linux vsftp mysql_linux-vsftp配置FTP访问（亲测可行，笔记）

重启：

service php-fpm start

service nginx start

service vsftpd status

mysql -uroot -pwXlmCj/AK09ga

show slave status \G;

chown -R runtestftp:runtestftp runtest_cardwuyou

usermod -d /test test

chkconfig vsftpd on　　 //(设置系统启动时启动vsftpd)

netstat -nlp |grep 21

lsof -i:21

1、检测是否有安装redis-cli和redis-server;

[root@localhost bin]# whereis redis-cli

redis-cli: /usr/bin/redis-cli

[root@localhost bin]# whereis redis-server

redis-server: /usr/bin/redis-server启动redis:

加上`&`号使redis以后台程序方式运行

1

redis-server &

检测后台进程是否存在

ps -ef |grep redis

1

检测6379端口是否在监听

netstat -lntp | grep 6379

使用redis-cli客户端检测连接是否正常

redis-cli

127.0.0.1:6379> keys *

(empty list or set)

127.0.0.1:6379> set key "hello world"

OK

127.0.0.1:6379> get key

"hello world"

-------------------------------------------------

服务器先安装才有ftp 服务。

安装：可以使用yum命令直接安装ftp

# yum install vsftpd

配置参考1：https://blog.csdn.net/zhaoyangjian724/article/details/47173803

https://www.cnblogs.com/yangjinjin/p/3158245.html

用主动方式能连，但是无目录限制。 将用户加入限制列表后，则不能连接。

这个没权限配置有出入：https://blog.csdn.net/u014691453/article/details/62424605

以上教程，用主动模式能访问到全部目录

修改家目录，查看用户的家目录：https://www.linuxidc.com/Linux/2017-11/148312.htm

限制不能访问家目录外的其他目录

1.更改所有者:

chown -R 用户 目录 chown [-R]

stores:root lh_debug.php 更改文件所属用户和用户组,-R参数代表是否循环到子目录文件 yjw:ftp

2.更改权限:

chmod -R 755 目录

原来 www:www 改为runftp:ftp ------------ 站点访问奔溃了！！！！！--是Runtime目录写权限问题。

或者必要时 要注意：NGINX的 user 配置，但是亲测是不受根目录所有者影响的。

限制家目录的两种配置方式：

#chroot_list_enable=YES　　　限定用户不可以离开主目录

#chroot_list_file=/etc/vsftpd/chroot_list

chroot_local_user=YES //这里为了方便,直接默认情况下将所有用户都锁定在自己的目录里,如果

不写这一行的话,就需要启用上面的两行,以后添加新账户的时候需要将用户添加到chroot_list_file来,来进行锁定用户在自己

的目录里,

vsftpd 配置:chroot_local_user与chroot_list_enable详解 ：

https://blog.csdn.net/bluishglc/article/details/42398811

-------------------------------------------

vsftpd 真的问题挺多的；

网络上一个同样的问题：https://segmentfault.com/q/1010000002965266

再看：https://blog.bccn.net/静夜思/61146 亲测可以

，755，775其实也可以，用主动连接。也不用改文件所有者。--但是更改文件提示没权限

网站目录权限设置：

http://www.mamicode.com/info-detail-223969.html

删除没权限(用户归属问题)：https://segmentfault.com/q/1010000012118838

改变用户组：https://www.aliyun.com/jiaocheng/159028.html ----Runtime 要单独给777 所有者不变

usermod -g 用户组 用户名

cat /etc/passwd

/bin/false是最严格的禁止login选项，一切服务都不能用，

/sbin/nologin只是不允许系统login，可以使用其他ftp等服务

只能通过配置目录用户属于 ftp解决，所以还要配置nginx

https://www.cnblogs.com/knowledgesea/p/5175711.html

如果没有设置usermod -s /sbin/nologin

test，那么用户目录是限制成功了，但是也可用SFTP登录，可以跳转目录。如果命令设置后，使用SFTP登录提示：错误:

Received unexpected end-of-file from

SFTP server

对比了一下其他，将ftp用户的用户组归属于 ftp,也不行

实验得出结果：ftp用户的根目录所有者不能是ftp用户，底下的子目录所有者可以是FTP！！！！非常重要！！！！

配置文件说明：

https://blog.csdn.net/hyb0852/article/details/8497038

用户组：https://www.cnblogs.com/fxlttkl/p/7601224.html

------------------------

总结：

参考：https://www.cnblogs.com/yangjinjin/p/3158245.html

安装，添加用户设密码，禁止登陆/sbin/nologin，配置/etc/vsftpd/vsftpd.conf，FTP根目录要755不能777，且仅根目录所有者不能是ftp账户，其他子目录必须是ftp用户，因为要更改权限。

目录所有者如下：

drwxr-xr-x 2 runtestftp runtestftp 4096 Nov

16 11:50 runtest_cardwuyou

连不上尝试使用主动连接。端口21，22要打开

配置文件参考如下：

# Example config file /etc/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This

sample file

# loosens things up a bit, to make the ftp daemon more

usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of

vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea

of vsftpd's

# capabilities.

#

# If vsftpd is in standalone mode, the default listen address

(of all local

# interfaces) may be overridden by this setting. Provide a

numeric IP address.

#listen_address=127.0.0.1

#

# Allow anonymous FTP? (Beware - allowed by default if you

comment this out).

anonymous_enable=NO

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write

command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change

this to 022,

# if your users expect that (022 is used by most other

ftpd's)

local_umask=022

#

# Default umask for anonymous users is 077.

You may wish to change this to 022,

# if your users expect that (022 is used by most other

ftpd's)

#anon_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload

files. This only

# has an effect if the above global write enable is activated.

Also, you will

# obviously need to create a directory writable by the FTP

user.

#anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able

to create

# new directories.

#anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users

when they

# go into a certain directory.

dirmessage_enable=YES

#

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20

(ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to

be owned by

# a different user. Note! Using "root" for uploaded files is

not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# You may override where the log file goes if you like. The

default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

#

# If you want, you can have your log file in standard ftpd

xferlog format.

# Note that the default log file location is /var/log/xferlog

in this case.

#xferlog_std_format=YES

#

# You may change the default value for timing out an idle

session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data

connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique

user which the

# ftp server can use as a totally isolated and unprivileged

user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR

requests. Not

# recommended for security (the code is non-trivial). Not

enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but

in fact ignore

# the request. Turn on the below options to have the server

actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a

denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode.

vsftpd

# predicted this attack and has always been safe, reporting

the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

#ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail

addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

#

# You may specify an explicit list of local users to chroot()

to their home

# directory. If chroot_local_user is YES, then this list

becomes a list of

# users to NOT chroot().

#chroot_local_user=YES

chroot_list_enable=YES

# (default follows)

chroot_list_file=/etc/vsftpd/chroot_list

#

# You may activate the "-R" option to the builtin ls. This is

disabled by

# default to avoid remote users being able to cause excessive

I/O on large

# sites. However, some broken FTP clients such as "ncftp" and

"mirror" assume

# the presence of the "-R" option, so there is a strong case

for enabling it.

#ls_recurse_enable=YES

#

# When "listen" directive is enabled, vsftpd runs in

standalone mode and

# listens on IPv4 sockets. This directive cannot be used in

conjunction

# with the listen_ipv6 directive.

listen=YES

#

# This directive enables listening on IPv6 sockets. To listen

on IPv4 and IPv6

# sockets, you must run two copies of vsftpd with two

configuration files.

# Make sure, that one of the listen options is commented

!!

#listen_ipv6=YES

#

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

# When enabled, directory listings reveal the local time for

the computer

# instead of GMT.

#

#use_localtime=YES

#

# If set to YES, anonymous users will be permitted to perform

write operations

# other than upload and create directory, such as deletion and

renaming.

# This is generally not recommended but included for

completeness.

#

#anon_other_write_enable=YES

#

# When enabled, anonymous users will only be allowed to

download files which

# are world readable. This is recognising that the ftp user

may own files,

# especially in the presence of uploads.

#

#anon_world_readable_only=NO

#

# Specifies the lowest possible port sent to the FTP clients

for passive mode

# connections. This setting is used to limit the port range so

that firewall

# rules are easier to create.

#

#pasv_min_port=30000

#

# Specifies the highest possible port sent to the FTP clients

for passive mode

# connections. This setting is used to limit the port range so

that firewall

# rules are easier to create.

#

#pasv_max_port=30999

#

# This directive specifies the maximum number of simultaneous

clients allowed

# to connect to the server when it is running in standalone

mode,

# in bytes per second.

#

max_clients=100

#

# This directive enables maximum of clients allowed to

connected from the

# same source IP address.

#

max_per_ip=4

#

# Specifies the maximum data transfer rate for anonymous users

in bytes

# per second.

#

#anon_max_rate=0

#

# Specifies the maximum rate data is transfered for local

users logged

# into the server in bytes per second.

#

#local_max_rate=0

#

# Enable convert charset

#

#convert_charset_enable=1

#

# Specifies local charset

#

#local_charset=UTF8

#

# Specifies remote charset

#

#remote_charset=CP1251

#

# Enable this options if you have double "я"

#

#double_377=0

userlist_deny=NO

userlist_file=/etc/vsftpd/user_list

注意：/etc/vsftpd/chroot_list 文件要加入用户，必要时/etc/vsftpd/user_list也要加入用户。

如果根目录是www 用testftp 无法删除

根目录下的文件(包括文件夹)，仅最外层。无权限，但亲测可修改文件内容。但其他文件夹不用777可删除。

+注意：由程序生成的文件，属于程序用户即www，如果文件不是777属性，则ftp用户也没法删除文件，如缓存或者日志.