in/vsftpd port 21 log_on_success PID HOST DURATION log_on_failure HOST 通过修改 disable 值为 no 或 yes,并重新启动 xinetd,从而启动或停止 VSFTPD,命令如下。
etc/rc.d/init.d/ vsftpd start/stop/restart 【实例 2】 以 配置 vsftpd , vsftpd 的配置文件/etc/vsftpd/vsftpd.conf 是个文本文件。
“”字符开始的行是注释行。
每个选项设置为一行,格式为“optionvalue” ,注意“”号两边不能留空白符 。
除了这 个主配置文 件外,还 可以给特 定用户设定 个人配置 文件,打开/etc/vsftpd/vsftpd.conf,vsftpd 默认的主配置文件如下。
Example config file /etc/vsftpd.conf The default compiled in settings are very paranoid. This sample file loosens things up a bit to make the ftp daemon more usable. ……… Allow anonymous FTP //是否允许匿名用户登录 anonymous_enableYES Uncomment this to allow local users to log in. //是否允许本地用户登录 local_enableYES Uncomment this to enable any form of FTP write command. //是否给予用户在 FTP 中执行写的权利 write_enableYES Default umask for local users is 077. You may wish to change this to 022 if your users expect that 022 is used by most other ftpds //设置本地用户的文件生成掩码为 022,默认值为 077 local_umask022 Uncomment this to allow the anonymous FTP user to upload files. This only has an effect if the above global write enable is activated. Also you will obviously need to create a directory writable by the FTP user. anon_upload_enableYES Uncomment this if you want the anonymous FTP user to be able to create new directories. anon_mkdir_write_enableYES Activate directory messages - messages given to remote users when they go into a certain directory. //当远程用户更改目录时,是否出现提示信息 dirmessage_enableYES Activate logging of uploads/downloads.//启动上传和下载日志功能xferlog_enableYES Make sure PORT transfer connections originate from port 20 ftp-data.//启动 FTP 数据端口连接请求connect_from_port_20YES If you want you can arrange for uploaded anonymous files to be owned by a different user. Note Using quotrootquot for uploaded files is not recommendedchown_uploadsYESchown_usernamewhoever You may override where the log file goes if you like. The default is shown below.//设置日志文件的文件名以及存储路径,默认值是/var/log/vsftpd.logxferlog_file/var/log/vsftpd.log If you want you can have your log file in standard ftpd xferlog format//是否适用标准的 ftpd xferlog 日志文件xferlog_std_formatYES You may change the default value for timing out an idle session.//设置空闲的用户对话中断时间,默认的时间为 600 秒idle_session_timeout600 You may change the default value for timing out a data connection.//设置数据连接超时时间,默认值是 120 秒data_connection_timeout120 It is recommended that you define on your system a unique user which the ftp server can use as a totally isolated and unprivileged user.nopriv_userftpsecure Enable this and the server will recognise asynchronous ABOR requests. Not recommended for security the code is non-trivial. Not enabling it however may confuse older FTP clients.async_abor_enableYES By default the server will pretend to allow ASCII mode but in fact ignore the request. Turn on the below options to have the server actually do ASCII mangling on files when in ASCII mode. Beware that turning on ascii_download_enable enables malicious remoteparties to consume your I/O resources by issuing the command quotSIZE /big/filequot in ASCII mode. These ASCII options are split into upload and download because you may wish to enable ASCII uploads to prevent uploaded scripts etc. from breaking without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be on the client anyway.. //是否允许使用 ASCII 格式来上传文件 ascii_upload_enableYES //是否允许使用 ASCII 格式来下载文件 ascii_download_enableYES You may fully customise the login banner string: //设置欢迎登陆信息 ftpd_bannerWelcome to blah FTP service. You may specify a file of disallowed anonymous e-mail addresses. Apparently useful for combatting certain DoS attacks. deny_email_enableYES default follows banned_email_file/etc/vsftpd.banned_emails You may specify an explicit list of local users to chroot to their home directory. If chroot_local_user is YES then this list becomes a list of users to NOT chroot. //是否允许用户进入自己目录以外的其他目录 chroot_list_enableYES default follows chroot_list_file/etc/vsftpd.chroot_list You may activate the quot-Rquot option to the builtin ls. This is disabled by default to avoid remote users being able to cause excessive I/O on large sites. However some broken FTP clients such as quotncftpquot and quotmirrorquot assume the presence of the quot-Rquot option so there is a strong case for enabling it. ls_recurse_enableYES //设置 PAM 认证服务的配置文件名称 pam_service_namevsftpd //是否允许用户列表中的用户登录 FTP 服务器 userlist_enableYES enable for standalone mode //是否设置 vsftpd 为独立运行 listenYES //是否设置 tcp_wrappers 作为主机访问控制方式 tcp_wrappersYES1. 连接选项 【实例 3】 允许匿名用户上传文件,需要在 vsftpd.conf 文件中修改或增加以下选项: 匿名用户对文件系统的上传目录具有写的权利 write_enableYES 匿名用户具有浏览目录的权限 anon_world_readable_onlyNO 允许匿名用户上传 anon_upload_enableYES 匿名用户具有写以及创建目录的权限 anon_mkdir_write_enableYES 然后创建供匿名用户上传文件的目录,并设定权限,使用以下命令。
mkdir /var/ftp/incoming chmod ow /var/ftp/incoming 由于匿名用户(ftp)上传文件,需要对 incoming 目录进行好作,而 incoming 为 root 所有,匿名用户(ftp)对于 incoming 来说是其他用户,所以要加入其他用户(o)的写权限。
或者将 incoming 目录的用户和组都改为 ftp,使用以下命令。
chown ftp.ftp /var/ftp/incoming 最后重新启动 vsftpd 服务。
/etc/init.d/vsftpd restart 【实例 4】假定服务器有两个 IP 地址,192.168.0.1 和 192.168.0.2。
VSFTPD 是建立在192.168.0.1 上的,现在我们在 192.168.0.2 上再提供一个虚拟 FTP 服务器。
如何在一台服务器上使用多个 IP 地址,可以使用以下方法。
(1)创建虚拟 FTP 服务器的根目录。
mkdir -p /var/ftp2
上一篇:
计算机网络实验程序源代码
下一篇:
多年来只想说一句,我不怪你