1.系统用户
1.1.添加用户
添加系统用户,禁止登录系统,设定用户目录权限。
[root@tri work]# useradd -d /data/vsftpd -s /sbin/nologin pub [root@tri work]# passwd pub [root@tri work]# chmod 500 /data/vsftpd [root@tri work]# mkdir /data/vsftpd/upload [root@tri work]# chown -R pub:pub /data/vsftpd [root@tri work]# rm /data/vsftpd/.*
1.2.编辑vsftpd.conf
编辑配置,设定白名单。
[root@tri work]# grep -v "^#" /etc/vsftpd/vsftpd.conf local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES #default is YES understand. passive mode pasv_enable=YES pasv_min_port=51000 pasv_max_port=52160 #pasv_address=0.0.0.0 connect_from_port_20=NO xferlog_std_format=YES chroot_local_user=YES listen=YES listen_ipv6=NO #listen_port=21 #listen_address=0.0.0.0 pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO tcp_wrappers=YES [root@tri work]# cat /etc/vsftpd/user_list # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. pub
2.ftps
[root@tri work]# vi /etc/vsftpd/vsftpd.conf 下边三,默认为NO ssl_enable=YES ssl_tlsv=YES ssl_sslv3=YES 下边俩,默认就是YES force_local_data_ssl=YES force_local_logins_ssl=YES 下边壹,为默认值 rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem 默认为none,默认时认为私钥在上边文件中 rsa_private_key_file=/etc/vsftpd/ssl/vsftpdKey.pem
FAQ
1.530
没有指定验证模块“pam_service_name=vsftpd”,
[root@payqa1 work]# ftp localhost Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 3.0.2) Name (localhost:root): pub 331 Please specify the password. Password: 530 Login incorrect. Login failed. ftp>
2.500 oops
ftp的登用用了系统用户,但是该用户又放在了其他用户目录下。就一直这么报错
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1拒绝连接 Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): pub 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/work/manager_file Login failed. ftp>
转载于:https://blog.51cto.com/sunnybay/1408337