Ubuntu 14.04和16.04如何设置FTP server (VSFTPD)
2016-10-11 19:37
651 查看
http://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/
How to setup FTP server on ubuntu 14.04 ( VSFTPD )
FTP is used to transfer files from one host to another over TCP network. This article explains how to setup FTP server on ubuntu 14.04 .
There are 3 popular FTP server packages available PureFTPD, VsFTPD and ProFTPD. Here i’ve used VsFTPD which is lightweight and less Vulnerability.
Step 1 » Update repositories .
Step 2 » Install VsFTPD package using the below command.
Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
line at the end.
local_root=/var/www/html/static (eg: set the access folder)
» Add the following lines to enable passive mode.
Step 4 » Restart vsftpd service using the below command.
Step 5 » Now ftp server will listen on port 21. Create user with the below command.Use /usr/sbin/nologin shell
to prevent access to the bash shell for the ftp users .
Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following
line at the end.
Now try to connect this ftp server with the username on port 21 using winscp orfilezilla client
and make sure that user cannot access the other folders outside the home directory.
more:
vsftpd默认上传文件权限为600,其他用户不可读。比如上传网页到网站上,web用户将无法访问。
解决办法:在/etc/vsftpd/vsftpd.conf中添加如下代码:
local_umask=022
file_open_mode=0755
Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration
SFTP is called as “Secure FTP” which generally use SSH File Transfer Protocol . so we need openssh-server package installed , Issue the below command if it’s not already installed.
Step 7 » Create a new group ftpaccess for FTP users.
Step 8 » Now make changes in this /etc/ssh/sshd_config file.
» Find and comment the below line
the end of the file.
Step 9 » Restart sshd service.
Step 10 » The below steps must be followed while creating Users for sftp access.
Create user john with ftpaccess group and /usr/bin/nologin shell.
home directory for writing and change ownership of that folder.
Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot access other folders outside home directory.
If you want use both FTP and SFTP together, please perform above steps ( Step 10 ) while creating users . For existing users, move them to ftpaccess group and create folder structure and ownership changes as below.
Now john can able to upload files to www folder using FTP as well as SFTP.
How to setup FTP server on ubuntu 14.04 ( VSFTPD )
FTP is used to transfer files from one host to another over TCP network. This article explains how to setup FTP server on ubuntu 14.04 .
There are 3 popular FTP server packages available PureFTPD, VsFTPD and ProFTPD. Here i’ve used VsFTPD which is lightweight and less Vulnerability.
Setup FTP server on Ubuntu 14.04
Step 1 » Update repositories .krizna@leela:~$ sudo apt-get update
Step 2 » Install VsFTPD package using the below command.
krizna@leela:~$ sudo apt-get install vsftpd
Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
write_enable=YES local_umask=022» Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.
chroot_local_user=YESand add the following
line at the end.
allow_writeable_chroot=YES
local_root=/var/www/html/static (eg: set the access folder)
» Add the following lines to enable passive mode.
pasv_enable=Yes pasv_min_port=40000 pasv_max_port=40100
Step 4 » Restart vsftpd service using the below command.
krizna@leela:~$ sudo service vsftpd restart
Step 5 » Now ftp server will listen on port 21. Create user with the below command.Use /usr/sbin/nologin shell
to prevent access to the bash shell for the ftp users .
krizna@leela:~$ sudo useradd -m john -s /usr/sbin/nologin krizna@leela:~$ sudo passwd john
Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following
line at the end.
/usr/sbin/nologin
Now try to connect this ftp server with the username on port 21 using winscp orfilezilla client
and make sure that user cannot access the other folders outside the home directory.
more:
vsftpd默认上传文件权限为600,其他用户不可读。比如上传网页到网站上,web用户将无法访问。
解决办法:在/etc/vsftpd/vsftpd.conf中添加如下代码:
local_umask=022
file_open_mode=0755
Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration
Secure FTP ( SFTP )
SFTP is called as “Secure FTP” which generally use SSH File Transfer Protocol . so we need openssh-server package installed , Issue the below command if it’s not already installed.krizna@leela:~$ sudo apt-get install openssh-server
Step 7 » Create a new group ftpaccess for FTP users.
krizna@leela:~$ sudo groupadd ftpaccess
Step 8 » Now make changes in this /etc/ssh/sshd_config file.
» Find and comment the below line
Subsystem sftp /usr/lib/openssh/sftp-serverand Add these lines at
the end of the file.
Subsystem sftp internal-sftp Match group ftpaccess ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Step 9 » Restart sshd service.
krizna@leela:~$ sudo service ssh restart
Step 10 » The below steps must be followed while creating Users for sftp access.
Create user john with ftpaccess group and /usr/bin/nologin shell.
krizna@leela:~$ sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin krizna@leela:~$ sudo passwd johnChange ownership for the home directory.
krizna@leela:~$ sudo chown root /home/johnCreate a folder inside
home directory for writing and change ownership of that folder.
krizna@leela:~$ sudo mkdir /home/john/www krizna@leela:~$ sudo chown john:ftpaccess /home/john/www
Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot access other folders outside home directory.
If you want use both FTP and SFTP together, please perform above steps ( Step 10 ) while creating users . For existing users, move them to ftpaccess group and create folder structure and ownership changes as below.
krizna@leela:~$ sudo usermod john -g ftpaccess -s /usr/sbin/nologin
krizna@leela:~$ sudo chown root /home/john
krizna@leela:~$ sudo mkdir /home/john/www krizna@leela:~$ sudo chown john:ftpaccess /home/john/www
Now john can able to upload files to www folder using FTP as well as SFTP.
相关文章推荐
- 如何设置 Ubuntu14.04 的 SSH 无密码登录
- [置顶] ubuntu 16.04 LTS 如何设置默认未开启的root账号登录界面相关问题
- 如何在Ubuntu 16.04上设置生产型Node.js应用
- ubuntu16.04中如何将python3设置为默认
- ubuntu 14.04 如何设置静态ip
- 如何为Ubuntu 14.04上的多Apache虚拟主机环境设置Let's Crypt安全证书
- ubuntu 16.04 下如何设置root用户初始密码
- Ubuntu 16.04 LTS如何设置SSH服务
- 如何为VMware虚拟机内安装的Ubuntu 16.04设置静态IP地址(NAT方式)
- 如何利用Heartbeat与Floating IP在Ubuntu 14.04上创建高可用性设置
- 如何修复Ubuntu 14.04 系统设置丢失的问题
- 详解ubuntu14.04如何设置静态IP的方法
- 如何将Ubuntu 14.04 15.04升级到Ubuntu 16.04
- 如何在Ubuntu 14.04 LTS之上设置Nginx Server Blocks(即虚拟主机)
- 如何在Ubuntu 14.04上利用Keepalived与Floating IP设置高可用性Web服务器
- ubuntu14.04 --如何设置固定IP
- 【转】如何在Ubuntu 16.04上使用UFW设置防火墙
- 安装Ubuntu16.04与windows10双系统后,如何修改启动默认设置