </Limit> <Limit STOR> AllowAll </Limit> </Directory> # 此处增加配置 <Directory /home/*> <Limit LIST NLST> AllowAll </Limit> </Directory> # Don't write anonymous accesses to the system wtmp file (good idea!) WtmpLog off # Logging for the anonymous transfers ExtendedLog /var/log/proftpd/access.log WRITE,READ default ExtendedLog /var/log/proftpd/auth.log AUTH auth </Anonymous> </IfDefine> <Directory uploads/*> # An upload directory that allows storing files but not retrieving # or creating directories. </Limit> DenyAll <Limit WRITE> # Limit WRITE everywhere in the anonymous chroot DirFakeUser on ftp DirFakeGroup on ftp # Cosmetic option to make all files appear to be owned by user "ftp" DisplayLogin /welcome.msg DisplayChdir .message DisplayReadme README* # Put the user into /pub right after login #DefaultChdir /pub # We want 'welcome.msg' displayed at login, '.message' displayed in # each newly chdired directory and tell users to read README* files. MaxClients 10 "Sorry, max %m users -- try again later" # Limit the maximum number of anonymous logins UserAlias anonymous ftp # We want clients to be able to login with "anonymous" as well as "ftp" User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply." <IfDefine ANONYMOUS_FTP> <Anonymous ~ftp> # A basic anonymous configuration, with an upload directory # Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd </Limit> </Global> AllowAll <Limit ALL SITE_CHMOD> AllowOverwrite yes # Allow users to overwrite files and change permissions Umask 022 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable <Global> # Global Config - config common to Server Config and all virtual hosts # See: http://www.proftpd.org/docs/howto/Vhost.html </IfDefine> BanControlsACLs all allow user ftpadm # Allow the FTP admin to manually add/remove bans BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00 # If the same client reaches the MaxLoginAttempts limit 2 times # within 10 minutes, automatically add a ban for that client that # will expire after one hour. LoadModule mod_ban.c BanEngine on BanLog /var/log/proftpd/ban.log BanTable /var/run/proftpd/ban.tab <IfDefine DYNAMIC_BAN_LISTS> # Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html) # Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd </IfModule> </IfDefine> TLSSessionCache shm:/file=/var/run/proftpd/sesscache <IfModule mod_tls_shmcache.c> TLSLog /var/log/proftpd/tls.log #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off <IfDefine TLS> # Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details # # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql.c # # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables # (contrib/mod_sql_passwd.html) # LoadModule mod_sql_passwd.c # # Mysql support (requires proftpd-mysql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_mysql.c # # Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_postgres.c # # Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html) # LoadModule mod_quotatab.c # # File-specific "driver" for storing quota table information in files # (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html) # LoadModule mod_quotatab_file.c # # SQL database "driver" for storing quota table information in SQL tables # (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html) # LoadModule mod_quotatab_sql.c # # LDAP support (requires proftpd-ldap package) # (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html) # LoadModule mod_ldap.c # # LDAP quota support (requires proftpd-ldap package) # (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html) # LoadModule mod_quotatab_ldap.c # # Support for authenticating users using the RADIUS protocol # (http://www.proftpd.org/docs/contrib/mod_radius.html) # LoadModule mod_radius.c # # Retrieve quota limit table information from a RADIUS server # (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html) # LoadModule mod_quotatab_radius.c # # Administrative control actions for the ftpdctl program # (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html) # LoadModule mod_ctrls_admin.c # # Execute external programs or scripts at various points in the process # of handling FTP commands # (http://www.castaglia.org/proftpd/modules/mod_exec.html) # LoadModule mod_exec.c # # Support for POSIX ACLs # (http://www.proftpd.org/docs/modules/mod_facl.html) # LoadModule mod_facl.c # # Support for using the GeoIP library to look up geographical information on # the connecting client and using that to set access controls for the server # (http://www.castaglia.org/proftpd/modules/mod_geoip.html) # LoadModule mod_geoip.c # # Configure server availability based on system load # (http://www.proftpd.org/docs/contrib/mod_load.html) # LoadModule mod_load.c # # Limit downloads to a multiple of upload volume (see README.ratio) # LoadModule mod_ratio.c # # Rewrite FTP commands sent by clients on-the-fly, # using regular expression matching and substitution # (http://www.proftpd.org/docs/contrib/mod_rewrite.html) # LoadModule mod_rewrite.c # # Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over # an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html) # LoadModule mod_sftp.c # # Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for # mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html) # LoadModule mod_sftp_pam.c # # Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user # and host based authentication # (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html) # LoadModule mod_sftp_sql.c # # Provide data transfer rate "shaping" across the entire server # (http://www.castaglia.org/proftpd/modules/mod_shaper.html) # LoadModule mod_shaper.c # # Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK, # and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html) # LoadModule mod_site_misc.c # # Provide an external SSL session cache using shared memory # (contrib/mod_tls_shmcache.html) # LoadModule mod_tls_shmcache.c # # Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny # files, for IP-based access control # (http://www.proftpd.org/docs/contrib/mod_wrap.html) # LoadModule mod_wrap.c # # Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny # files, as well as SQL-based access rules, for IP-based access control # (http://www.proftpd.org/docs/contrib/mod_wrap2.html) # LoadModule mod_wrap2.c # # Support module for mod_wrap2 that handles access rules stored in specially # formatted files on disk # (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html) # LoadModule mod_wrap2_file.c # # Support module for mod_wrap2 that handles access rules stored in SQL # database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html) # LoadModule mod_wrap2_sql.c # # Provide a flexible way of specifying that certain configuration directives # only apply to certain sessions, based on credentials such as connection # class, user, or group membership # (http://www.proftpd.org/docs/contrib/mod_ifsession.html) # LoadModule mod_ifsession.c # TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html) LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # Define the log formats UseSendfile off # Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho MaxInstances 20 # To prevent DoS attacks, set the maximum number of child processes # to 20. If you need to allow more than 20 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode; in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) User nobody Group nobody # Set the user and group that the server runs as UseReverseDNS off # If you use NIS/YP/LDAP you may need to disable PersistentPasswd #PersistentPasswd off # Don't do reverse DNS lookups (hangs on DNS problems) AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # Use pam to authenticate (default) and be authoritative VRootEngine off DefaultRoot ~ !adm VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf # Cause every FTP user except adm to be chrooted into their home directory # Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to # work at session-end time (http://bugzilla.redhat.com/477120) ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on # This is the ProFTPD configuration file # # See: http://www.proftpd.org/docs/directives/linked/by-name.html # Server Config - config used for anything outside a <VirtualHost> or <Global> context # See: http://www.proftpd.org/docs/howto/Vhost.html ls pwd Name: ftp Password: 回车(ftp用户没有密码) open A机器ip cat /etc/passwd | grep ftp ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin usermod -d / ftp # 将ftp用户的默认目录设为/ service proftpd restart /etc/init.d/proftpd restart PROFTPD_OPTIONS="-DANONYMOUS_FTP" PROFTPD_OPTIONS="" # PROFTPD_OPTIONS="-DANONYMOUS_FTP -DDYNAMIC_BAN_LISTS" ... 省略 ... User ftp <IfDefine ANONYMOUS_FTP> <Anonymous ~ftp> # A basic anonymous configuration, with an upload directory # Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd |
475
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
