Ubuntu14.04下FTP服务器的安装配置（转载）

首先说明一下，我是在虚拟机中装的Ubuntu14.04，物理机是Win10，最初只是为了在两个系统间传输文件才在Ubuntu中安装了ftp服务器，从Windows端登陆其即可。最初也是按照网上的各种教程来配置，结果就是喜闻乐见的各种报错不能用，或者说无法登陆等等。这里，分享一下我自己的配置过程，按照步骤来就没有问题。

我对ftp服务器的需求是：

不允许匿名访问，因为我不想其他机器随便都能登陆上来；

锁定一个共享目录，在这个目录下我可以上传和下载文件，进行文件共享；

不单独建立ftp用户，本机就可以访问；

好了，开始安装。

sudo apt-get install vsftpd

1
[/code]

很快就可以安装完成。



接下来配置vsftpd.conf文件，位于etc目录下。

sudo gedit /etc/vsftpd.conf

1
[/code]

更改相应的配置：

1、我不希望别人匿名登陆：



2、锁定一个共享目录：（自己指定一个文件夹就可以，我用的是/home/xhb/ftp）



3、本机可以访问：



4、允许写操作：



5、不单独建立ftp用户，直接使用Ubuntu桌面用户就可以登陆：



这里有用到/etc/vsftpd.chroot_list这个文件，没有就新建立一个：

sudo gedit /etc/vsftpd.chroot_list

1
[/code]

在文件中填入允许登陆的账号名。（我的桌面用户名是xhb，也可以添加其他用户名）



然后配置接OK了。

完整配置文件（/etc/vsftpd.conf）：

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, yo
f604
u can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

# xhb added
local_root=/home/xhb/ftp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
[/code]

现在重启FTP，让之前的配置生效。

sudo service vsftpd restart

1
2
[/code]



到这里就OK了。登上去看看。

首先，查看IP地址。



我的本地IP地址是192.168.139.135。

在Windows资源管理器中输入：ftp://（你的IP地址）



输入账户名和密码后即可登录了。



登录的路径就是设为共享文件夹的那个路径。

备注：

如果出现无法登录的情况，原因可能是这样：

之前在配置时，我们做了如下配置来指定允许登陆的用户：



提出来看看：

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

1
2
[/code]

配合使用，使得只有在vsftpd.chroot_list中配置的用户才能登录FTP。

然而vsftpd.chroot_list中配置的用户，对于local_list指定的目录不允许有些的权限。

所以对于共享目录不能有写的权限，如果有我们必须把它去掉。

查看ftp目录的权限。

ls -l

1
[/code]



去掉写权限。

chmod u-w,g-w ftp
ls -l

1
2
[/code]



从显示信息的最前面可以看到，ftp的写权限已经去掉了。接下来就可以正常登陆了。