阿里云服务器安装后-配置VSFTPD

01/11/2016

1.安装VSFTPD服务器

tianyangtax@iZ25tc8mln7Z:~$ sudo apt-get install vsftpd
tianyangtax@iZ25tc8mln7Z:~$ sudo netstat -npltu | grep 21
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1550/vsftpd

2.启用 uper daemon 模式
uper daemon指的是有需要时由xinetd启动vsftpd服务。如果服务器不是那种长期开ftp,提供大量的上传下载服务的话,选择此模式。

tianyangtax@iZ25tc8mln7Z:~$ sudo vim /etc/vsftpd.conf
...
 14 listen=NO
 15 #
 16 # Fix some 530 bugs by royakon at 20160105
 17 seccomp_sandbox=NO
...
 28 # Uncomment this to allow local users to log in.
 29 local_enable=YES
 30 #
 31 # Uncomment this to enable any form of FTP write command.
 32 write_enable=YES
...
 71 xferlog_file=/var/log/vsftpd.log
...
tianyangtax@iZ25tc8mln7Z:~$ sudo apt-get install xinetd
tianyangtax@iZ25tc8mln7Z:~$ cd /etc/xinetd.d
tianyangtax@iZ25tc8mln7Z:/etc/xinetd.d$ sudo vim vsftpd
tianyangtax@iZ25tc8mln7Z:/etc/xinetd.d$ sudo cat vsftpd
service ftp
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/vsftpd
        log_on_success          += DURATION USERID
        log_on_failure          += USERID
        nice                    = 10
        disable                 = no
}
tianyangtax@iZ25tc8mln7Z:/etc/xinetd.d$ sudo service vsftpd stop
vsftpd stop/waiting
tianyangtax@iZ25tc8mln7Z:/etc/xinetd.d$ sudo service xinetd restart
xinetd stop/waiting
xinetd start/running, process 2986
tianyangtax@iZ25tc8mln7Z:/etc/xinetd.d$ sudo netstat -npltu | grep 21
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2986/xinetd 

3.CHROOT运行模式, vsftpd.chroot_list 文档中的用户不chroot;本例中文件为空.

tianyangtax@iZ25tc8mln7Z:~/etc/xinet.d$ cd ~
tianyangtax@iZ25tc8mln7Z:~$ sudo vim /etc/vsftpd.conf
...
123 chroot_local_user=YES
124 chroot_list_enable=YES
125 allow_writeable_chroot=YES
126 # (default follows)
127 chroot_list_file=/etc/vsftpd.chroot_list
...
tianyangtax@iZ25tc8mln7Z:~$ sudo vim /etc/vsftpd.chroot_list
tianyangtax@iZ25tc8mln7Z:~$ cat /etc/vsftpd.chroot_list

4.配置UFW防火墙

tianyangtax@iZ25tc8mln7Z:/etc$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
2002                       ALLOW       Anywhere
2002 (v6)                  ALLOW       Anywhere (v6)

tianyangtax@iZ25tc8mln7Z:/etc$ sudo ufw allow 21
Rule added
Rule added (v6)
tianyangtax@iZ25tc8mln7Z:/etc$ sudo ufw status
\Status: active

To                         Action      From
--                         ------      ----
2002                       ALLOW       Anywhere
21                         ALLOW       Anywhere
2002 (v6)                  ALLOW       Anywhere (v6)
21 (v6)                    ALLOW       Anywhere (v6)

5.重启xinetd服务

tianyangtax@iZ25tc8mln7Z:/etc$ sudo service xinetd restart
xinetd stop/waiting
xinetd start/running, process 3073

2016-01-11 21:37:24屏幕截图