posts - 37, comments - 9, trackbacks - 0, articles - 0

install (set up) linux ftp

Posted on 2007-04-07 00:34 飞翔 阅读(379) 评论(0)  编辑  收藏
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch15_:_Linux_FTP_Server_Setup

http://rimuhosting.com/howto/ftp.jsp


FTP (File Transfer Protocol) is a common way of moving files between computers.  By default your RimuHosting server will not have FTP enabled.

Do you really need to run FTP? For example, if you are going to be the only person moving files to and from your server, then you may not need it.  Try our scp howto instead.

To enable FTP, first edit the vsftpd.conf file (e.g. vi /etc/vsftpd/vsftpd.conf).  Then:

  • Consider changing anonymous_enable=YES to anonymous_enable=NO
  • Uncomment the "nopriv_user=ftpsecure" line
  • Uncomment the "write_enable=YES" line (else you'll get an error like '550 Permission denied.' from your FTP client when you upload a file or create a directory)
  • Uncomment the "local_enable=YES" line (else you'll get an error like '500 OOPS: vsftpd: both local and anonymous access disabled!')
  • Add a "chroot_local_user=YES" line. This will trap your FTP users in their own /home/username directory. Otherwise they will be able to see and update some files outside their home directory.

Then create a non-super user that vsftp will run as.  Note: this is not the FTP username you'll use when logging into your FTP server.


# create an unpriviledged user that will run the vsftpd service
adduser -s /sbin/nologin ftpsecure
sed --in-place 's/^anonymous_enable=YES/anonymous_enable=NO/ig' /etc/vsftpd/vsftpd.conf
sed --in-place 's/^anon_upload_enable=YES/anon_upload_enable=NO/ig' /etc/vsftpd/vsftpd.conf

Then, most redhat distributions you can then run:

chkconfig --level 35 vsftpd on && /etc/init.d/vsftpd start

Or, on a RedHat 8 distribution:


vi /etc/xinetd.d/vsftpd
# ... and change the disable = yes to disable = no

# then restart xinetd
/etc/init.d/xinetd restart

The ftp daemon will not let you log in as root (?why?).  Try a log in as a non-super user.  To create such a user:


# add the user, use the -s (shell) option if you do not want the 
# user to be able to ssh into the server (else skip it)
adduser -s /sbin/nologin yourusername
passwd yourusername
# you will be prompted for a password
# now, log in to your ftp server using this username and password

Locking FTP Users Into Their Home Directories

By default FTP users can read and write files any files on the server, provided they have access to read/write those files.

You can also set things up so that FTP users only see files under their home directory.  This can often be a more secure setup.  To do this just add chroot_local_user=YES in vsftpd.conf (and restart vsftpd). e.g. 


sed --in-place 's/^anonymous_enable=YES/anonymous_enable=NO/ig' /etc/vsftpd/vsftpd.conf
sed --in-place 's/^anon_upload_enable=YES/anon_upload_enable=NO/ig' /etc/vsftpd/vsftpd.conf
if ! test -e /etc/vsftpd/vsftpd.conf; then 
    echo /etc/vsftpd/vsftpd.conf not found
elif grep -qai chroot_local_user=YES /etc/vsftpd/vsftpd.conf; then 
    echo "chroot_local_user directive already existed"
else 
    echo "Adding the chroot_local_user directive"
    echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
fi
/etc/init.d/vsftpd restart

When a user logs in, if there directory was /home/user/html, they would see /html. They're locked into /home/user, and /home/user becomes their root (/) directory.




只有注册用户登录后才能发表评论。
网站导航: