ubuntu 18.04 搭建ftp服务器

目录

一、FTP工作原理

二、安装

三、ftp高级使用配置文件

四、vsftpd虚拟用户

五、虚拟用户设置独立的配置文件

六、最后重启添加开机启动

七、客户端操作

八、远程访问

九、最后可以scp上传文件到ftp用户中

---

Linux下搭建SFTP服务器_浮沫★的博客-CSDN博客_linux 安装sftp

一、FTP工作原理

1.1   FTP工作原理介绍

文件传输协议: File Transfer Protocol早期的三个应用级协议之一， 基于C/S结构
数据传输格式:二进制(默认)和文本
双通道协议:命令和数据连接

1.2   两种模式:从服务器角度

主动(PORT style): 服务器主动连接
   命令(控制) :客户端:随机port -服务器: 21/tcp
   数据:客户端:随机port <--服务器: 20/tcp

被动(PASV style): 客户端主动连接
   命令(控制) :客户端:随机port ---服务器: 21/tcp
   数据:客户端:随机port ->-服务器:随机port /tcp

范例:服务器被动模式数据端口
227 Entering Passive Mode (172.16.0.1,224,59)
服务器数据端口为: 224*256+59

1.3   FTP服务状态码:

1XX:   信息                                 125:    数据连接打开

2YY：成功类状态                   200:    命令OK                   230:登录成功

3XX ：补充类                           331：用户名OK

4XX： 客户端错误                  425：不能打开数据连接

5XX：服务器错误                    500：不能登陆

1.4   用户认证:

匿名用户: ftp,anonymous,对应Linux用户ftp
系统用户: Linux用户,用户/etc/passwd,密码/etc/shadow
虚拟用户:特定服务的专用用户，独立的用户/密码文件

二、安装

sudo apt install vsftpd


yum install vsftpd


查看版本
vsftpd -v

整体配置文件结构及部分解释

vim    /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=NO # 服务器监听  
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
#anonymous_enable=NO # 匿名访问允许，默认不要开启，  
#
# Uncomment this to allow local users to log in.
local_enable=YES # 是否允许本地用户访问  
local_root=/home/kaikai_ftp/ftpdir # 自定义上传根目录
allow_writeable_chroot=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES # 允许用户修改文件权限
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022 # FTP上本地的文件权限，默认是077  022?
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES # 匿名上传允许，默认是NO  
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES # 匿名创建文件夹允许  
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES # 用户第一次进入目录的提示信息
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES # 使用本地时间
#
# Activate logging of uploads/downloads.
xferlog_enable=YES # 一个存有详细的上传下载信息的日志
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES # 在服务器上针对 PORT 类型的连接使用端口 20
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES   # 用于指定用户列表文件中的用户是否允许切换到上级目录。默认值为NO。  
#chroot_list_enable=YES  # 设置是否启用chroot_list_file配置项指定的用户列表文件。默认值为NO。  
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES

 三、ftp高级使用配置文件

主动模式端口
listen_port=21

被动端口模式端口范围   并发数限制
pasv_min_port = 6000
pasv_max_port=6010

匿名登陆

anonymous_enable=NO # 匿名访问允许，默认不要开启

no_anon_password=yes

匿名用户上传,   不能给ftp根目录写权限，只能给子目录权限

anon_upload_enable=YES # 匿名上传允许，默认是NO  
anon_mkdir_write_enable=YES # 匿名创建文件夹允许  

anon_world_redble_only  只能下载全部读的文件，默认yes

anon_umask=0333       指定用户上传文件umask   默认077

anon_other_write_enable=yes   可删除和修改上传的文件，默认no

指定匿名用户的长传文件的默认所有者和权限

chown_updloads=yes

chown_username=kaikai

chown_upload_mode=0644

Linux系统用户

local_enable=yes     允许linux用户登陆

write_enable=yes    允许linux用户上传文件

local_umask=022     指定系统用户上传权限

将系统用户映射为指定的guest用户
guest_ enable=YES 所有系统用户都映射成guest用户
guest_ username=ftp 配合上面选项才生效，指定guest用户
local_ root=/ftproot guest用户登录所在目录

禁锢系统用户
禁锢所有系统在家目录中
chroot_local_user=YES 禁锢系统用户， 默认NO,即不禁锢

禁锢或不禁锢特定的系统用户在家目录中，与上面设置功能相反
chroot_ list_ enable=YES
chroot_ list_ file=/etc/vsftpd/chroot list

●当chroot local _user=YES时，则chroot_ list中用户不禁锢
●当chroot_ local _user=NO时，则chroot list中用户禁锢

四、vsftpd虚拟用户

虚拟用户:

●所有虚拟用户会统一-映射为一个指定的系统帐号:访问共享位置，即为此系统帐号的家目录

●各虚拟用户可被赋予不同的访问权限，通过匿名用户的权限控制参数进行指定

虚拟用户帐号的存储方式:

●文件:编辑文本文件，此文件需要被编码为hash格式奇数行为用户名，偶数行为密码

db_1oad -t hash -f vusers.txt  vusers.db

●关系型数据库中的表中:实时查询数据库完成用户认证

       vsftpd支持mysql库: pam要依赖于pam-mysql

                           /lib64/security/pam mysql.so

                           /usr/share/doc/pam mysql-0.7/README

1.实现基于文件验证的vsftpd虚拟用户

创建用户数据库文件

vim   /etc/vsftpd/vusers.txt

kaikai

kaikai136
 

文件加密

db_load -T -t hash -f vusers.txt vusers.db

chmod 600 vusers.db

创建用户和访问FTP目录

useradd -d /data/ftproot -s /sbin/nologin -r vuser

mkdir -pv /data/ftproot/upload

setfacl -m u:vuser:rwx /data/ftproot/upload

#chmod a=rx /data/ftproot/  如果自动创建家目录，需要改权限

创建pam配置文件

vim /etc/pam.d/vsftpd.db

auth required pam_userdb.so db=/etc/vsftpd/vusers

account required pam_userdb.so db=/etc/vsftpd/vusers

指定pam配置文件

vim /etc/vsftpd/vsftpd.conf

anonymous_enable=no

pam_service_name=vsftpd.db
userlist_enable=YES

guest_username=vuser
guest_enable=YES

五、虚拟用户设置独立的配置文件

# 指定各用户配置文件存放的路径

vim /etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/vusers.d/

# 创建各个用户的配置文件存放路径

mkdir /etc/vsftpd/vusers.d/

cd /etc/vsftpd/vusers.d/

给每个用户创建自己配置文件，允许某个用户读写，其他用户只读

vim kaikai

anon_upload_enable=yes

anon_mkdir_write_enable=yes

anon_other_write_enable=yes

指定用户自己的家目录

vim qingqing

local_root=/data/ftproot2

实现基于mysql用户管理，官方不再提供支持，自行研究吧

六、最后重启添加开机启动

重启
sudo service vsftpd start

开机启动
sudo systemctl enable vsftpd

centos7  install vsftpd

yum -y install vsftpd

systemctl enable vsftpd

systemctl start vsftpd.service

添加FTP用户

 useradd -g root -d /home/wwwroot/asite -s /sbin/nologin ftpuser

注：表示新增一个名为ftpuser（用户名），且指定上传目录在/家庭/ wwwroot文件/ asite下

如果后期想变更此用户的上传目录到（/run/media/root/xxx/wwwroot/xxx.org），请使用下面的命令：

usermod -d /run/media/root/xxx/wwwroot/xxx.org ftpuser

如图6所示，设置用户密码

passwd ftpuser

设置权限（此用户可以访问整个主机目录，后面备注设置权限问题）

chown -R ftpuser:root /home/wwwroot/asite

修改VSFTP配置文件，禁用匿名登录

路径：vi /etc/vsftpd/vsftpd.conf
 
anonymous_enable=YES 改为： anonymous_enable=NO

allow_writeable_chroot=YES

local_enable=YES # 是否允许本地用户访问  
allow_writeable_chroot=YES

权限设置

vim /etc/pam.d/vsftpd

# auth   required   pam_shells.so
auth    required    pam_nologin.so

七、客户端操作

ftp  命令

ftp> help
Commands may be abbreviated.  Commands are:

!               debug           mdir            sendport        site
$               dir             mget            put             size
account         disconnect      mkdir           pwd             status
append          exit            mls             quit            struct
ascii           form            mode            quote           system
bell            get             modtime         recv            sunique
binary          glob            mput            reget           tenex
bye             hash            newer           rstatus         tick
case            help            nmap            rhelp           trace
cd              idle            nlist           rename          type
cdup            image           ntrans          reset           user
chmod           lcd             open            restart         umask
close           ls              prompt          rmdir           verbose
cr              macdef          passive         runique         ?
delete          mdelete         proxy           send

两种模式  切换passive

ftp> passive
Passive mode off.
ftp> passive
Passive mode on.
ftp>

八、远程访问

ftp://192.168.123.192    输入添加的用户名和密码进行访问

九、最后可以scp上传文件到ftp用户中

增加用户权限chmod 777 kaikai_ftp

ubuntu 上传下载文件操作

虚拟机连接： ftp 192.168.210.62

ls查看ftp服务器内容

！ls查看本机内容

cd ftpdir转换ftp目录

put xx上传文件到ftpdir文件上步如果没有cd ftpdir就不用到ftpdir目录下查看直接上传到总目录

get xxx下载文件

delete xxx为删除文件