2009年11月21日 星期六

如何在Ubuntu下安裝FTP(以Vsftpd為例)

1.首先先在終端機下輸入

sudo apt-get install vsftpd => 安裝Vsftpd套件

2.接著開啟

sudo gedit /etc/vsftpd.conf => 設定相關參數(可自行Google各參數定義)

****************以下是指令(你也可以複製貼上然後存檔)********************

# Example config file /etc/vsftpd.conf


#


# The default compiled in settings are fairly paranoid. This sample file


# loosens things up a bit, to make the ftp daemon more usable.


# Please see vsftpd.conf.5 for all compiled in defaults.


#


# READ THIS: This example file is NOT an exhaustive list of vsftpd options.


# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's


# capabilities.


#


#


# Run standalone? vsftpd can run either from an inetd or as a standalone


# daemon started from an initscript.


listen=YES


#


# Run standalone with IPv6?


# Like the listen parameter, except vsftpd will listen on an IPv6 socket


# instead of an IPv4 one. This parameter and the listen parameter are mutually


# exclusive.


#listen_ipv6=YES


#


# Allow anonymous FTP? (Beware - allowed by default if you comment this out).


anonymous_enable=NO


#


# Uncomment this to allow local users to log in.


local_enable=YES


#


# Uncomment this to enable any form of FTP write command.


write_enable=YES


#


# Default umask for local users is 077. You may wish to change this to 022,


# if your users expect that (022 is used by most other ftpd's)


local_umask=022


#


# Uncomment this to allow the anonymous FTP user to upload files. This only


# has an effect if the above global write enable is activated. Also, you will


# obviously need to create a directory writable by the FTP user.


#anon_upload_enable=YES


#


# Uncomment this if you want the anonymous FTP user to be able to create


# new directories.


#anon_mkdir_write_enable=YES


#


# Activate directory messages - messages given to remote users when they


# go into a certain directory.


dirmessage_enable=YES


#


# Activate logging of uploads/downloads.


xferlog_enable=YES


#


# Make sure PORT transfer connections originate from port 20 (ftp-data).


connect_from_port_20=YES


#


# If you want, you can arrange for uploaded anonymous files to be owned by


# a different user. Note! Using "root" for uploaded files is not


# recommended!


#chown_uploads=YES


#chown_username=whoever


#


# You may override where the log file goes if you like. The default is shown


# below.


xferlog_file=/var/log/vsftpd.log


#


# If you want, you can have your log file in standard ftpd xferlog format


xferlog_std_format=YES


#


# You may change the default value for timing out an idle session.


idle_session_timeout=600


#


# You may change the default value for timing out a data connection.


#data_connection_timeout=120


#


# It is recommended that you define on your system a unique user which the


# ftp server can use as a totally isolated and unprivileged user.


#nopriv_user=ftpsecure


#


# Enable this and the server will recognise asynchronous ABOR requests. Not


# recommended for security (the code is non-trivial). Not enabling it,


# however, may confuse older FTP clients.


#async_abor_enable=YES


#


# By default the server will pretend to allow ASCII mode but in fact ignore


# the request. Turn on the below options to have the server actually do ASCII


# mangling on files when in ASCII mode.


# Beware that on some FTP servers, ASCII support allows a denial of service


# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd


# predicted this attack and has always been safe, reporting the size of the


# raw file.


# ASCII mangling is a horrible feature of the protocol.


#ascii_upload_enable=YES


#ascii_download_enable=YES


#


# You may fully customise the login banner string:


#ftpd_banner=Welcome to OIpingo FTP service.


#


# You may specify a file of disallowed anonymous e-mail addresses. Apparently


# useful for combatting certain DoS attacks.


#deny_email_enable=YES


# (default follows)


#banned_email_file=/etc/vsftpd.banned_emails


#


# You may restrict local users to their home directories. See the FAQ for


# the possible risks in this before using chroot_local_user or


# chroot_list_enable below.


#chroot_local_user=YES


#


# You may specify an explicit list of local users to chroot() to their home


# directory. If chroot_local_user is YES, then this list becomes a list of


# users to NOT chroot().


chroot_list_enable=YES


# (default follows)


chroot_list_file=/etc/vsftpd.chroot_list


#


# You may activate the "-R" option to the builtin ls. This is disabled by


# default to avoid remote users being able to cause excessive I/O on large


# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume


# the presence of the "-R" option, so there is a strong case for enabling it.


#ls_recurse_enable=YES


#


#


# Debian customization


#


# Some of vsftpd's settings don't fit the Debian filesystem layout by


# default. These settings are more Debian-friendly.


#


# This option should be the name of a directory which is empty. Also, the


# directory should not be writable by the ftp user. This directory is used


# as a secure chroot() jail at times vsftpd does not require filesystem


# access.


secure_chroot_dir=/var/run/vsftpd


#


# This string is the name of the PAM service vsftpd will use.


pam_service_name=vsftpd


#


# This option specifies the location of the RSA certificate to use for SSL


# encrypted connections.


rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem


# This option specifies the location of the RSA key to use for SSL


# encrypted connections.


rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key


#可以接受的最大clinet可連線的數目


max_clients=20


#每個ip的最大連線數目


max_per_ip=15

*************以上是程式碼(去掉前面的井號該參數就會enable)****************



3.如果要新增另一個使用者步驟如下:
在終端機下輸入(先切換成Root權限 => sudo su)
adduser 您要的帳號
接著會要你輸入兩次密碼
然後開啟ftp軟體 輸入IP 帳號 密碼 就可以進入了
(如果你只有一個人使用,輸入IP然後帳號密碼用你登入Ubuntu的帳號與密碼就可以了 )

或者是在終端機下輸入
ftp 你的IP
(如果你的IP非固定IP請參考這篇NO-IP)


4.更改步驟後都要在終端機執行


sudo /etc/init.d/vsftpd stop 關閉 FTP服務
sudo /etc/init.d/vsftpd start 開啟 FTP服務
或者是你也可以用
sudo /etc/init.d/vsftpd restart 重開FTP服務

5.限制使用者

當在/etc/vsftpd.conf裡的chroot_local_user=YES(代表所有人都不可以跳出家目錄)
這時如果在sudo gedit /etc/vsftpd.chroot_list有該使用者的名稱則該使用者可以跳出

反之當chroot_local_user=NO(代表所有人都可以跳出家目錄)
這時如果在sudo gedit /etc/vsftpd.chroot_list有該使用者的名稱則該使用者無法跳出

6.讓你的FTP在登入時出現歡迎訊息方法如下:

開啟筆記本將你想要的歡迎訊息輸入,並將檔案儲存為『.message』並存放於跟目錄下『/home/你的帳號』

沒有留言:

張貼留言