Ubuntu configuring FTP server with vsftpd tutorial details
- 2020-05-17 07:04:59
- OfStack
This paper was tested in Ubuntu Server 14.04 amd64 system.
Install ftp
sudo apt-get install vsftpd
Configuration vsftpd conf
sudo nano /etc/vsftpd.conf
# No anonymous access
anonymous_enable=NO
# Accept local users
local_enable=YES
# Allowed to upload
write_enable=YES
# Users can only access restricted directories
chroot_local_user=YES
# Set the fixed directory and add it at the end. If I don't add this 1 Ok, each user corresponds to their own directory, of course this folder is created by themselves
local_root=/home/ftp
Look at the Internet and say add 1 line "pam_service_name=vsftpd", I see I already have this configuration file, let it go.
Add ftp users
sudo useradd -d /home/ftp -M ftpuser
sudo passwd ftpuser
Adjust folder permissions
This is to avoid "500 OOPS: vsftpd: refusing to with writable root inside chroot()"
sudo chmod a-w /home/ftp
sudo mkdir /home/ftp/data
You u will see the data folder after you log in this way, although it is a bit troublesome, for reasons that are not listed. Looking up information so bitter is not easy.
Change pam d/vsftpd
At this point, logging into ftp directly with useradd's account will result in 530 login incorrect
sudo nano /etc/pam.d/vsftpd
Comment out the
#auth required pam_shells.so
Restart vsftpd
sudo service vsftpd restart
At this point, you can log in to ftp with the ftpuser user you just created, and you will see local_root set to /home/ftp and restricted to that directory.
In your browser to use ftp: / / xxx xxx. xxx. xxx access, can also use software such as flashFXP ftp, password is the password ftpuser.
About user access folder restrictions
chroot_local_user, chroot_list_enable, chroot_list_file
First of all, chroot_list_enable is easy to understand, that is: whether to enable the chroot_list_file configuration file, if the YES means that the chroot_list_file configuration file takes effect, otherwise it will not take effect;
Second, chroot_list_file is also simple. It is configured with a file path. The default is /etc/ vsftpd.chroot_list. However, the meaning of these accounts is not fixed and is related to the configuration item chroot_local_user. As stated in the last article;
Third, chroot_local_user for YES means that all users * cannot * switch to a directory other than their home directory, but! In addition to the chroot_list_file configuration file listed users. chroot_local_user for NO means that all users * can * switch to other directories than their home directory, but! In addition to the chroot_list_file configuration file listed users. It can also be understood as an chroot_list_file "exception" user.
If the client login prompts "connection failed in pasv mode"
Edit/etc/vsftpd conf
Finally add
pasv_promiscuous=YES
Then restart the vsftpd service.