Centos 安装vsftpd-3.0.3
vsftpd-3.0.3
Introduction to vsftpd
The vsftpd package contains a very secure and very small FTP daemon. This is useful for serving files over a network.
This package is known to build and work properly using an LFS-8.4 platform.
Package Information
-
Download (HTTP): https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz
-
Download MD5 sum: da119d084bd3f98664636ea05b5bb398
-
Download size: 196 KB
-
Estimated disk space required: 2 MB
-
Estimated build time: less than 0.1 SBU
vsftpd Dependencies
Required
Optional
libcap-2.26 with PAM, and Linux-PAM-1.3.0
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/vsftpd
Installation of vsftpd
For security reasons, running vsftpd as an unprivileged user and group is encouraged. Also, a user should be created to map anonymous users. As the root user, create the needed directories, users, and groups with the following commands:
install -v -d -m 0755 /usr/share/vsftpd/empty && install -v -d -m 0755 /home/ftp && groupadd -g 47 vsftpd && groupadd -g 45 ftp && adduser -g vsftpd -s /sbin/nologin vsftpd && adduser -g ftpd -s /sbin/nologin ftp && useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd && useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp
Build vsftpd as an unprivileged user using the following command:
make
This package does not come with a test suite.
Once again, become the root user and install vsftpd with the following commands:
install -v -m 755 vsftpd /usr/sbin/vsftpd && install -v -m 644 vsftpd.8 /usr/share/man/man8 && install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 && install -v -m 644 vsftpd.conf /etc
Command Explanations
install -v -d ...: This creates the directory that anonymous users will use (/home/ftp) and the directory the daemon will chroot into (/usr/share/vsftpd/empty).
![[Note]](http://www.micoder.cc/home/upload/2019-04/155435606023191.png)
Note
/home/ftp should not be owned by the user vsftpd, or the user ftp.
echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: Use this prior to make to add support for tcpwrappers.
echo "#define VSF_BUILD_SSL" >>builddefs.h: Use this prior to make to add support for SSL.
install -v -m ...: The Makefile uses non-standard installation paths. These commands install the files in /usr and /etc.
Configuring vsftpd
Configuration Information
vsftpd comes with a basic anonymous-only configuration file that was copied to /etc above. While still as root, this file should be modified because it is now recommended to run vsftpd in standalone mode. Also, you should specify the privilege separation user created above. Finally, you should specify the chroot directory. man vsftpd.conf will give you all the details.
cat >> /etc/vsftpd.conf << "EOF"
background=YES
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/usr/share/vsftpd/empty
EOF
The vsftpd daemon uses seccomp to improve security by default. But it's known to cause vsftpd unable to handle ftp LIST command with recent kernel versions. Append a line to /etc/vsftpd.conf (as the root user) to disable seccomp and workaround this issue:
cat >> /etc/vsftpd.conf << "EOF"
seccomp_sandbox=NO
EOF
To enable local logins, append the following to the /etc/vsftpd.conf file (as the root user):
cat >> /etc/vsftpd.conf << "EOF"
local_enable=YES
EOF
In addition, if using Linux-PAM and vsftpd with local user logins, you will need a Linux-PAM configuration file. As the root user, create the /etc/pam.d/vsftpd file, and add the needed configuration changes for Linux-PAM session support using the following commands:
cat > /etc/pam.d/vsftpd << "EOF" &&# Begin /etc/pam.d/vsftpd auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers \ onerr=succeed auth required pam_shells.so auth include system-auth account include system-account session include system-sessionEOF cat >> /etc/vsftpd.conf << "EOF"session_support=YES pam_service_name=vsftpdEOF 或是cp Redhat/vsftpd.pam 到/etc/pam.d/vsftpd
Boot Script
Install the /etc/rc.d/init.d/vsftpd init script included in the blfs-bootscripts-20190313 package.
make install-vsftpd
Contents
启动脚本内容如下:
[root@cwtbs ~]# cat /etc/init.d/vsftpd
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: vsftpd
# Required-Start: $local_fs $network $named $remote_fs $syslog
# Required-Stop: $local_fs $network $named $remote_fs $syslog
# Short-Description: Very Secure Ftp Daemon
# Description: vsftpd is a Very Secure FTP daemon. It was written completely from
# scratch
### END INIT INFO
# vsftpd This shell script takes care of starting and stopping
# standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program \
# that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="vsftpd"
start() {
# Start daemons.
if [ -d /etc ] ; then
for i in `ls /etc/vsftpd.conf`; do
site=`basename $i .conf`
echo -n $"Starting $prog for $site: "
/usr/sbin/vsftpd $i &
RETVAL=$?
[ $RETVAL -eq 0 ] && {
touch /var/lock/subsys/$prog
success $"$prog $site"
}
echo
done
else
RETVAL=1
fi
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
启用vsftpd 服务
下面是添加ftpadmin 账号与ftp目录
145 useradd -d /var/www/html/ -s /sbin/nologin ftpadmin
将配置文件中”anonymous_enable=YES “改为 “anonymous_enable=NO”
取消如下配置前的注释符号:
local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
保存退出
编辑/etc/vsftpd/chroot_list文件,
将ftpadmin的帐户名添加进去,保存退出
修改ftpadmin 密码
147 passwd ftpadmin
修改ftp目录的用户组。
169 chown -R ftpadmin /var/www/html
如果报530错误,重启动系统后再试试
目录 返回
首页