การติดตั้ง vsftpd ผ่าน ports
ลองติดตั้งดูแล้ว ตอนแรกก็ login ไม่ได้เหมือนกัน มั่วไปมั่วมา ฟลุก login ได้ สรุปขั้นตอนได้ประมาณนี้ ใครที่ยังทำไม่ได้ก็ลองดูเด้อ
*** ต้องประยุค กับในหนังสือ และค้นคว้า จากใน web ให้มากกว่านี่
===============================
Install VsFTP on FreeBSD 7.0
===============================
Install VsFTP on FreeBSD 7.0
===============================
1. #cd /usr/ports/ftp/
2. #make search name=vsftpd
Port: vsftpd-2.0.6
Path: /usr/ports/ftp/vsftpd
Info: A FTP daemon that aims to be "very secure"
Maint: dinoex@FreeBSD.org
B-deps:
R-deps:
WWW: http://vsftpd.beasts.org/
3. #cd vsftpd/
4. #make config
2. #make search name=vsftpd
Port: vsftpd-2.0.6
Path: /usr/ports/ftp/vsftpd
Info: A FTP daemon that aims to be "very secure"
Maint: dinoex@FreeBSD.org
B-deps:
R-deps:
WWW: http://vsftpd.beasts.org/
3. #cd vsftpd/
4. #make config
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for vsftpd 2.0.6 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [ x ] RC_NG install RC_NG script x x
x x [ x ] VSFTPD_SSL Include support for SSL x x
x x x x
x x x x
x x x x
x x x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
5. #make install clean
===> Found saved configuration for vsftpd-2.0.6
=> vsftpd-2.0.6.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from ftp://vsftpd.beasts.org/users/cevans/.
vsftpd-2.0.6.tar.gz 100% of 154 kB 46 kBps
===> Extracting for vsftpd-ssl-2.0.6
=> MD5 Checksum OK for vsftpd-2.0.6.tar.gz.
=> SHA256 Checksum OK for vsftpd-2.0.6.tar.gz.
===> Patching for vsftpd-ssl-2.0.6
===> Applying FreeBSD patches for vsftpd-ssl-2.0.6
===> vsftpd-ssl-2.0.6 depends on file: /usr/local/lib/libcrypto.so.5 - found
===> Configuring for vsftpd-ssl-2.0.6
/usr/bin/sed -i.bak -e "s|/etc/vsftpd.conf|/usr/local/etc/vsftpd.conf|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/defs.h
/usr/bin/sed -i.bak -e "s|^CC = gcc|CC = cc|" -e "s|^CFLAGS =|CFLAGS = -O2 -fno-strict-aliasing -pipe -I/usr/local/include|" -e "s| -Wl,-s| -Wl,-s -lwrap -rpath=/usr/local/lib -L/usr/local/lib|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/Makefile
/usr/bin/sed -i.bak -e "s|#undef VSF_BUILD_TCPWRAPPERS|#define VSF_BUILD_TCPWRAPPERS 1|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/builddefs.h
echo "secure_chroot_dir=/usr/local/share/vsftpd/empty" >> /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.conf
/usr/bin/sed -i.bak -e "s|/etc/v|/usr/local/etc/v|" -e 's|delay_failed_logins|delay_failed_login|' -e 's|delay_successful_logins|delay_successful_login|' /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.8 /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.conf.5 /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/tunables.c
/usr/bin/sed -i.bak -e "s|#undef VSF_BUILD_SSL|#define VSF_BUILD_SSL 1|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/builddefs.h
...
...
...
/bin/mkdir -p /usr/local/share/doc/vsftpd/EXAMPLE
/bin/cp -p -R -L /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/EXAMPLE/./ /usr/local/share/doc/vsftpd/EXAMPLE/
/bin/chmod -R -L a+rX,go-w /usr/local/share/doc/vsftpd/EXAMPLE/
/bin/mkdir -p /usr/local/share/doc/vsftpd/SECURITY
/bin/cp -p -R -L /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/SECURITY/./ /usr/local/share/doc/vsftpd/SECURITY/
/bin/chmod -R -L a+rX,go-w /usr/local/share/doc/vsftpd/SECURITY/
===> Installing rc.d startup script(s)
===> Compressing manual pages for vsftpd-ssl-2.0.6
===> Registering installation for vsftpd-ssl-2.0.6
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/vsftpd
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/vsftpd
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://vsftpd.beasts.org/
===> Cleaning for vsftpd-ssl-2.0.6
x Options for vsftpd 2.0.6 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [ x ] RC_NG install RC_NG script x x
x x [ x ] VSFTPD_SSL Include support for SSL x x
x x x x
x x x x
x x x x
x x x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
5. #make install clean
===> Found saved configuration for vsftpd-2.0.6
=> vsftpd-2.0.6.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from ftp://vsftpd.beasts.org/users/cevans/.
vsftpd-2.0.6.tar.gz 100% of 154 kB 46 kBps
===> Extracting for vsftpd-ssl-2.0.6
=> MD5 Checksum OK for vsftpd-2.0.6.tar.gz.
=> SHA256 Checksum OK for vsftpd-2.0.6.tar.gz.
===> Patching for vsftpd-ssl-2.0.6
===> Applying FreeBSD patches for vsftpd-ssl-2.0.6
===> vsftpd-ssl-2.0.6 depends on file: /usr/local/lib/libcrypto.so.5 - found
===> Configuring for vsftpd-ssl-2.0.6
/usr/bin/sed -i.bak -e "s|/etc/vsftpd.conf|/usr/local/etc/vsftpd.conf|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/defs.h
/usr/bin/sed -i.bak -e "s|^CC = gcc|CC = cc|" -e "s|^CFLAGS =|CFLAGS = -O2 -fno-strict-aliasing -pipe -I/usr/local/include|" -e "s| -Wl,-s| -Wl,-s -lwrap -rpath=/usr/local/lib -L/usr/local/lib|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/Makefile
/usr/bin/sed -i.bak -e "s|#undef VSF_BUILD_TCPWRAPPERS|#define VSF_BUILD_TCPWRAPPERS 1|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/builddefs.h
echo "secure_chroot_dir=/usr/local/share/vsftpd/empty" >> /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.conf
/usr/bin/sed -i.bak -e "s|/etc/v|/usr/local/etc/v|" -e 's|delay_failed_logins|delay_failed_login|' -e 's|delay_successful_logins|delay_successful_login|' /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.8 /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/vsftpd.conf.5 /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/tunables.c
/usr/bin/sed -i.bak -e "s|#undef VSF_BUILD_SSL|#define VSF_BUILD_SSL 1|" /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/builddefs.h
...
...
...
/bin/mkdir -p /usr/local/share/doc/vsftpd/EXAMPLE
/bin/cp -p -R -L /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/EXAMPLE/./ /usr/local/share/doc/vsftpd/EXAMPLE/
/bin/chmod -R -L a+rX,go-w /usr/local/share/doc/vsftpd/EXAMPLE/
/bin/mkdir -p /usr/local/share/doc/vsftpd/SECURITY
/bin/cp -p -R -L /usr/ports/ftp/vsftpd/work/vsftpd-2.0.6/SECURITY/./ /usr/local/share/doc/vsftpd/SECURITY/
/bin/chmod -R -L a+rX,go-w /usr/local/share/doc/vsftpd/SECURITY/
===> Installing rc.d startup script(s)
===> Compressing manual pages for vsftpd-ssl-2.0.6
===> Registering installation for vsftpd-ssl-2.0.6
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/vsftpd
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/vsftpd
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://vsftpd.beasts.org/
===> Cleaning for vsftpd-ssl-2.0.6
6. #more /usr/local/etc/rc.d/vsftpd
7. #pico -w /etc/rc.conf
#FTP Server #
vsftpd_enable="YES"
8. #more /usr/local/share/doc/vsftpd/README
9. #more /usr/local/share/doc/vsftpd/INSTALL
10. #cp /usr/local/etc/vsftpd.conf /usr/local/etc/vsftpd.conf.ori
11. #pico -w /usr/local/etc/vsftpd.conf
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
## Anonymous FTP
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#Real FTP
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
##
## uncomment this and create file "/usr/local/etc/vsftpd.user_list" for allow users login
userlist_enable=YES
## only allow users in this file "/usr/local/etc/vsftpd.user_list"
userlist_deny=NO
## never allow users in this file, and do not even prompt for a password.
#userlist_deny=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
## user can upload file
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
## user can make or create new directory
anon_mkdir_write_enable=YES
## user can read file in new directory
anon_world_readable_only=NO
## user can delete file and directory
anon_other_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
## user can change root to other
#chroot_local_user=YES
## allow user can change root to other
chroot_list_enable=YES
# (default follows)
## this file keep username that allow to change directory
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#secure_chroot_dir=/usr/local/share/vsftpd/empty
secure_chroot_dir=/home/share/pub/vsftpd/empty
#pam_service_name=vsftpd
## enable for standalone mode
listen=YES
background=YES
#tcp_wrappers=YES
12. #mkdir -p /home/share/pub/vsftp/empty
13. #pico -w /usr/local/etc/vsftpd.user_list
### permit local users admin an webmaster can login ###
admin
webmaster
11. #pico -w /usr/local/etc/vsftpd.chroot_list
### permit only user admin can change root to other directory ###
admin
12. #adduser admin
13. #passwd admin
14 #adduser webmaster
15 #passwd webmaster
16. #/usr/local/etc/rc.d/vsftpd start
Starting vsftpd.
17. #netstat -na|grep 21
tcp4 0 0 *.21 *.* LISTEN
18. #lsof -i | grep vsftpd
vsftpd 5501 root 0u IPv4 0xc44191d0 0t0 TCP *:ftp (LISTEN)
19. #lsof -c vsftpd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vsftpd 5501 root cwd VDIR 0,95 3584 526735 /usr/local/etc
vsftpd 5501 root rtd VDIR 0,89 512 2 /
vsftpd 5501 root txt VREG 0,95 94984 565807 /usr/local/libexec/vsftpd
vsftpd 5501 root txt VREG 0,89 171588 50919 /libexec/ld-elf.so.1
vsftpd 5501 root txt VREG 0,95 27940 895077 /usr/lib/libwrap.so.5
vsftpd 5501 root txt VREG 0,95 28240 899550 /usr/lib/libpam.so.4
vsftpd 5501 root txt VREG 0,89 50472 24 /lib/libutil.so.7
vsftpd 5501 root txt VREG 0,95 293047 570951 /usr/local/lib/libssl.so.5
vsftpd 5501 root txt VREG 0,95 1497579 570943 /usr/local/lib/libcrypto.so.5
vsftpd 5501 root txt VREG 0,89 1040524 508 /lib/libc.so.7
vsftpd 5501 root txt VREG 0,89 67088 511 /lib/libthr.so.3
vsftpd 5501 root 0u IPv4 0xc44191d0 0t0 TCP *:ftp (LISTEN)
vsftpd 5501 root 1 0xc5dc6e58 file struct, ty=0, op=0xc0baef20
20. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
ftp> exit
21. #grep "ftp" /etc/group
22. #grep "ftp" /etc/passwd
23. #pw userdel ftp
23. #pw groupadd ftp -g 14
24. #pw useradd ftp -u 14 -g 14 -d /home/share/pub/vsftpd -s /sbin/nologin
25. #grep "ftp" /etc/passwd
ftp:*:14:14:User &:/home/share/pub/vsftpd:/sbin/nologin
26. #grep "ftp" /etc/group
ftp:*:14:
27. #/usr/local/etc/rc.d/vsftpd restart
Stopping vsftpd.
Starting vsftpd.
28. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
28.1 Name (localhost:root): root
530 Permission denied.
ftp: Login failed. <=== root can not login
28.2 ftp> exit
221 Goodbye.
29. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
29.1 Name (localhost:root): admin
331 Please specify the password.
29.2 Password: xxxxxx
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
29.3 ftp> pwd
Remote directory: /home/admin
29.4 ftp> dir
229 Entering Extended Passive Mode (|||62201|)
150 Here comes the directory listing.
drwxr-xr-x 3 0 1010 512 Apr 01 09:41 CA
drwx------ 15 1010 1010 512 Jun 26 02:12 Maildir
drwx------ 2 1010 1010 512 Mar 26 04:03 cur
-rw------- 1 1010 1010 144 Mar 26 04:03 dovecot.index
-rw------- 1 1010 1010 10272 Mar 26 04:03 dovecot.index.cache
-rw------- 1 1010 1010 124 Mar 26 04:03 dovecot.index.log
drwx------ 2 1010 1010 512 Mar 26 04:03 new
drwx------ 2 1010 1010 512 Mar 26 04:03 tmp
226 Directory send OK.
29.5 ftp> cd /usr/local/www/apache22/data
250 Directory successfully changed. <=== admin can change root directory
29.6 ftp> pwd
Remote directory: /usr/local/www/apache22/data
29.7 ftp> dir
229 Entering Extended Passive Mode (|||14267|)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 892 Feb 12 13:05 ERROR.html
-rw-r--r-- 1 0 0 2326 May 25 2007 apache_pb.gif
-rw-r--r-- 1 0 0 1385 May 25 2007 apache_pb.png
-rw-r--r-- 1 0 0 2410 May 25 2007 apache_pb22.gif
-rw-r--r-- 1 0 0 1502 May 25 2007 apache_pb22.png
-rw-r--r-- 1 0 0 2205 May 25 2007 apache_pb22_ani.gif
-rw-r--r-- 1 0 0 44 Nov 20 2004 index.html
...
...
...
226 Directory send OK.
29.8 ftp> exit
221 Goodbye.
30. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
30.1 Name (localhost:root): webmaster
331 Please specify the password.
30.2 Password: xxxxxx
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
30.3 ftp> pwd
Remote directory: /
30.4 ftp> dir
229 Entering Extended Passive Mode (|||14221|)
150 Here comes the directory listing.
drwx------ 9 1004 1004 512 Jan 30 02:33 Maildir
drwxr-xr-x 9 1004 1004 8704 May 08 2007 public_html
226 Directory send OK.
30.5 ftp> cd /usr/local/www/apache22/data
550 Failed to change directory. <=== webmaster can not change root directory
30.6 ftp> exit
221 Goodbye.
-----------------------------------------------------------------------------------------------------------------------------------------
advance example:
1. #ll /usr/local/share/doc/vsftpd/EXAMPLE/
total 14
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 INTERNET_SITE
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 INTERNET_SITE_NOINETD
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 PER_IP_CONFIG
-rw-r--r-- 1 root wheel 815 Feb 2 08:30 README
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_HOSTS
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_USERS
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_USERS_2
2. #more /usr/local/share/doc/vsftpd/EXAMPLE/README
These subdirectories contain examples of vsftpd usage.
These examples are known to work on a RedHat 7.2 installation. Some of them
rely on xinetd and / or a highly functional version of PAM.
The examples should serve to illustrate how vsftpd becomes extremely powerful
when intregration with xinetd for connection handling and PAM for
authentication.
Contents
========
INTERNET_SITE How you might configure vsftpd for an internet site.
INTERNET_SITE_NOINETD How to use vsftpd without xinetd.
PER_IP_CONFIG How to apply different settings based on the connecting
IP address.
VIRTUAL_HOSTS How to set up vsftpd with virtual hosting.
VIRTUAL_USERS How to set up virtual users with vsftpd.
VIRTUAL_USERS_2 Advanced virtual users - different access rights.
7. #pico -w /etc/rc.conf
#FTP Server #
vsftpd_enable="YES"
8. #more /usr/local/share/doc/vsftpd/README
9. #more /usr/local/share/doc/vsftpd/INSTALL
10. #cp /usr/local/etc/vsftpd.conf /usr/local/etc/vsftpd.conf.ori
11. #pico -w /usr/local/etc/vsftpd.conf
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
## Anonymous FTP
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#Real FTP
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
##
## uncomment this and create file "/usr/local/etc/vsftpd.user_list" for allow users login
userlist_enable=YES
## only allow users in this file "/usr/local/etc/vsftpd.user_list"
userlist_deny=NO
## never allow users in this file, and do not even prompt for a password.
#userlist_deny=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
## user can upload file
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
## user can make or create new directory
anon_mkdir_write_enable=YES
## user can read file in new directory
anon_world_readable_only=NO
## user can delete file and directory
anon_other_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
## user can change root to other
#chroot_local_user=YES
## allow user can change root to other
chroot_list_enable=YES
# (default follows)
## this file keep username that allow to change directory
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#secure_chroot_dir=/usr/local/share/vsftpd/empty
secure_chroot_dir=/home/share/pub/vsftpd/empty
#pam_service_name=vsftpd
## enable for standalone mode
listen=YES
background=YES
#tcp_wrappers=YES
12. #mkdir -p /home/share/pub/vsftp/empty
13. #pico -w /usr/local/etc/vsftpd.user_list
### permit local users admin an webmaster can login ###
admin
webmaster
11. #pico -w /usr/local/etc/vsftpd.chroot_list
### permit only user admin can change root to other directory ###
admin
12. #adduser admin
13. #passwd admin
14 #adduser webmaster
15 #passwd webmaster
16. #/usr/local/etc/rc.d/vsftpd start
Starting vsftpd.
17. #netstat -na|grep 21
tcp4 0 0 *.21 *.* LISTEN
18. #lsof -i | grep vsftpd
vsftpd 5501 root 0u IPv4 0xc44191d0 0t0 TCP *:ftp (LISTEN)
19. #lsof -c vsftpd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vsftpd 5501 root cwd VDIR 0,95 3584 526735 /usr/local/etc
vsftpd 5501 root rtd VDIR 0,89 512 2 /
vsftpd 5501 root txt VREG 0,95 94984 565807 /usr/local/libexec/vsftpd
vsftpd 5501 root txt VREG 0,89 171588 50919 /libexec/ld-elf.so.1
vsftpd 5501 root txt VREG 0,95 27940 895077 /usr/lib/libwrap.so.5
vsftpd 5501 root txt VREG 0,95 28240 899550 /usr/lib/libpam.so.4
vsftpd 5501 root txt VREG 0,89 50472 24 /lib/libutil.so.7
vsftpd 5501 root txt VREG 0,95 293047 570951 /usr/local/lib/libssl.so.5
vsftpd 5501 root txt VREG 0,95 1497579 570943 /usr/local/lib/libcrypto.so.5
vsftpd 5501 root txt VREG 0,89 1040524 508 /lib/libc.so.7
vsftpd 5501 root txt VREG 0,89 67088 511 /lib/libthr.so.3
vsftpd 5501 root 0u IPv4 0xc44191d0 0t0 TCP *:ftp (LISTEN)
vsftpd 5501 root 1 0xc5dc6e58 file struct, ty=0, op=0xc0baef20
20. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
ftp> exit
21. #grep "ftp" /etc/group
22. #grep "ftp" /etc/passwd
23. #pw userdel ftp
23. #pw groupadd ftp -g 14
24. #pw useradd ftp -u 14 -g 14 -d /home/share/pub/vsftpd -s /sbin/nologin
25. #grep "ftp" /etc/passwd
ftp:*:14:14:User &:/home/share/pub/vsftpd:/sbin/nologin
26. #grep "ftp" /etc/group
ftp:*:14:
27. #/usr/local/etc/rc.d/vsftpd restart
Stopping vsftpd.
Starting vsftpd.
28. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
28.1 Name (localhost:root): root
530 Permission denied.
ftp: Login failed. <=== root can not login
28.2 ftp> exit
221 Goodbye.
29. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
29.1 Name (localhost:root): admin
331 Please specify the password.
29.2 Password: xxxxxx
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
29.3 ftp> pwd
Remote directory: /home/admin
29.4 ftp> dir
229 Entering Extended Passive Mode (|||62201|)
150 Here comes the directory listing.
drwxr-xr-x 3 0 1010 512 Apr 01 09:41 CA
drwx------ 15 1010 1010 512 Jun 26 02:12 Maildir
drwx------ 2 1010 1010 512 Mar 26 04:03 cur
-rw------- 1 1010 1010 144 Mar 26 04:03 dovecot.index
-rw------- 1 1010 1010 10272 Mar 26 04:03 dovecot.index.cache
-rw------- 1 1010 1010 124 Mar 26 04:03 dovecot.index.log
drwx------ 2 1010 1010 512 Mar 26 04:03 new
drwx------ 2 1010 1010 512 Mar 26 04:03 tmp
226 Directory send OK.
29.5 ftp> cd /usr/local/www/apache22/data
250 Directory successfully changed. <=== admin can change root directory
29.6 ftp> pwd
Remote directory: /usr/local/www/apache22/data
29.7 ftp> dir
229 Entering Extended Passive Mode (|||14267|)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 892 Feb 12 13:05 ERROR.html
-rw-r--r-- 1 0 0 2326 May 25 2007 apache_pb.gif
-rw-r--r-- 1 0 0 1385 May 25 2007 apache_pb.png
-rw-r--r-- 1 0 0 2410 May 25 2007 apache_pb22.gif
-rw-r--r-- 1 0 0 1502 May 25 2007 apache_pb22.png
-rw-r--r-- 1 0 0 2205 May 25 2007 apache_pb22_ani.gif
-rw-r--r-- 1 0 0 44 Nov 20 2004 index.html
...
...
...
226 Directory send OK.
29.8 ftp> exit
221 Goodbye.
30. #ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.0.6)
30.1 Name (localhost:root): webmaster
331 Please specify the password.
30.2 Password: xxxxxx
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
30.3 ftp> pwd
Remote directory: /
30.4 ftp> dir
229 Entering Extended Passive Mode (|||14221|)
150 Here comes the directory listing.
drwx------ 9 1004 1004 512 Jan 30 02:33 Maildir
drwxr-xr-x 9 1004 1004 8704 May 08 2007 public_html
226 Directory send OK.
30.5 ftp> cd /usr/local/www/apache22/data
550 Failed to change directory. <=== webmaster can not change root directory
30.6 ftp> exit
221 Goodbye.
-----------------------------------------------------------------------------------------------------------------------------------------
advance example:
1. #ll /usr/local/share/doc/vsftpd/EXAMPLE/
total 14
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 INTERNET_SITE
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 INTERNET_SITE_NOINETD
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 PER_IP_CONFIG
-rw-r--r-- 1 root wheel 815 Feb 2 08:30 README
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_HOSTS
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_USERS
drwxr-xr-x 2 root wheel 512 Feb 2 08:30 VIRTUAL_USERS_2
2. #more /usr/local/share/doc/vsftpd/EXAMPLE/README
These subdirectories contain examples of vsftpd usage.
These examples are known to work on a RedHat 7.2 installation. Some of them
rely on xinetd and / or a highly functional version of PAM.
The examples should serve to illustrate how vsftpd becomes extremely powerful
when intregration with xinetd for connection handling and PAM for
authentication.
Contents
========
INTERNET_SITE How you might configure vsftpd for an internet site.
INTERNET_SITE_NOINETD How to use vsftpd without xinetd.
PER_IP_CONFIG How to apply different settings based on the connecting
IP address.
VIRTUAL_HOSTS How to set up vsftpd with virtual hosting.
VIRTUAL_USERS How to set up virtual users with vsftpd.
VIRTUAL_USERS_2 Advanced virtual users - different access rights.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น