¦bºô»Úºô¸ô¤W±ªº¶Ç¿é¨ó©w·í¤¤¡AFTP(File Transfer Protocol)¥i»¡¬O³Ì¥j¦Ñªº¨ó©w¤§¤@¤F¡I¦´ÁÁÙ¨S¦³³o»ò¦h¦n¥Îªº¨ó©w¤§«e(¨Ò¦pSAMBA)¡A³£¬O¨Ï¥ÎFTP¨Ó¶i¦æ¸ê®Æªº¶Ç»¼ªº©O¡I¥t¥~¡A¤@¯ë¨Ó»¡¸ê®Æªº¶Ç¿é¥HFTP³oÓ¨ó©w¨Ó¶Ç°e¬O¬Û·íªº§Ö³tªº¡A¦Ó¥B¬Y¨Ç³õ¦X·í¤¤¨ä¹ê¤]¬Û·íªº¤è«K¡C¤£¹L¡AÈ±oª`·Nªº¬O¡A¨Ï¥ÎFTP¨Ó¶Ç¿é®É¡A¨ä¹ê¬O¨ã¦³¤@©wµ{«×ªº¡y¦MÀI©Ê¡z¡A¦]¬°¸ê®Æ¦bºô»Úºô¸ô¤W±¬O§¹¥þ¨S¦³¨ü¨ì«OÅ@ªº¡y©ú½X¡z¾÷¨î¡I©Ò¥H³¾ô¤£¤Ó«ØÄ³¤j®a¨Ï¥Î³oÓ¦øªA¾¹ªº°Õ¡I¤×¨ä·í§A«Ø¸m¦n¤FFTP¤§«á¡A¦pªG¸g±`¶i¦æ¸ê®Æªº¶Ç»¼¡A¹ï©ó±zªººô¸ôÀW¼e¡y¯uªº¦³«Ü¤jªº·l®`¡z°Ú¡I¤£¹L¡AµL½×¦p¦ó¡AFTP¤´µM¦³¨ä¦s¦bªº¥²n¡I¨Ò¦p¸q¦u¤j¾ÇªºFTP¯¸´N§@ªº¬Û·íªº´Î°Ú¡I¤£¹L¡AFTP¦øªA¾¹ªº¦MÀI©Ê®¼°ªªº¡A¦]¦¹§ÚÌ¿ï¾Ü¤@Ó±j½Õ¦w¥þ©Êªºvsftpd³nÅé¨Ó¬[³]³á¡I

1.¥»³¹ªº¦æ«e·Ç³Æ¤u§@
2.FTPªº¸ê®Æ³sµ²ì²z
¡@¡@2.1FTP¥\¯àÂ²¤¶
¡@¡@2.2FTPªº¹B§@¬yµ{»P¨Ï¥Î¨ìªº°ð¤f
¡@¡@2.3¥Î¤áºÝ¿ï¾Ü³Q°Ê¦¡³s½u¼Ò¦¡
¡@¡@2.4FTPªº¦w¥þ©Ê°ÝÃD»P´À¥N¤è®×
¡@¡@2.5¶}©ñ¤°»ò¨¥÷ªº¨Ï¥ÎªÌµn¤J
3.vsftpd¦øªA¾¹°òÂ¦³]©w
¡@¡@3.1¬°¦ó¨Ï¥Îvsftpd¡H
¡@¡@3.2©Ò»Ýnªº®M¥ó¥H¤Î®M¥óµ²ºc
¡@¡@3.3vsftpd.conf³]©wÈ»¡©ú
¡@¡@3.4vsftpd±Ò°Êªº¼Ò¦¡
¡@¡@3.5CentOSªºvsftpd¹w³]È
¡@¡@3.6¶È¦³¹êÅé¥Î¤áµn¤Jªº³]©w¡G
¡@¡@¡@¡@chrootªº¨Ï¥Î,§óÄY®æªºchrootÀô¹Ò,
¡@¡@¡@¡@¨î¤U¸üÀW¼e,¨î³Ì¤j¤W½u¤H¼Æ»P¦P¤@IPªº¨Ó·½¼Æ,
¡@¡@¡@¡@«Ø¥ßÄY®æªº¥i¨Ï¥ÎFTPªº±b¸¹¦Cªí,
¡@¡@3.7¶È¦³°Î¦Wµn¤Jªº¬ÛÃö³]©w¡G
¡@¡@¡@¡@«Ø¥ß¤W¶Ç/¤U¸ü¥Ø¿ý,«Ø¥ß¶È¥i¤W¶Ç¥Ø¿ý,
¡@¡@¡@¡@³Q°Ê¦¡³s½u°ð¤fªº¨î
4.¥Î¤áºÝªºFTP³s½u³nÅé
5.¨ä¥LFTP¦øªA¾¹¬ÛÃö³]©w
¡@¡@5.1¨¾¤õÀð³]©w
¡@¡@5.2Super daemonªºÃB¥~ºÞ²z¶µ¥Ø
¡@¡@5.3±`¨£°ÝÃD»P¸Ñ¨M¤§¹D
6.«ÂI¦^ÅU
7.½Ò«á½m²ß
8.°Ñ¦Ò¸ê®Æ
9.°w¹ï¥»¤åªº«ØÄ³¡Ghttp://phorum.vbird.org/viewtopic.php?p=118520

¥»³¹ªº¦æ«e·Ç³Æ¤u§@

¥²¶·n¼ô±xºô¸ô°òÂ¦¡A¤×¨ä¬Oºô¸ô³s½uªº«Ø¥ß¬OÂù¦Vªº³oÓ·§©À¡F
¥²¶·nÁA¸Ñ¨¾¤õÀðªº¾÷¨î¡A¤×¨ä·í¨¾¤õÀð¬[³]¦b¸ô¥Ñ¾¹¤Wªººô¸ô¬[ºc®É¡C
¥²¶·nÁA¸Ñstand alone»Psuper daemonªº±Ò°Ê¤è¦¡¡C

FTPªº¸ê®Æ³sµ²ì²z

FTP¥\¯àÂ²¤¶

¤£¦Pµ¥¯Åªº¨Ï¥ÎªÌ¨¥÷¡G

(1)¹êÅé±b¸¹,real user¡F(2)³X«È,guest¡F(3)°Î¦Wµn¤JªÌ,anonymous

©R¥O°O¿ý»Pµn¿ýÀÉ°O¿ý¡G

syslogd³oÓdaemon

¨î©Î¸Ñ°£¨Ï¥ÎªÌ®a¥Ø¿ý©Ò¦b(change root,Â²ºÙchroot)¡G

FTPªº¹B§@¬yµ{»P¨Ï¥Î¨ìªº°ð¤f

ºô¸ô°òÂ¦

FTP¦øªA¾¹¨Ï¥Î¤F¨âÓ³s½u¡A¤À§O¬O©R¥O³q¹D»P¸ê®Æ¬y³q¹D(ftp-data)¡C

FTP¹w³]ªº¥D°Ê¦¡(active)³s½u

¹Ï¤@¡BFTP¦øªA¾¹ªº¥D°Ê¦¡³s½u¥Ü·N¹Ï

«Ø¥ß©R¥O³q¹Dªº³s½u
¦p¤W¹Ï¤@©Ò¥Ü¡A¥Î¤áºÝ·|ÀH¾÷¨ú¤@Ó¤j©ó1024¥H¤Wªº°ð¤f(port AA)¨Ó»PFTP¦øªA¾¹ºÝªºport 21¹F¦¨³s½u¡A³oÓ¹Lµ{·íµM»Ýn¤T¦V¥æ´¤¤F¡I¹F¦¨³s½u«á¥Î¤áºÝ«K¥i¥H³z¹L³oÓ³s½u¨Ó¹ïFTP¦øªA¾¹¤U¹F«ü¥O¡A¥]¬A¬d¸ßÀÉ¦W¡B¤U¸ü¡B¤W¶Çµ¥µ¥«ü¥O³£¬O§Q¥Î³oÓ³q¹D¨Ó¤U¹Fªº¡F

³qª¾FTP¦øªA¾¹ºÝ¨Ï¥Îactive¥B§iª¾³s±µªº°ð¸¹
FTP¦øªA¾¹ªº21°ð¸¹¥Dn¥Î¦b©R¥Oªº¤U¹F¡A¦ý¬O·í²o¯A¨ì¸ê®Æ¬y®É¡A´N¤£¬O¨Ï¥Î³oÓ³s½u¤F¡C¥Î¤áºÝ¦b»Ýn¸ê®Æªº±¡ªp¤U¡A·|§iª¾¦øªA¾¹ºÝn¥Î¤°»ò¤è¦¡¨Ó³s½u¡A¦pªG¬O¥D°Ê¦¡(active)³s½u®É¡A¥Î¤áºÝ·|¥ýÀH¾÷±Ò¥Î¤@Ó°ð¤f(¹Ï¤@·í¤¤ªºport BB)¡A¥B³z¹L©R¥O³q¹D§iª¾FTP¦øªA¾¹³o¨âÓ¸ê°T¡A¨Ãµ¥«ÝFTP¦øªA¾¹ªº³s½u¡F

FTP¦øªA¾¹¡y¥D°Ê¡z¦V¥Î¤áºÝ³s½u
FTP¦øªA¾¹¥Ñ©R¥O³q¹DÁA¸Ñ¥Î¤áºÝªº»Ý¨D«á¡A·|¥D°Êªº¥Ñ20³oÓ°ð¸¹¦V¥Î¤áºÝªºport BB³s½u¡A³oÓ³s½u·íµM¤]·|¸g¹L¤T¦V¥æ´¤°Õ¡I¦¹®ÉFTPªº¥Î¤áºÝ»P¦øªA¾¹ºÝ¦@·|«Ø¥ß¨â±ø³s½u¡A¤À§O¥Î¦b©R¥Oªº¤U¹F»P¸ê®Æªº¶Ç»¼¡C¦Ó¹w³]FTP¦øªA¾¹ºÝ¨Ï¥Îªº¥D°Ê³s½u°ð¸¹´N¬Oport 20Åo¡I

¨Ï¥Î¨ìªº°ð¸¹

©R¥O³q¹Dªºftp(¹w³]¬°port 21)»P

¸ê®Æ¶Ç¿éªºftp-data(¹w³]¬°port 20)¡C

¨âªÌªº³s½u¤è¦V¬O¤£¤@¼Ëªº

¦bFTP¦øªA¾¹»P¥Î¤áºÝ¤§¶¡¨ã¦³¨¾¤õÀðªº³s½u°ÝÃD¡G

¨¾¤õÀð

¹Ï¤G¡BYFTP¥Î¤áºÝ»P¦øªA¾¹ºÝ³s½u¤¤¶¡¨ã¦³¨¾¤õÀðªº³s½uª¬ºA

©R¥O³q¹Dªº«Ø¥ß¡G
¦]¬°NAT¥D¾÷·|¥D°Êªº°O¿ý¥Ñ¤º³¡°e©¹¥~³¡ªº³s½u¸ê°T¡A¦Ó¥Ñ©ó©R¥O³q¹Dªº«Ø¥ß¬O¥Ñ¥Î¤áºÝ¦V¦øªA¾¹ºÝ³s½uªº¡A¦]¦¹³o¤@±ø³s½u¥i¥H¶¶§Qªº«Ø¥ß°_¨Óªº¡F

¸ê®Æ³q¹D«Ø¥ß®Éªº³qª¾¡G
¦P¼Ëªº¡A¥Î¤áºÝ¥D¾÷·|¥ý±Ò¥Îport BB¡A¨Ã³z¹L©R¥O³q¹D§iª¾FTP¦øªA¾¹¡A¥Bµ¥«Ý¥D¾÷ºÝªº¥D°Ê³s½u¡F

¥D¾÷ªº¥D°Ê³s½u°ÝÃD¡G
¦ý¬O¥Ñ©ó³z¹LNAT¥D¾÷ªºÂà´««á¡AFTP¦øªA¾¹¥u¯à±oª¾NAT¥D¾÷ªºIP¦Ó¤£¬O¥Î¤áºÝªºIP¡A¦]¦¹FTP¦øªA¾¹·|¥Hport 20¥D°Êªº¦VNAT¥D¾÷ªºport BBµo°e¥D°Ê³s½uªºn¨D¡C¦ý§AªºNAT¥D¾÷¨Ã¨S¦³±Ò°Êport BB¨ÓºÊÅ¥FTP¦øªA¾¹ªº³s½u°Ú¡I

Can't build data connection: Connection refused¡AµLªk¶i¦æ¸ê®Æ¶Ç¿é

¨Ï¥Îiptables©Ò´£¨ÑªºFTP°»´ú¼Ò²Õ¡G
¨ä¹êiptables¦´N´£¨Ñ¤F³\¦h¦n¥Îªº¼Ò²Õ¤F¡A³oÓFTP·íµM¤£·|³Q¿ù¹L¡I§A¥i¥H¨Ï¥Îmodprobe³oÓ«ü¥O¨Ó¸ü¤Jip_conntrack_ftp¤Îip_nat_ftpµ¥¼Ò²Õ¡A³o´XÓ¼Ò²Õ·|¥D°Êªº¤ÀªR¡y¥Ø¼Ð¬Oport 21ªº³s½u¡z¸ê°T¡A©Ò¥H¥i¥H±o¨ìport BBªº¸ê®Æ¡A¦¹®ÉY±µ¨ü¨ìFTP¦øªA¾¹ªº¥D°Ê³s½u¡A´N¯à°÷±N¸Ó«Ê¥]¾É¦V¥¿½Tªº«áºÝ¥D¾÷¤F¡I^_^

¤£¹L¡A¦pªG§A³sµ²ªº¥Ø¼ÐFTP¦øªA¾¹¥Lªº©R¥O³q¹D¹w³]°ð¸¹¨Ã«D¼Ð·Çªº21°ð¸¹®É(¨Ò¦p¬Y¨Ç¦a¤UFTP¦øªA¾¹)¡A¨º»ò³o¨âÓ¼Ò²Õ´NµLªk¶¶§Q¸ÑªR¥X¨Ó¤F¡A³o¼Ë»¡¡A²z¸Ñ¶Ü¡H
¥Î¤áºÝ¿ï¾Ü³Q°Ê¦¡(Passive)³s½u¼Ò¦¡¡G
°£¤F¥D°Ê¦¡³s½u¤§¥~¡AFTPÁÙ´£¨Ñ¤@ºØºÙ¬°³Q°Ê¦¡³s½uªº¼Ò¦¡¡A¤°»ò¬O³Q°Ê¦¡©O¡H¬JµM¥D°Ê¦¡¬O¥Ñ¦øªA¾¹¦V¥Î¤áºÝ³s½u¡A¤Ï¹L¨ÓÁ¿¡A³Q°Ê¦¡´N¬O¥Ñ¥Î¤áºÝ¦V¦øªA¾¹ºÝµo°_³s½uªºÅo¡I¬JµM¬O¥Ñ¥Î¤áºÝµo°_³s½uªº¡A¨º¦ÛµM´N¤£»Ýn¦Ò¼{¨Ó¦Ûport 20ªº³s½u°Õ¡IÃö©ó³Q°Ê¦¡³s½u¼Ò¦¡±N¦b¤U¤@¤p¸`¤¶²Ð³á¡I

¥Î¤áºÝ¿ï¾Ü³Q°Ê¦¡³s½u¼Ò¦¡

¹Ï¤T¡B³Q°Ê¦¡³s½uªº¤è¦V

«Ø¥ß©R¥O³q¹D¡G
¦P¼Ëªº»Ýn«Ø¥ß©R¥O³q¹D¡A³z¹L¤T¦V¥æ´¤´N¥i¥H«Ø¥ß°_³oÓ³q¹D¤F¡C

µo¥XPASVªº³s½un¨D¡G
·í¦³¨Ï¥Î¸ê®Æ³q¹Dªº«ü¥O®É¡A¥Î¤áºÝ¥i³z¹L©R¥O³q¹Dµo¥XPASVªº³Q°Ê¦¡³s½un¨D(PassiveªºÁY¼g)¡A¨Ãµ¥«Ý¦øªA¾¹ªº¦^À³¡F

FTP¦øªA¾¹±Ò°Ê¸ê®Æ°ð¤f¡A¨Ã³qª¾¥Î¤áºÝ³s½u¡G
¦pªG§AªºFTP¦øªA¾¹¬O¯à°÷³B²z³Q°Ê¦¡³s½uªº¡A¦¹®ÉFTP¦øªA¾¹·|¥ý±Ò°Ê¤@Ó°ð¤f¦bºÊÅ¥¡C³oÓ°ð¤f¸¹½X¥i¯à¬OÀH¾÷ªº¡A¤]¥i¥H¦Ûq¬Y¤@½d³òªº°ð¤f¡AºÝ¬Ý§AªºFTP¦øªA¾¹³nÅé¦Ó©w¡CµM«á§AªºFTP¦øªA¾¹·|³z¹L©R¥O³q¹D§iª¾¥Î¤áºÝ¸Ó¤w¸g±Ò°Êªº°ð¤f(¹Ï¤¤ªºport PASV)¡A¨Ãµ¥«Ý¥Î¤áºÝªº³s½u¡C

¥Î¤áºÝÀH¾÷¨ú¥Î¤j©ó1024ªº°ð¤f¶i¦æ³s±µ¡G
µM«á§Aªº¥Î¤áºÝ·|ÀH¾÷¨ú¥Î¤@Ó¤j©ó1024ªº°ð¸¹¨Ó¹ï¥D¾÷ªºport PASV³s½u¡C¦pªG¤@¤Á³£¶¶§Qªº¸Ü¡A¨º»ò§AªºFTP¸ê®Æ´N¥i¥H³z¹Lport BB¤Îport PASV¨Ó¶Ç°e¤F¡C

FTPªº¦w¥þ©Ê°ÝÃD»P´À¥N¤è®×

Telnet

SSH

ÀH®É§ó·s¨ì³Ì·sª©¥»ªºFTP³nÅé¡A¨ÃÀH®Éª`·Nº|¬}°T®§¡F
µ½¥Îiptables¨Ó³W©w¥i¥H¨Ï¥ÎFTPªººô°ì¡F
µ½¥ÎTCP_Wrappers¨Ó³W½d¥i¥Hµn¤Jªººô°ì¡F
µ½¥ÎFTP³nÅéªº³]©w¨Ó¨î¨Ï¥Î±zFTP¥D¾÷ªº¨Ï¥ÎªÌªº¤£¦PÅv°Ú¡F
¨Ï¥ÎSuper daemon¨Ó¶i¶¥ºÞ²z±zªºFTP¥D¾÷¡F
ÀH®Éª`·N¨Ï¥ÎªÌªº®a¥Ø¿ý¡B¥H¤Î°Î¦W¨Ï¥ÎªÌµn¤Jªº¥Ø¿ýªº¡yÀÉ®×Åv¡z¡F

Y¤£¹ï¥~¤½¶}ªº¸Ü¡A©Î³\¤]¥i¥H×§ïFTPªºport¡C

¶}©ñ¤°»ò¨¥÷ªº¨Ï¥ÎªÌµn¤J

¶}©ñ¹êÅé¥Î¤áªº±¡ªp(Real user)¡G
³X«È¨¥÷(Guest)
°Î¦Wµn¤J¨Ï¥ÎªÌ(anonymous)
¤@¯ë¨Ó»¡¡A¦pªG§A¬On©ñ¸m¤@¨Ç¤½¶}ªº¡B¨S¦³ª©ÅvªÈ¯Éªº¸ê®Æ¦bºô¸ô¤W¨Ñ¤H¤U¸üªº¸Ü¡A¨º»ò¤@Ó¶È´£¨Ñ°Î¦Wµn¤JªºFTP¦øªA¾¹¡A¨Ã¥B¹ï¾ãÓºô»Úºô¸ô¶}©ñ¬OOKªº°Õ¡I¤£¹L¡A¦pªG§A¹wpn´£¨Ñªºªº³nÅé©Î¸ê®Æ¬O¨ã¦³ª©Åvªº¡A¦ý¬O¸Óª©Åv¤¹³\§A¦b¶Q³æ¦ì¤º¶Ç¿éªº±¡ªp¤U¡A¨º»ò¬[³]¤@Ó¡y¶È°w¹ï¤º³¡¶}©ñªº°Î¦WFTP¦øªA¾¹(§Q¥Î¨¾¤õÀð³B²z)¡z¤]¬OOKªº°Õ¡I

¦pªG§AÁÙ·QnÅý¨Ï¥ÎªÌ¤ÏõXªº¸Ü¡A¨º¬O§_n¬[³]¤@Ó°Î¦WªÌ¥i¤W¶Çªº°Ï°ì©O¡H³¾ô¹ï³o¥ó¨Æ±¡ªº¬Ýªk¬O....¡y¸U¸U¤£¥i¡z°Ú¡I¦pªGnÅý¨Ï¥ÎªÌ¤ÏõXªº¸Ü¡A°£«D¸Ó¨Ï¥ÎªÌ¬O§A«H¥ôªº¡A§_«h¤£n¤¹³\¹ï¤è¤W¶Ç¡I©Ò¥H¦¹®É¤@ÓÀÉ®×¨t²ÎÅvºÞ²zÄY®æªºFTP¦øªA¾¹¡A¨Ã´£¨Ñ¹êÅé¥Î¤áªºµn¤J´N¦³ÂI»Ý¨D°Õ¡IÁ`¤§¡An¨Ì·Ó±zªº»Ý¨D¨Ó«ä¦Ò¬O§_¦³»Ýn³á¡I

vsftpd¦øªA¾¹°òÂ¦³]©w

Very Secure FTP Daemon

¬°¦ó¨Ï¥Îvsftpd

µ{§Ç»P¸ê·½ºÞ²z

chrootÅU¦W«ä¸q´N¬O¡ychange root directory¡zªº·N«ä

vsftpd³oÓªA°Èªº±Ò°ÊªÌ¨¥÷¬°¤@¯ë¨Ï¥ÎªÌ¡A©Ò¥H¹ï©óLinux¨t²Îªº¨Ï¥ÎÅv¸û§C¡A¹ï©óLinux¨t²Îªº¦M®`´N¬Û¹ïªº´î§C¤F¡C¦¹¥~¡Avsftpd¥ç§Q¥Îchroot()³oÓ¨ç¦¡¶i¦æ§ï´«®Ú¥Ø¿ýªº°Ê§@¡A¨Ï±o¨t²Î¤u¨ã¤£·|³Qvsftpd³o¤äªA°È©Ò»~¥Î¡F

¥ô¦ó»Ýn¨ã¦³¸û°ª°õ¦æÅvªºvsftpd«ü¥O§¡¥H¤@¤ä¯S®íªº¤W¼hµ{§Ç(parent process)©Ò±±¨î¡A¸Ó¤W¼hµ{§Ç¨É¦³ªº¸û°ª°õ¦æÅv¥\¯à¤w¸g³Q¨îªº¬Û·íªº§C¡A¨Ã¥H¤£¼vÅTLinux¥»¨ªº¨t²Î¬°·Ç¡F

µ´¤j³¡¤Àftp·|¨Ï¥Î¨ìªºÃB¥~«ü¥O¥\¯à(dir,ls,cd ...)³£¤w¸g³Q¾ã¦X¨ìvsftpd¥Dµ{¦¡·í¤¤¤F¡A¦]¦¹²z½×¤Wvsftpd¤£»Ýn¨Ï¥Î¨ìÃB¥~ªº¨t²Î´£¨Ñªº«ü¥O¡A©Ò¥H¦bchrootªº±¡ªp¤U¡Avsftpd¤£¦ý¥i¥H¶¶§Q¹B§@¡A¥B¤£»ÝnÃB¥~¥\¯à¹ï©ó¨t²Î¨Ó»¡¤]¤ñ¸û¦w¥þ¡C

©Ò¦³¨Ó¦Û¥Î¤áºÝ¥B·Qn¨Ï¥Î³o¤ä¤W¼hµ{§Ç©Ò´£¨Ñªº¸û°ª°õ¦æÅv¤§vsftpd«ü¥Oªº»Ý¨D¡A§¡³Qµø¬°¡y¤£¥i«H¥ôªºn¨D¡z¨Ó³B²z¡A¥²»Ýn¸g¹L¬Û·íµ{«×ªº¨¥÷½T»{«á¡A¤è¥i§Q¥Î¸Ó¤W¼hµ{§Çªº¥\¯à¡C¨Ò¦pchown(),Loginªºn¨Dµ¥µ¥°Ê§@¡F

¦¹¥~¡A¤W±´£¨ìªº¤W¼hµ{§Ç¤¤¡A¨ÌµM¨Ï¥Îchroot()ªº¥\¯à¨Ó¨î¨Ï¥ÎªÌªº°õ¦æÅv¡C

©Ò»Ýnªº®M¥ó¥H¤Î®M¥óµ²ºc

/etc/vsftpd/vsftpd.conf
ÄY®æ¨Ó»¡¡A¾ãÓvsftpdªº³]©wÀÉ´N¥u¦³³oÓÀÉ®×¡I³oÓÀÉ®×ªº³]©w¬O¥HbashªºÅÜ¼Æ³]©w¬Û¦Pªº¤è¦¡¨Ó³B²zªº¡A¤]´N¬O¡y°Ñ¼Æ=³]©wÈ¡z¨Ó³]©wªº¡Aª`·N¡Aµ¥¸¹¨âÃä¤£¯à¦³ªÅ¥Õ³á¡I¦Ü©ó¸Ô²Óªºvsftpd.conf¥i¥H¨Ï¥Î¡yman 5 vsftpd.conf¡z¨Ó¸Ô¬d¡C

/etc/pam.d/vsftpd
³oÓ¬Ovsftpd¨Ï¥ÎPAM¼Ò²Õ®Éªº¬ÛÃö³]©wÀÉ¡C¥Dn¥Î¨Ó§@¬°¨¥÷»{ÃÒ¤§¥Î¡AÁÙ¦³¤@¨Ç¨Ï¥ÎªÌ¨¥÷ªº©è¾×¥\¯à¡A¤]¬O³z¹L³oÓÀÉ®×¨Ó¹F¦¨ªº¡C§A¥i¥H¹î¬Ý¤@¤U¸ÓÀÉ®×¡G


[root@linux ~]# cat /etc/pam.d/vsftpd
#%PAM-1.0
auth     required  pam_listfile.so item=user sense=deny 
file=/etc/vsftpd.ftpusers onerr=succeed
auth     required  pam_stack.so service=system-auth
auth     required  pam_shells.so
account  required  pam_stack.so service=system-auth
session  required  pam_stack.so service=system-auth

¤W±ªº¯S®í¦rÅé¬°¦P¤@¦æ¡A¨ºÓfile«á±±µªºÀÉ®×¬O¡y¨î¨Ï¥ÎªÌµLªk¨Ï¥Îvsftpd¡z¤§·N¡A¤]´N¬O»¡¡A¨ä¹ê§Aªº¨îÀÉ®×¤£¨£±on¨Ï¥Î¨t²Î¹w³]È¡A¤]¥i¥H¦b³oÓÀÉ®×¸Ì±¶i¦æ×§ï°Õ¡I^_^

/etc/vsftpd.ftpusers
»P¤W¤@ÓÀÉ®×¦³Ãö«Y¡A¤]´N¬OPAM¼Ò²Õ(/etc/pam.d/vsftpd_©Ò«ü©wªº¨ºÓµLªkµn¤Jªº¨Ï¥ÎªÌ³]©wÀÉ°Ú¡I³oÓÀÉ®×ªº³]©w«ÜÂ²³æ¡A§A¥un±N¡y¤£·QÅý¥Lµn¤Jªº±b¸¹¡z¼g¤J³oÓÀÉ®×§Y¥i¡C¤@¦æ¤@Ó±b¸¹¡A¬Ý°_¨Ó¹³³o¼Ë¡G
[root@linux ~]# cat /etc/vsftpd.ftpusers # Users that are not allowed to login via ftp root bin daemon ....©³¤U¬Ù²¤....
Á@¨£¨S¦³¡Hµ´¤j³¡¤Àªº¨t²Î±b¸¹³£¦b³oÓÀÉ®×¤º³á¡A¤]´N¬O»¡¡A¨t²Î±b¸¹¹w³]¬O¨S¦³¿ìªk¨Ï¥Îvsftpdªº°Õ¡I¦pªG§AÁÙ·QnÅý¬Y¨Ç¨Ï¥ÎªÌµLªkµn¤J¡A¼g¦b³o¸Ì¬O³Ì§Öªº¡I

/etc/vsftpd.user_list
³oÓÀÉ®×¬O§_¯à°÷¥Í®Ä»Pvsftpd.conf¤ºªº¨âÓ°Ñ¼Æ¦³Ãö¡A¤À§O¬O¡yuserlist_enable,userlist_deny¡z¡C¦pªG»¡/etc/vsftpd.ftpusers¬OPAM¼Ò²Õªº©è¾×³]©w¶µ¥Ø¡A¨º»ò³oÓ/etc/vsftpd.user_list«h¬Ovsftpd¦Ûqªº©è¾×¶µ¥Ø¡C¨Æ¹ê¤W³oÓÀÉ®×»P/etc/vsftpd.ftpusers´X¥G¤@¼Ò¤@¼Ë¡A¦b¹w³]ªº±¡ªp¤U¡A§A¥i¥H±N¤£§Æ±æ¥iµn¤Jvsftpdªº±b¸¹¼g¤J³o¸Ì¡C¤£¹L³oÓÀÉ®×ªº¥\¯à·|¨Ì¾Úvsftpd.conf³]©wÀÉ¤ºªºuserlist_deny={YES/NO}¦Ó¤£¦P¡A³o±on¯S§O¯d·N³á¡I

/etc/vsftpd.chroot_list
³oÓÀÉ®×¹w³]¬O¤£¦s¦bªº¡A©Ò¥H§A¥²¶·n¤â°Ê¦Û¦æ«Ø¥ß¡C³oÓÀÉ®×ªº¥Dn¥\¯à¬O¥i¥H±N¬Y¨Ç±b¸¹ªº¨Ï¥ÎªÌchroot¦b¥LÌªº®a¥Ø¿ý¤U¡I¦ý³oÓÀÉ®×n¥Í®Ä»Pvsftpd.conf¤ºªº¡ychroot_list_enable,chroot_list_file¡z¨âÓ°Ñ¼Æ¦³Ãö¡C¦pªG§A·Qn±N¬Y¨Ç¹êÅé¥Î¤á¨î¦b¥LÌªº®a¥Ø¿ý¤U¦Ó¤£³\¨ì¨ä¥L¥Ø¿ý¥h¡A¥i¥H±Ò°Ê³oÓ³]©w¶µ¥Ø³á¡I

/usr/sbin/vsftpd
³o´N¬Ovsftpdªº¥Dn°õ¦æÀÉ«£¡I¤£nÃhºÃ¡Avsftpd¥u¦³³o¤@Ó°õ¦æÀÉ¦Ó¤w°Ú¡I

/var/ftp/
³oÓ¬Ovsftpdªº¹w³]°Î¦WªÌµn¤Jªº®Ú¥Ø¿ý³á¡I

vsftpd.conf³]©wÈ»¡©ú

»P¥D¾÷¸û¬ÛÃöªº³]©wÈ

connect_from_port_20=YES(NO)
°O±o¦b«e¤@¤p¸`´£¨ìªº¥D°Ê¦¡³s½u¨Ï¥ÎªºFTP¦øªA¾¹ªº°ð¸¹¶Ü¡H³o´N¬Oftp-dataªº°ð¸¹¡F

listen_port=21
vsftpd¨Ï¥Îªº©R¥O³q¹D¤§°ð¸¹¡A¦pªG±z·Qn¨Ï¥Î«D¥¿³Wªº°ð¸¹¡A¦b³oÓ³]©w¶µ¥Ø×§ï§a¡I¤£¹L§A¥²¶·nª¾¹D¡A³oÓ³]©wÈ¶È¾A¦X¥Hstand aloneªº¤è¦¡¨Ó±Ò°Ê³á¡I(¹ï©ósuper daemonµL®Ä)

dirmessage_enable=YES(NO)
·í¨Ï¥ÎªÌ¶i¤J¬YÓ¥Ø¿ý®É¡A·|Åã¥Ü¸Ó¥Ø¿ý»Ýnª`·Nªº¤º®e¡AÅã¥ÜªºÀÉ®×¹w³]¬O.message¡A§A¥i¥H¨Ï¥Î©³¤Uªº³]©w¶µ¥Ø¨Ó×q¡I

message_file=.message
·ídirmessage_enable=YES®É¡A¥i¥H³]©w³oÓ¶µ¥Ø¨ÓÅývsftpd´M§ä¸ÓÀÉ®×¨ÓÅã¥Ü°T®§¡I

listen=YES(NO)
Y³]©w¬°YESªí¥Üvsftpd¬O¥Hstandaloneªº¤è¦¡¨Ó±Ò°Êªº¡I

pasv_enable=YES(NO)
±Ò°Ê³Q°Ê¦¡³s½u¼Ò¦¡(passive mode)¡A¤@©wn³]©w¬°YESªº°Õ¡I

use_localtime=YES(NO)
¬O§_¨Ï¥Î¥»¦a®É¶¡¡Hvsftpd¹w³]¨Ï¥ÎGMT®É¶¡(®æªL«Âªv)¡A©Ò¥H·|¤ñ¥xÆW±ß8¤p®É¡A«ØÄ³³]©w¬°YES§a¡I

write_enable=YES(NO)
¦pªG§A¤¹³\¨Ï¥ÎªÌ¤W¶Ç¸ê®Æ®É¡A´Nn±Ò°Ê³oÓ³]©wÈ¡F

connect_timeout=60
³æ¦ì¬O¬í¡A¦b¸ê®Æ³s±µªº¥D°Ê¦¡³s½u¼Ò¦¡¤U¡A§ÚÌµo¥Xªº³s±µ°T¸¹¦b60¬í¤º±o¤£¨ì¥Î¤áºÝªº¦^À³¡A«h¤£µ¥«Ý¨Ã±j¨îÂ_½u«£¡C

accept_timeout=60
·í¨Ï¥ÎªÌ¥H³Q°Ê¦¡PASV¨Ó¶i¦æ¸ê®Æ¶Ç¿é®É¡A¦pªG¥D¾÷±Ò¥Îpassive port¨Ãµ¥«Ýclient¶W¹L60¬í¦ÓµL¦^À³¡A¨º»ò´Nµ¹¥L±j¨îÂ_½u¡I³oÓ³]©wÈ»Pconnect_timeoutÃþ¦ü¡A¤£¹L¤@Ó¬OºÞ²z¥D°Ê³s½u¡A¤@ÓºÞ²z³Q°Ê³s½u¡C

data_connection_timeout=300
¦pªG¦øªA¾¹»P¥Î¤áºÝªº¸ê®Æ³s½u¤w¸g¦¨¥\«Ø¥ß(¤£½×¥D°ÊÁÙ¬O³Q°Ê³s½u)¡A¦ý¬O¥i¯à¥Ñ©ó½u¸ô°ÝÃD¾ÉP300¬í¤ºÁÙ¬OµLªk¶¶§Qªº§¹¦¨¸ê®Æªº¶Ç°e¡A¨º¥Î¤áºÝªº³s½u´N·|³Q§ÚÌªºvsftpd±j¨îç°£¡I

idle_session_timeout=300
¦pªG¨Ï¥ÎªÌ¦b300¬í¤º³£¨S¦³©R¥O°Ê§@¡A±j¨îÂ÷½u¡I

max_clients=0
¦pªGvsftpd¬O¥Hstand alone¤è¦¡±Ò°Êªº¡A¨º»ò³oÓ³]©w¶µ¥Ø¥i¥H³]©w¦P¤@®É¶¡¡A³Ì¦h¦³¦h¤Öclient¥i¥H¦P®É³s¤Wvsftpdù¡I¡H

max_per_ip=0
»P¤W±max_clientsÃþ¦ü¡A³o¸Ì¬O¦P¤@ÓIP¦P¤@®É¶¡¥i¤¹³\¦h¤Ö³s½u¡H

pasv_max_port=0,pasv_max_port=0
¤W±¨âÓ¬O»Ppassive mode¨Ï¥Îªºport number¦³Ãö¡A¦pªG±z·Qn¨Ï¥Î65400¨ì65410³o11Óport¨Ó¶i¦æ³Q°Ê¦¡³s½u¼Ò¦¡ªº³s±µ¡A¥i¥H³o¼Ë³]©wpasv_max_port=65410¥H¤Îpasv_min_port=65400¡C¦pªG¬O0ªº¸Ü¡Aªí¥ÜÀH¾÷¨ú¥Î¦Ó¤£¨î¡C

ftpd_banner=¤@¨Ç¤å¦r»¡©ú
·í¨Ï¥ÎªÌ³s½u¶i¤J¨ìvsftpd®É¡A¦bFTP¥Î¤áºÝ³nÅé¤WÀY·|Åã¥Üªº»¡©ú¤å¦r¡C¤£¹L¡A³oÓ³]©wÈ¸ê®Æ¤ñ¸û¤Ö°Õ¡I«ØÄ³§A¥i¥H¨Ï¥Î©³¤Uªº³]©wÈ¨Ó¨ú¥N³oÓ¶µ¥Ø¡F

banner_file=/path/file
³oÓ¶µ¥Ø¥i¥H«ü©w¬YÓ¯Â¤å¦rÀÉ§@¬°¨Ï¥ÎªÌµn¤Jvsftpd¦øªA¾¹®É©ÒÅã¥ÜªºÅwªï¦r²´¡C

»P¹êÅé¥Î¤á¸û¬ÛÃöªº³]©wÈ

guest_enable=YES(NO)
Y³oÓÈ³]©w¬°YES®É¡A¨º»ò¥ô¦ó«Danonymousµn¤Jªº±b¸¹¡A§¡·|³Q°²³]¦¨¬°guest(³X«È)³á¡I¦Ü©ó³X«È¦bvsftpd·í¤¤¡A¹w³]·|¨ú±oftp³oÓ¨Ï¥ÎªÌªº¬ÛÃöÅv¡C¦ý¥i¥H³z¹Lguest_username¨Ó×§ï¡C

guest_username=ftp
¦bguest_enable=YES®É¤~·|¥Í®Ä¡A«ü©w³X«Èªº¨¥÷¦Ó¤w¡C

local_enable=YES(NO)
³oÓ³]©wÈ¥²¶·n¬°YES®É¡A¦b/etc/passwd¤ºªº±b¸¹¤~¯à¥H¹êÅé¥Î¤áªº¤è¦¡µn¤J§ÚÌªºvsftpd¥D¾÷³á¡I

local_max_rate=0
¹êÅé¥Î¤áªº¶Ç¿é³t«×¨î¡A³æ¦ì¬°bytes/second¡A0¬°¤£¨î¡C

chroot_local_user=YES(NO)
±N¨Ï¥ÎªÌ¨î¦b¦Û¤vªº®a¥Ø¿ý¤§¤º(chroot)¡I³oÓ³]©w¦bvsftpd·í¤¤¹w³]¬ONO¡A¦]¬°¦³©³¤U¨âÓ³]©w¶µ¥Øªº»²§U³á¡I©Ò¥H¤£»Ýn±Ò°Ê¥L¡I
chroot_list_enable=YES(NO)
¬O§_±Ò¥Î±N¬Y¨Ç¹êÅé¥Î¤á¨î¦b¥LÌªº®a¥Ø¿ý¤º¡H¹w³]¬ONO¡A¤£¹L¡A¦pªG±z·QnÅý¬Y¨Ç¨Ï¥ÎªÌµLªkÂ÷¶}¥LÌªº®a¥Ø¿ý®É¡A¥i¥H¦Ò¼{±N³oÓ³]©w¬°YES¡A¨Ã¥B³W¹º¤UÓ³]©wÈ

chroot_list_file=/etc/vsftpd.chroot_list
¦pªGchroot_list_enable=YES¨º»ò´N¥i¥H³]©w³oÓ¶µ¥Ø¤F¡I¥L¸Ì±¥i¥H³W©w¨º¤@Ó¹êÅé¥Î¤á·|³Q¨î¦b¦Û¤vªº®a¥Ø¿ý¤º¦ÓµLªkÂ÷¶}¡I(chroot)¤@¦æ¤@Ó±b¸¹§Y¥i¡I

userlist_enable=YES(NO)
¬O§_ÂÇ§Uvsftpdªº©è¾×¾÷¨î¨Ó³B²z¬Y¨Ç¤£¨üÅwªïªº±b¸¹¡A»P©³¤Uªº³]©w¦³Ãö¡F

userlist_deny=YES(NO)
·íuserlist_enable=YES®É¤~·|¥Í®Äªº³]©w¡AY¦¹³]©wÈ¬°YES®É¡A«h·í¨Ï¥ÎªÌ±b¸¹³Q¦C¤J¨ì¬YÓÀÉ®×®É¡A¦b¸ÓÀÉ®×¤ºªº¨Ï¥ÎªÌ±NµLªkµn¤Jvsftpd¦øªA¾¹¡I¸ÓÀÉ®×ÀÉ¦W»P¤U¦C³]©w¶µ¥Ø¦³Ãö¡C
userlist_file=/etc/vsftpd.user_list
Y¤W±userlist_deny=YES®É¡A«h³oÓÀÉ®×´N¦³¥Î³B¤F¡I¦b³oÓÀÉ®×¤ºªº±b¸¹³£µLªk¨Ï¥Îvsftpd³á¡I

°Î¦WªÌµn¤Jªº³]©wÈ

anonymous_enable=YES(NO)
³]©w¬°¤¹³nonymousµn¤J§ÚÌªºvsftpd¥D¾÷¡I¹w³]¬OYES¡A©³¤Uªº©Ò¦³¬ÛÃö³]©w³£»Ýn±N³oÓ³]©w¬°anonymous_enable=YES¤§«á¤~·|¥Í®Ä¡I

anon_world_readable_only=YES(NO)
¶È¤¹³nonymous¨ã¦³¤U¸ü¥iÅªÀÉ®×ªºÅv¡A¹w³]¬OYES¡C

anon_other_write_enable=YES(NO)
¬O§_¤¹³nonymous¨ã¦³¼g¤JªºÅv¡H¹w³]¬ONO¡I¦pªGn³]©w¬°YES¡A¨º»ò¶}©ñµ¹anonymous¼g¤Jªº¥Ø¿ý¥ç»Ýn½Õ¾ãÅv¡AÅývsftpdªºPID¾Ö¦³ªÌ¥i¥H¼g¤J¤~¦æ¡I

anon_mkdir_write_enable=YES(NO)
¬O§_Åýanonymous¨ã¦³«Ø¥ß¥Ø¿ýªºÅv¡H¹w³]È¬ONO¡I¦pªGn³]©w¬°YES¡A¨º»òanony_other_write_enable¥²¶·³]©w¬°YES¡I

anon_upload_enable=YES(NO)
¬O§_Åýanonymous¨ã¦³¤W¶Ç¸ê®Æªº¥\¯à¡A¹w³]¬ONO¡A¦pªGn³]©w¬°YES¡A«hanon_other_write_enable=YES¥²¶·³]©w¡C

deny_email_enable=YES(NO)
±N¬Y¨Ç¯S®íªºemail address©è¾×¦í¡A¤£Åý¨º¨Çanonymousµn¤J¡I¦pªG¥Hanonymousµn¤J¥D¾÷®É¡A¤£¬O·|n¨D¿é¤J±K½X¶Ü¡H±K½X¤£¬On±z¿é¤J±zªºemail address¶Ü¡H¦pªG§A«Ü°Q¹½¬Y¨Çemail address¡A´N¥i¥H¨Ï¥Î³oÓ³]©w¨Ó±N¥L¨ú®øµn¤JªºÅv¡I»Ý»P¤UÓ³]©w¶µ¥Ø°t¦X¡G

banned_email_file=/etc/vsftpd.banned_emails
¦pªGdeny_email_enable=YES®É¡A¥i¥H§Q¥Î³oÓ³]©w¶µ¥Ø¨Ó³W©wþÓemail address¤£¥iµn¤J§ÚÌªºvsftpd³á¡I¦b¤W±³]©wªºÀÉ®×¤º¡A¤@¦æ¿é¤J¤@Óemail address§Y¥i¡I

no_anon_password=YES(NO)
·í³]©w¬°YES®É¡Aªí¥Üanonymous±N·|²¤¹L±K½XÀËÅç¨BÆJ¡A¦Óª½±µ¶i¤Jvsftpd¦øªA¾¹¤º³á¡I©Ò¥H¤@¯ë¹w³]³£¬ONOªº¡I

anon_max_rate=0
³oÓ³]©wÈ«á±±µªº¼ÆÈ³æ¦ì¬°bytes/¬í¡A¨îanonymousªº¶Ç¿é³t«×¡A¦pªG¬O0«h¤£¨î(¥Ñ³Ì¤jÀW¼e©Ò¨î)¡A¦pªG±z·QÅýanonymous¶È¦³30 KB/sªº³t«×¡A¥i¥H³]©w¡yanon_max_rate=30000¡z

anon_umask=077
¨îanonymousªºÅv¡I¦pªG¬O077«hanonymous¶Ç°e¹L¨ÓªºÀÉ®×Åv·|¬O-rw-------³á¡I

Ãö©ó¨t²Î¦w¥þ¤è±ªº¤@¨Ç³]©wÈ

ascii_download_enable=YES(NO)
¦pªG³]©w¬°YES¡A¨º»òclient´N¥i¥H¨Ï¥ÎASCII®æ¦¡¤U¸üÀÉ®×¡C

ascii_upload_enable=YES(NO)
»P¤W¤@Ó³]©wÃþ¦üªº¡A¥u¬O³oÓ³]©w°w¹ï¤W¶Ç¦Ó¨¥¡I¹w³]¬ONO

one_process_model=YES(NO)
³oÓ³]©w¶µ¥Ø¤ñ¸û¦MÀI¤@ÂI¡ã·í³]©w¬°YES®É¡Aªí¥Ü¨CÓ«Ø¥ßªº³s½u³£·|¾Ö¦³¤@¤äprocess¦bt³d¡A¥i¥H¼W¥[vsftpdªº®Ä¯à¡C¤£¹L¡A°£«D±zªº¨t²Î¤ñ¸û¦w¥þ¡A¦Ó¥BµwÅé°t³Æ¤ñ¸û°ª¡A§_«h®e©ö¯ÓºÉ¨t²Î¸ê·½³á¡I¤@¯ë«ØÄ³³]©w¬°NOªº°Õ¡I

tcp_wrappers=YES(NO)
·íµM§ÚÌ³£²ßºD¤ä´©TCP Wrappersªº°Õ¡I©Ò¥H³]©w¬°YES§a¡I

xferlog_enable=YES(NO)
·í³]©w¬°YES®É¡A¨Ï¥ÎªÌ¤W¶Ç»P¤U¸üÀÉ®×³£·|³Q¬ö¿ý°_¨Ó¡C°O¿ýªºÀÉ®×»P¤U¤@Ó³]©w¶µ¥Ø¦³Ãö¡G

xferlog_file=/var/log/vsftpd.log
¦pªG¤W¤@Óxferlog_enable=YESªº¸Ü¡A³o¸Ì´N¥i¥H³]©w¤F¡I³oÓ¬Oµn¿ýÀÉªºÀÉ¦W°Õ¡I

xferlog_std_format=YES(NO)
¬O§_³]©w¬°wu ftp¬Û¦Pªºµn¿ýÀÉ®æ¦¡¡H¡I¹w³]¬°NO¡A¦]¬°µn¿ýÀÉ·|¤ñ¸û®e©öÅª¡I¤£¹L¡A¦pªG±z¦³¨Ï¥Îwu ftpµn¿ýÀÉªº¤ÀªR³nÅé¡A³o¸Ì¤~»Ýn³]©w¬°YES

nopriv_user=nobody
§ÚÌªºvsftpd¹w³]¥Hnobody§@¬°¦¹¤@ªA°È°õ¦æªÌªºÅv¡C¦]¬°nobodyªºÅv¬Û·íªº§C¡A¦]¦¹§Y¨Ï³Q¤J«I¡A¤J«IªÌ¶È¯à¨ú±onobodyªºÅv³á¡I

pam_service_name=vsftpd
³oÓ¬Opam¼Ò²Õªº¦WºÙ¡A§ÚÌ©ñ¸m¦b/etc/pam.d/vsftpd§Y¬O³oÓ©N©N¡I

vsftpd±Ò°Êªº¼Ò¦¡

§Q¥Î¨t²Î´£¨Ñªºscript¨Ó±Ò°Êvsftpd


[root@linux ~]# /etc/init.d/vsftpd start
[root@linux ~]# netstat -tulnp| grep 21
tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   11689/vsftpd
# ¬Ý¨ìÅo¡A¬O¥Ñ vsftpd ©Ò±Ò°Êªº©O¡I

¦Û¦æ³]©w¥Hsuper daemon¨Ó±Ò°Ê


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# §ä¨ì©³¤U³o¤@¦æ¡G¤j¬ù¦b 109 ¦æ¥ª¥k°Õ¡I
listen=YES
# ±N¥L§ï¦¨³o¼Ë°Ú¡G
listen=NO


[root@linux ~]# vi /etc/xinetd.d/vsftpd
service ftp
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/vsftpd
        log_on_success          += DURATION USERID
        log_on_failure          += USERID
        nice                    = 10
        disable                 = no
}


[root@linux ~]# /etc/init.d/vsftpd stop
[root@linux ~]# /etc/init.d/xinetd restart
[root@linux ~]# netstat -tulnp| grep 21
tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   32274/xinetd

¦³½ì§a¡I¨âªÌ±Ò°Êªº¤è¦¡¥i¤£¤@¼Ë°Ú¡IºÞ²zªº¤è¦¡´N·|®t«Ü¦hªºËç¡I¤£ºÞ§An¨Ï¥ÎþºØ±Ò°Êªº¤è¦¡¡A¤Á°O¤£n¨âªÌ¦P®É±Ò°Ê¡A§_«h·|µo¥Í¿ù»~ªº¡I§AÀ³¸Ó¨Ï¥Îchkconfig--listÀË¬d¤@¤U³o¨âºØ±Ò°Êªº¤è¦¡¡AµM«á¨Ì¾Ú§Aªº»Ý¨D¨Ó¨M©w¥Îþ¤@ºØ¤è¦¡±Ò°Ê¡C³¾ô©³¤Uªº³]©w³£·|¥Hstand alone³oÓCentOS¹w³]ªº±Ò°Ê¼Ò¦¡¨Ó³B²z¡A©Ò¥H»°ºò±Nèèªº°Ê§@µ¹¥L§ï¦^¨Ó³á¡I

CentOSªºvsftpd¹w³]È


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ©³¤U³¾ô¶È¦C¥X¦³³]©wªº¶µ¥Ø¡AYµL³]©w®É¡A½Ð¥H±z¨t²Îªº man 5 vsftpd.conf 
# µ²ªG¥h·j´M¹w³]È§Y¥i³á¡I
# 1. »P°Î¦WªÌ¦³Ãöªº¸ê°T¡G
anonymous_enable=YES

# 2. »P¹êÅé¥Î¤á¦³Ãöªº³]©w
local_enable=YES
write_enable=YES
local_umask=022
userlist_enable=YES

# 3. »P¥D¾÷¦³Ãöªº³]©w
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
listen=YES
tcp_wrappers=YES

°Ñ¦Ò«e¤@¤p¸`vsftpd.conf³]©w¶µ¥Ø

§A¥i¥H¨Ï¥Îanonymous³oÓ°Î¦W±b¸¹©Î¨ä¥L¹êÅé±b¸¹(/etc/passwd)µn¤J¡F
anonymousªº®a¥Ø¿ý¦b/var/ftp¡A¥BµL¤W¶ÇÅv¡A¥ç¤w¸g³Qchroot¤F¡F
¹êÅé¥Î¤áªº®a¥Ø¿ý°Ñ¦Ò/etc/passwd¡A¨Ã¨S¦³³Qchroot¡A¥i«e©¹¥ô¦ó¦³Åv¥i¶i¤Jªº¥Ø¿ý¤¤¡F
¥ô¦ó©ó/etc/vsftpd.ftpusers¤º¦s¦bªº±b¸¹§¡µLªk¨Ï¥Îvsftpd¡F
¥i§Q¥Î/etc/hosts.{allow|deny}¨Ó§@¬°°òÂ¦¨¾¤õÀð¡F
·í¥Î¤áºÝ¦³¥ô¦ó¤W¶Ç/¤U¸ü¸ê°T®É¡A¸Ó¸ê°T·|³Q¬ö¿ý¨ì/var/log/vsftpd.log¤¤¡F
¥D°Ê¦¡³s½uªº°ð¤f¬°port 20¡F

¨Ï¥Î®æªL«Âªv®É¶¡(GMT)¡C

¦]¬°vsftpd¹w³]¨Ï¥ÎGMT®É¶¡¡A¦]¬°§A¦b¥Î¤áºÝ¨Ï¥Îftp³nÅé³s±µ¨ìFTP¦øªA¾¹®É¡A·|µo²{¨CÓÀÉ®×ªº®É¶¡³£ºC¤F¤K¤p®É¤F¡I


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¦b³oÓÀÉ®×·í¤¤¥[¤J³o¤@¥y§Y¥i
use_localtime=YES
.....©³¤U¬Ù²¤.....

[root@linux ~]# /etc/init.d/vsftpd restart

¶È¦³¹êÅé¥Î¤áµn¤Jªº³]©w

§Æ±æ¨Ï¥Î¥xÆW¥»¦a®É¶¡¨ú¥NGMT®É¶¡¡F
¨Ï¥ÎªÌµn¤J®ÉÅã¥Ü¤@¨ÇÅwªï°T®§ªº¸ê°T¡F
¨t²Î±b¸¹¤£¥iµn¤J¥D¾÷(¥ç§YUID¤p©ó500¥H¤Uªº±b¸¹)¡F
¤@¯ë¹êÅé¥Î¤á¥i¥H¶i¦æ¤W¶Ç¡B¤U¸ü¡B«Ø¥ß¥Ø¿ý¤Î×§ïÀÉ®×µ¥°Ê§@¡F
¨Ï¥ÎªÌ·s¼WªºÀÉ®×¡B¥Ø¿ý¤§umask§Æ±æ³]©w¬°002¡F

¨ä¥L¥D¾÷³]©wÈ«O¯d¹w³]È§Y¥i¡C

¥ý«Ø¥ß³]©wÀÉ¡A³oÓ³]©wÀÉ¤w¸g¥]§t¤F¥Dn³]©wÈ¡G


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# 1. »P°Î¦WªÌ¬ÛÃöªº¸ê°T¡A¦b³oÓ®×¨Ò¤¤±N°Î¦Wµn¤J¨ú®ø¡G
anonymous_enable=NO

# 2. »P¹êÅé¥Î¤á¬ÛÃöªº¸ê°T
# ¥i¼g¤J¡A¥B·s¼W¥Ø¿ý¡BÀÉ®×Åv¬° 775¡A¦]¬° umask ¬° 002 ¹À¡I
local_enable=YES
write_enable=YES
local_umask=002
# ³]©w©è¾×¬Y¨Ç¨Ï¥ÎªÌµn¤Jªº¶µ¥Ø³]©wÈ¡Iª`·N¡A©³¤UªºÀÉ®×¥²¶·¦s¦b¡I
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd.user_list

# 3. »P¥D¾÷¦³Ãöªº³]©w
use_localtime=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
listen=YES
tcp_wrappers=YES
banner_file=/etc/vsftpd/welcome.txt

[root@linux ~]# /etc/init.d/vsftpd restart

«Ø¥ßÅwªï°T®§¡G

·í§ÚÌ·QÅýµn¤JªÌ¥i¬d¾\«¥Ì¨t²ÎºÞ²zû©Ò¤U¹Fªº¡y¤½§i¡z¨Æ¶µ®É¡A¥i¥H¨Ï¥Î³oÓ³]©w¡I¨º´N¬Obanner_file=/etc/vsftpd/welcome.txt³oÓ°Ñ¼Æªº¥Î³~¤F¡I§ÚÌ¥i¥H½s¿è³oÓÀÉ®×§Y¥i¡C¦n¤F¡A¶}©l¨Ó«Ø¥ßÅwªïµe±§a¡I


[root@linux ~]# vi /etc/vsftpd/welcome.txt
Åwªï¥úÁ{¥»¤p¯¸¡A¥»¯¸´£¨Ñ FTP ªº¬ÛÃöªA°È¡I
¥DnªºªA°È¬O°w¹ï¥»¾÷¹êÅé¥Î¤á´£¨Ñªº¡A
Y¦³¥ô¦ó°ÝÃD¡A½Ð»P³¾ôÁpµ¸¡I

«Ø¥ß¨î¨t²Î±b¸¹µn¤JªºÀÉ®×

¦A¨Ó¬O°w¹ï¨t²Î±b¸¹¨Óµ¹¤©©è¾×ªº¾÷¨î¡A¨ä¹ê¦³¨âÓÀÉ®×°Õ¡A¤@Ó¬OPAM¼Ò²ÕºÞªº¡A¤@Ó¬Ovsftpd¥D°Ê´£¨Ñªº¡A¦b¹w³]ªº±¡ªp¤U³o¨âÓÀÉ®×¤À§O¬O¡G
- /etc/vsftpd.user_list¡G¥Ñvsftpd.confªºuserlist_file©Ò³]©w¡C
³o¨âÓÀÉ®×ªº¤º®e¬O¤@¼Ëªºù¡ã¨Ã¥B³o¨âÓÀÉ®×¥²¶·n¦s¦b¤~¦æ¡C½Ð§A°Ñ¦Ò§Aªº/etc/passwd³]©wÀÉ¡AµM«á±NUID¤p©ó500ªº±b¸¹¦WºÙµ¹¥L¦P®É¼g¨ì³o¨âÓÀÉ®×¤º§a¡I¤@¦æ¤@Ó±b¸¹¡I
[root@linux ~]# vi /etc/vsftpd.user_list root bin ....©³¤U¬Ù²¤....

´ú¸Õµ²ªG¡G

§A¥i¥H¨Ï¥Î¹Ï§Î¤¶±ªºFTP¥Î¤áºÝ³nÅé¨Ó³B²z¡A¤]¥i¥H³z¹LLinux¥»¨´£¨Ñªºftp¥Î¤áºÝ¥\¯àù¡IÃö©óftp«ü¥O§ÚÌ¤w¸g¦b¤§«eªº±`¥Îºô¸ô«ü¥O½Í¹L¤F¡A§A¥i¥H¦Û¦æ«e©¹°Ñ¦Ò¡C³o¸Ìª½±µ´ú¸Õ¤@¤U§a¡G


1. ´ú¸Õ¨Ï¥Î¤wª¾¨Ï¥ÎªÌµn¤J¡A¨Ò¦p dmtsai ³oÓ¹êÅé¥Î¤á¡G
[root@linux ~]# ftp localhost
Connected to localhost (127.0.0.1).
220-Åwªï¥úÁ{¥»¤p¯¸¡A¥»¯¸´£¨Ñ FTP ªº¬ÛÃöªA°È¡I  <==èè«Ø¥ßªºÅwªï°T®§
220-¥DnªºªA°È¬O°w¹ï¥»¾÷¹êÅé¥Î¤á´£¨Ñªº¡A
220-Y¦³¥ô¦ó°ÝÃD¡A½Ð»P³¾ôÁpµ¸¡I
220
Name (localhost:root): dmtsai  <==µn¤JªÌ±b¸¹¡I
331 Please specify the password.
Password: <==¿é¤J±K½X¡A¿Ã¹õ¤£·|¦³¥ô¦ó°T®§ªºÅã¥Ü
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.

¦b¥H¤W±ªº¤è¦¡´ú¸Õ§¹²¦«á¡A§A¥i¥H¦bµn¤JªÌ±b¸¹³B¤À§O¶ñ¼g(1)root(2)anonymous¨Ó¹Á¸Õµn¤J¬Ý¬Ý¡I¦pªG¤£¯àµn¤Jªº¸Ü¡A¨º´N¬O³]©wOKªº°Õ¡I^_^

chrootªº¨Ï¥Î


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¼W¥[¬O§_³]©w°w¹ï¬Y¨Ç¨Ï¥ÎªÌ¨Ó chroot ªº¬ÛÃö³]©wËç¡I
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

[root@linux ~]# /etc/init.d/vsftpd restart


[root@linux ~]# vi /etc/vsftpd.chroot_list
dmtsai
bird1

§óÄY®æªºchrootÀô¹Ò

©Ò¦³¨Ï¥ÎªÌ¹w³]¬°chroot¡A¦ý¬Y¨Ç¨Ï¥ÎªÌ¥i¤£¨ü¨î


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¹w³]©Ò¦³¹êÅé¥Î¤á³Q chroot ¦Ó¶}©ñ¬Y¨Ç¤H¥i§¹¾ã¦s¨ú (¤£ chroot) ªº±¡ªp
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

[root@linux ~]# /etc/init.d/vsftpd restart


[root@linux ~]# vi /etc/vsftpd.chroot_list
nikky

¨î¤U¸üÀW¼e


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¼W¥[©³¤U³o¤@Ó°Ñ¼Æ§Y¥i¡G
local_max_rate=100000

[root@linux ~]# /etc/init.d/vsftpd restart

¨î³Ì¤j¤W½u¤H¼Æ»P¦P¤@IPªº¨Ó·½¼Æ


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¼W¥[©³¤Uªº³o¨âÓ°Ñ¼Æ¡G
max_clients=10
max_per_ip=1

[root@linux ~]# /etc/init.d/vsftpd restart

«Ø¥ßÄY®æªº¥i¨Ï¥ÎFTPªº±b¸¹¦Cªí

§Ú·Q¥uÅý¬Y¨Ç¤H¥i¥H¨Ï¥ÎFTP¦Ó¤w¡A¥ç§Y¬O·s¼Wªº¨Ï¥ÎªÌ¹w³]¤£¥i¨Ï¥ÎFTP³oÓªA°È


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ³o´XÓ°Ñ¼Æ¥²¶·n×§ï¦¨³o¼Ë¡G
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

[root@linux ~]# /etc/init.d/vsftpd restart

¼g¤J/etc/vsftpd.user_listÅÜ¦¨¥i¥H¨Ï¥ÎFTPªº±b¸¹

¨ÒÃD¡G
°²³]§A¦]¬°¬Y¨Ç¯S®í»Ý¨D¡A©Ò¥H¥²¶·n¶}©ñroot¨Ï¥ÎFTP¶Ç¿éÀÉ®×¡A¨º»ò§AÀ³¸Ón¦p¦ó³B²z¡H
µª¡G

¥Ñ©ó¨t²Î±b¸¹µLªk¨Ï¥ÎFTP¬O¦]¬°PAM¼Ò²Õ»Pvsftpdªº¤º«Ø¥\¯à©ÒP¡A¥ç§Y¬O/etc/vsftpd.ftpusers¤Î/etc/vsftpd.user_list³o¨âÓÀÉ®×ªº¼vÅT¡C©Ò¥H§A¥un¶i¤J³o¨âÓÀÉ®×¡A¨Ã¥B±Nroot¨º¤@¦æµù¸Ñ±¼¡A¨ºroot´N¥i¥H¨Ï¥Îvsftpd³oÓFTPªA°È¤F¡C¤£¹L¡A¤£«ØÄ³¦p¦¹§@³á¡I

¨Ï¥Î¥xÆW¥»¦aªº®É¶¡¡A¦Ó«DGMT®É¶¡¡F
´£¨ÑÅwªï°T®§¡A»¡©ú¥i´£¨Ñ¤U¸üªº¸ê°T¡F
¶È¶}©ñanonymousªºµn¤J¡A¥B¤£»Ýn¿é¤J±K½X¡F
ÀÉ®×¶Ç¿éªº³t¬°30 Kbytes/second¡F
¸ê®Æ³s±µªº¹Lµ{(¤£¬O©R¥O³q¹D¡I)¥un¶W¹L60¬í¨S¦³¦^À³¡A´N±j¨îClientÂ_½u¡I
¥unanonymous¶W¹L¤Q¤ÀÄÁ¨S¦³°Ê§@¡A´N¤©¥HÂ_½u¡F

³Ì¤j¦P®É¤W½u¤H¼Æ¨î¬°50¤H¡A¥B¦P¤@IP¨Ó·½³Ì¤j³s½u¼Æ¶q¬°5¤H¡F

°Î¦W¨Ï¥ÎªÌªº¥Ø¿ý¦bþ¸Ì¡H¨Æ¹ê¤W°Î¦WªÌ¹w³]µn¤Jªº®Ú¥Ø¿ý¬O¥Hftp³oÓ¨Ï¥ÎªÌªº®a¥Ø¿ý¬°¥D


[root@linux ~]# mkdir /var/ftp/linux
[root@linux ~]# mkdir /var/ftp/gnu


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ±N³oÓÀÉ®×§ï¦¨³o¼Ë¡G
# 1. »P°Î¦WªÌ¬ÛÃöªº¸ê°T¡G
anonymous_enable=YES
# ¤£¥²´£¨Ñ±K½X°Õ¡I¥iª½±µµn¤Jù¡I
no_anon_password=YES
# ¨î¬y³t°Õ¡I
anon_max_rate=30000
# »P³s½u®É¶¡¦³Ãöªº³]©w¶µ¥Ø
data_connection_timeout=60
idle_session_timeout=600
# ¨î³s½u¤H¼Æ
max_clients=50
max_per_ip=5

# 2. »P¹êÅé¥Î¤á¬ÛÃöªº¸ê°T¡A¥»®×¨Ò¤¤¬°Ãö³¬¥Lªº±¡ªp¡I
local_enable=NO

# 3. »P¥D¾÷¦³Ãöªº³]©w
use_localtime=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
listen=YES
tcp_wrappers=YES
banner_file=/etc/vsftpd/anon_welcome.txt

[root@linux ~]# /etc/init.d/vsftpd restart

«Ø¥ßÅwªïµe±»P¤U¸ü´£¥Ü°T®§

¦U¦ì¿Ë·RªºÆ[²³ªB¤Í¡Inª`·N¡ã¦b³oÓ®×¨Ò·í¤¤¡A§ÚÌ±NÅwªï°T®§³]©w¦b/etc/vsftpd/anon_welcome.txt³oÓÀÉ®×¤¤¡A¦Ü©ó³oÓÀÉ®×ªº¤º®e§A¥i¥H³o¼Ë¼g¡G


[root@linux ~]# vi /etc/vsftpd/anon_welcome.txt
Åwªï¥úÁ{¥»¯¸©Ò´£¨Ñªº FTP ªA°È¡I
¥»¯¸¥Dn´£¨Ñ Linux §@·~¨t²Î¬ÛÃöÀÉ®×¥H¤Î GNU ¦Û¥Ñ³nÅé³á¡I
¦³°ÝÃD½Ð»P¯¸ªøÁpµ¸¡IÁÂÁÂ¤j®a¡I
¥Dnªº¥Ø¿ý¬°¡G

linux   ´£¨Ñ Linux §@·~¨t²Î¬ÛÃö³nÅé
gnu     ´£¨Ñ GNU ªº¦Û¥Ñ³nÅé

¬Ý¨ìÅo¡I¥Dn¼gªº¸ê®Æ³£¬O°w¹ï¤@¨Ç¤½§i¨Æ¶µ´N¬O¤F¡I

´ú¸Õ

¦P¼Ëªº¡A§ÚÌ¨Ï¥Îftp³oÓ³nÅé¨Óµ¹¥L´ú¸Õ¤@¤U§a¡I


[root@linux ~]# ftp localhost
Connected to localhost (127.0.0.1).
220-Åwªï¥úÁ{¥»¯¸©Ò´£¨Ñªº FTP ªA°È¡I  <==¦P¼Ëªº¡A¤@¨ÇÅwªï°T®§
220-¥»¯¸¥Dn´£¨Ñ Linux §@·~¨t²Î¬ÛÃöÀÉ®×¥H¤Î GNU ¦Û¥Ñ³nÅé³á¡I
220-¦³°ÝÃD½Ð»P¯¸ªøÁpµ¸¡IÁÂÁÂ¤j®a¡I
220-¥Dnªº¥Ø¿ý¬°¡G
220-
220-linux   ´£¨Ñ Linux §@·~¨t²Î¬ÛÃö³nÅé
220-gnu     ´£¨Ñ GNU ªº¦Û¥Ñ³nÅé
220
Name (localhost:root): anonymous <==¤@©w±o¬O³oÓ°Î¦W±b¸¹
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
227 Entering Passive Mode (127,0,0,1,94,56)
150 Here comes the directory listing.
drwxr-xr-x    2 0    0   4096 Dec 18 17:37 gnu
drwxr-xr-x    2 0    0   4096 Dec 18 17:37 linux
drwxr-xr-x    2 0    0   4096 Aug 13 03:25 pub
226 Directory send OK.
ftp> bye
221 Goodbye.

¬Ý¨ì§_¡H³o¦¸¥i´N¤£»Ýn¿é¤J¥ô¦ó±K½X¤F¡A¦]¬°¬O°Î¦Wµn¤J¹À¡I¦Ó¥B¡A¦pªG§A¿é¤J¥ô¦ó¨ä¥Lªº±b¸¹¡A¨º»òvsftpd·|¥ß¨è¦^À³Â_½uªºª¬ºA³á¡IOKªº°Õ¡I

«Ø¥ß¤W¶Ç/¤U¸ü¥Ø¿ý


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ·s¼W©³¤U³o´X¦æ°Ú¡I
write_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES

[root@linux ~]# /etc/init.d/vsftpd restart

¹ê»Ún¥Í®ÄÁÙ»ÝnLinuxªºÀÉ®×¨t²ÎÅv¥¿½T¤~¦æ¡I


[root@linux ~]# mkdir /var/ftp/upload
[root@linux ~]# chown ftp /var/ftp/upload

«Ø¥ß¶È¥i¤W¶Ç¥Ø¿ý


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ±N³o´X¦æµ¹¥L§ï¤@§ï¥ý¡I
write_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
chown_uploads=YES
chown_username=root

[root@linux ~]# /etc/init.d/vsftpd restart

³Q°Ê¦¡³s½u°ð¤fªº¨î


[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ¼W¥[©³¤U³o´X¦æ§Y¥i°Ú¡I
pasv_min_port=65400
pasv_max_port=65410

[root@linux ~]# /etc/init.d/vsftpd restart

¥Î¤áºÝªºFTP³s½u³nÅé

ftp

lftp

±`¥Îºô¸ô«ü¥O

¤U¸üºô¯¸¡Ghttp://sourceforge.net/project/showfiles.php?group_id=21558

¹Ï¥|¡BFilezillaªº¾Þ§@¤è¦¡

¥NªíFTP¦øªA¾¹ªº¿é¥X¸ê°T¡A¨Ò¦pÅwªï°T®§µ¥¸ê°T¡F
¥Nªí¥»¾÷ªºÀÉ®×¡A»P3¦³Ãö¡F
¥Nªí»·ºÝFTP¦øªA¾¹ªº¥Ø¿ý»PÀÉ®×¡F
¥Nªí¶Ç¿é®Éªº¦î¦C¸ê°T

¯¸¥xºÞ²zû¡A§A¥i¥H±N¤@¨Ç±`¥ÎªºFTP¦øªA¾¹ªºIP»P¨Ï¥ÎªÌ¸ê°T°O¿ý¦b¦¹¡F
§ó·s¡A¦pªG§Aªº¸ê®Æ¦³§ó·s¡A¥i¨Ï¥Î³oÓ«ö¶s¨Ó¦P¨Bfilezillaªº¿Ã¹õÅã¥Ü¡F
¦ì§}¡B¨Ï¥ÎªÌ¡B±K½X»P³s±µ°ð³o¥|Óª±·N¨à¥i¥H§Y®É³s½u¡A¤£°O¿ý¸ê°T¡C

¹Ï¤¡BFilezillaªº¾Þ§@¤è¦¡

¥ý«ö¤U¡y·s¯¸¥x¡zªº«ö¶s¡AµM«á¦b½bÀY2ªº¦a¤è´N·|¥X²{¥i¿é¤Jªº¤è®Ø¡F
¦b³oÓ¤è®Ø·í¤¤¶ñ¼g¥D¾÷ªºIP´N¦n¤F¡A³s±µ°ð¦pªG¤£¬O¼Ð·Çªºport 21¡A½Ð¶ñ¼g¨ä¥L°ð¤f¡C
³oÓ¦a¤è¥i¥H¬D¿ï¤£¦Pªº³s½u¾÷¨î¡A¥]¬A´XÓ±`¨£ªº¾÷¨î¬°¡G
- ¼Ð·ÇFTP
- FTP+SSL/TLS¥[±K¾÷¨î
- FTP+SSL¥[±K¾÷¨î
- SFTP(³z¹LSSH)
- FTP+TLS¥[±K¾÷¨î
¦pªG§A¹wpn§Q¥Îfilezilla³s±µ¨ìsftpªº¸Ü¡A³oÓ¦a¤è¥i¥H¬D¿ïsftp³á¡I¤£µMªº¸Ü´N¥ÎFTP§Y¥i¡F

¹Ï¤»¡BFilezillaªº¾Þ§@¤è¦¡

¹Ï¤

¹Ï¤C¡BFilezillaªº¾Þ§@¤è¦¡

§Q¥ÎÂsÄý¾¹¥\¯à

Apache³oÓWWW¦øªA¾¹

ftp://username@your_ip

ftp://dmtsai@192.168.1.254

¨¾¤õÀð³]©w

¨¾¤õÀð¨º¤@³¹


iptables -A INPUT -p TCP -i $EXTIF --dport 21 -j ACCEPT


iptables -A INPUT -p TCP -i $EXTIF --dport 65400:65410 -j ACCEPT

tcp wrappers


[root@linux ~]# vi /etc/hosts.allow
vsftpd: 192.168.1.0/255.255.255.0

[root@linux ~]# vi /etc/hosts.deny
vsftpd: ALL

Super daemonªºÃB¥~ºÞ²z¶µ¥Ø

»{ÃÑ¨t²ÎªA°È

¨Ï¥Îsuper daemon¨ÓºÞ²zvsftpd


[root@linux ~]# vi /etc/xinetd.d/vsftpd
# vsftpd is the secure FTP server.
service ftp
{
    disable           = no
    socket_type       = stream
    wait              = no
    user              = root
    server            = /usr/sbin/vsftpd
    server_args       = /etc/vsftpd/vsftpd.conf 
# ¤W±³oÓ server ªº³]©w½Ð¨Ì·Ó±zªº¥D¾÷Àô¹Ò¨Ó³]©w¡I
# ¦Ü©ó server_args «h½Ð¼g¤J±zªº vsftpd ªº³]©wÀÉ§¹¾ãÀÉ¦W§Y¥i¡I
    per_source        = 5     <==»P¦P¤@ IP ªº³s½u¼Æ¥Ø¦³Ãö
    instances         = 200   <==¦P¤@®É¶¡³Ì¦hªº³s½u¼Æ¥Ø
    no_access         = 192.168.1.3
    banner_fail       = /etc/vsftpd/vsftpd.busy_banner
# ¤W±³oÓÀÉ®×´N¬O·í¥D¾÷¦£¸L¤¤¡A«h¦b Client ºÝÅã¥Üªº¤º®e¡I
    log_on_success    += PID HOST DURATION
    log_on_failure    += HOST
}

[root@linux ~]# vi /etc/vsftpd/vsftpd.conf
# ½T©w³oÓÀÉ®×¤º¦s¦b³oÓ°Ñ¼Æ³á¡I
listen=NO

[root@linux ~]# vi /etc/vsftpd/vsftpd.busy_banner
421 «Ü©êºp¡A¦øªA¾¹²{¦b¤W½u¤H¼Æ¹L¦h¡A½Ð«Ý·|¨à¦A³s½u¡I
# ¨ºÓ 421 ¬O¿ù»~¥N½Xù¡I

[root@linux ~]# /etc/init.d/vsftpd stop
[root@linux ~]# /etc/init.d/xinetd restart

±`¨£°ÝÃD»P¸Ñ¨M¤§¹D

¦pªG¦bClientºÝ¤W±µo²{µLªk³s½u¦¨¥\¡A½ÐÀË¬d¡G
1. iptables¨¾¤õÀðªº³W«h·í¤¤¡A¬O§_¶}©ñ¤FclientºÝªºport 21µn¤J¡H
2. ¦b/etc/hosts.deny·í¤¤¡A¬O§_±Nclientªºµn¤JÅv¾×¦í¤F¡H
3. ¦b/etc/xinetd.d/vsftpd·í¤¤¡A¬O§_³]©w¿ù»~¡A¾ÉPclientªºµn¤JÅv³Q¨ú®ø¤F¡H
¦pªGClient¤w¸g³s¤Wvsftpd¦øªA¾¹¡A¦ý¬O«oÅã¥Ü¡yXXX file can't be opend¡zªº¦r¼Ë¡A½ÐÀË¬d¡G
1. ³Ì¥Dnªºì¦]ÁÙ¬O¦b©ó¦bvsftpd.conf·í¤¤³]©w¤FÀË¬d¬YÓÀÉ®×¡A¦ý¬O±z«o¨S¦³±N¸ÓÀÉ®×³]©w°_¨Ó¡A©Ò¥H¡A½ÐÀË¬dvsftpd.conf¸Ì±©Ò¦³³]©wªºÀÉ®×ÀÉ¦W¡A¨Ï¥Îtouch³oÓ«ü¥O±N¸ÓÀÉ®×«Ø¥ß°_¨Ó§Y¥i¡I
¦pªGClient¤w¸g³s¤Wvsftpd¦øªA¾¹¡A«oµLªk¨Ï¥Î¬YÓ±b¸¹µn¤J¡A½ÐÀË¬d¡G
1. ¦bvsftpd.conf¸Ì±¬O§_³]©w¤F¨Ï¥Îpam¼Ò²Õ¨ÓÀËÅç±b¸¹¡A¥H¤Î§Q¥Îuserlist_file¨ÓºÞ²z±b¸¹¡H
2. ½ÐÀË¬d/etc/vsftpd.ftpusers¥H¤Î/etc/vsftpd.user_listÀÉ®×¤º¬O§_±N¸Ó±b¸¹¼g¤J¤F¡H
¦pªGClientµLªk¤W¶ÇÀÉ®×¡A¸Ó¦p¦ó¬O¦n¡H
1. ³Ì¥i¯àµo¥Íªºì¦]´N¬O¦bvsftpd.conf¸Ì±§Ñ°O¥[¤W³oÓ³]©w¡ywrite_enable=YES¡z³oÓ³]©w¡A½Ð¥[¤J¡F
2. ¬O§_©Òn¤W¶Çªº¥Ø¿ý¡yÅv¡z¤£¹ï¡A½Ð¥Hchmod©Îchown¨Ó×q¡F
3. ¬O§_anonymousªº³]©w¸Ì±§Ñ°O¥[¤W¤F©³¤U¤TÓ°Ñ¼Æ¡G
  - anon_other_write_enable=YES
  - anon_mkdir_write_enable=YES
  - anon_upload_enable=YES
4. ¬O§_¦]¬°³]©w¤Femail©è¾×¾÷¨î¡A¤S±Nemail address¼g¤J¸ÓÀÉ®×¤¤¤F¡I¡H½ÐÀË¬d¡I
5. ¬O§_³]©w¤F¤£³\ASCII®æ¦¡¶Ç°e¡A¦ýClientºÝ«o¥HASCII¶Ç°e©O¡H½Ð¦bclientºÝ¥Hbinary®æ¦¡¨Ó¶Ç°eÀÉ®×¡I
¤W±¬OÆZ±`µo²{ªº¿ù»~¡A¦pªGÁÙ¬OµLªk¸Ñ¨M±zªº°ÝÃD¡A½Ð±z°È¥²¤ÀªR¤@¤U³o¨âÓÀÉ®×¡G/var/log/vsftpd.log»P/var/log/messages¡A¸Ì±¦³¬Û·í¦hªº«n¸ê®Æ¡A¥i¥H´£¨Ñµ¹±z¶i¦æ°£¿ù³á¡I

«ÂI¦^ÅU

FTP¬OÀÉ®×¶Ç¿é¨ó©w(File Transfer Protocol)ªºÂ²¼g¡A¥Dnªº¥\¯à¬O¶i¦æ¦øªA¾¹»P¥Î¤áºÝªºÀÉ®×ºÞ²z¡B¶Ç¿éµ¥¨Æ¶µ¡F
FTPªº¦øªA¾¹³nÅé«D±`¦h¡A¨Ò¦pWu FTP,Proftpd,vsftpdµ¥µ¥¡A¦UºØFTP¦øªA¾¹³nÅéªºµo®i²z©À¨Ã¤£¬Û¦P¡A©Ò¥H¿ï¾Ü®É½Ð¨Ì·Ó±zªº»Ý¨D¨Ó¨M©w©Ò»Ýnªº³nÅé®M¥ó¡F
FTP¨Ï¥Îªº¬O©ú½X¶Ç¿é¡A¦Ó¹L¥h¤@¨ÇFTP¦øªA¾¹³nÅé¤]´¿³Qµo²{¦w¥þº|¬}¡A¦]¦¹³]©w«e½Ð½T©w¸Ó³nÅé¤w¬O³Ì·sª©¥»¡AÁ×§K¦w¥þÄ³ÃDªºl¥Í¡F
¥Ñ©óFTP¬O©ú½X¶Ç¿é¡A¨ä¹ê¥i¥H¨Ï¥ÎSSH´£¨Ñªºsftp¨Ó¨ú¥NFTP¡F
¤j¦h¼ÆªºFTP¦øªA¾¹³nÅé³£´£¨Ñchrootªº¥\¯à¡A±N¹êÅé¥Î¤á¨î¦b¥Lªº®a¥Ø¿ý¤º¡F
FTP³oÓdaemon¤ñ¸û±`¥Hsuper daemon¨ÓºÞ²z¡A¥ç§Yxinetd©ÎªÌ¬Oinet¨ÓºÞ²z¡F
FTP³oÓdaemon©Ò¶}±Òªº¥¿³W°ð¤f¬°20»P21¡A¨ä¤¤21¬°©R¥O³q¹D¡A20¬°¸ê®Æ¶Ç¿é³q¹D¡F
FTPªº¸ê®Æ¶Ç¿é¤è¦¡¥Dn¤À¬°¥D°Ê»P³Q°Ê(Passive,PASV)¡A¦pªG¬O¥D°Êªº¸Ü¡A«hftp-data¦b¦øªA¾¹ºÝ¥D°Ê¥Hport 20³s±µ¨ì¥Î¤áºÝ¡A§_«h«h¶}©ñ³Q°Ê¦¡ºÊÅ¥ªº°ð¤fµ¥«Ý¥Î¤áºÝ¨Ó³s±µ¡F
¦bNAT¥D¾÷¤ºªº¥Î¤áºÝFTP³nÅé³s½u®É¥i¯àµo¥Í§xÂZ¡A³o¥i¥H³z¹Liptablesªºnat¼Ò²Õ©Î§Q¥Î³Q°Ê¦¡³s½u¨Ó§JªA¡F
¤@¯ë¨Ó»¡¡AFTP¤W±¦@¦³¤TÓ¸s²Õ¡A¤À§O¬O¹êÅé¥Î¤á¡B³X«È»P°Î¦Wµn¤JªÌ(real,guest,anonymous)¡F
¥i¥HÂÇ¥Ñ×§ï/etc/passwd¸Ì±ªºShellÄæ¦ì¡A¨ÓÅý¨Ï¥ÎªÌ¶È¯à¨Ï¥ÎFTP¦ÓµLªkµn¤J¥D¾÷¡F
FTPªº«ü¥O¡B»P¨Ï¥ÎªÌ¬¡°Ê©Ò³y¦¨ªºµn¿ýÀÉ¬O©ñ¸m¦b/var/log/xferlog¸Ì±¡F
¦b¥Î¤áºÝ¨Ï¥Îftp³oÓµ{¦¡®É¡A¥i¥H¥[¤W¡yftp-p hostname¡z¨ÓÅý³s½uÅÜ¦¨passive¼Ò¦¡¡C

½Ò«á½m²ß

FTP¦b«Ø¥ß³s½u¥H¤Î¸ê®Æ¶Ç¿é®É¡A·|«Ø¥ßþ¨Ç³s½u¡H
FTP¥D°Ê¦¡»P³Q°Ê¦¡³s½u¦³¦ó¤£¦P¡H
¦³þ¨Ç°Ê§@¥i¥HÅý±zªºFTP¥D¾÷§ó¬°¦w¥þ(secure)¡H
§ÚÌª¾¹Dftp·|±Ò¥Î¨âÓports¡A½Ð°Ý³o¨âÓport¦bþ¸Ì³W½dªº(¥Hvsftpd¬°¨Ò)¡H¦Ó¥B¡A¤@¯ë¥¿³Wªºport¬O´X¸¹¡H
¦bFTPªºserver»PclientºÝ¶i¦æ¸ê®Æ¶Ç¿é®É¡A¦³þ¨âºØ¼Ò¦¡¡H¬°¦ó³o¨âºØ¼Ò¦¡¼vÅT¸ê®Æªº¶Ç¿é«Ü«n¡H

°Ñ¦Ò¸ê®Æ

man 5 vsftpd.conf

2003/09/03¡Gº¦¸§¹¦¨
2003/09/04¡G¥[¤JFTP¦øªA¾¹³nÅéªº¿ï¾Ü«ØÄ³
2006/12/19¡G±NÂÂªº¤å³¹²¾°Ê¨ì¦¹³B¡A¨Ã½Ð¦Û¦æ°Ñ¦Òwu-ftp,proftpdµ¥ªA°È¡I
2006/12/20¡G±N¤À´²¦b¦U³BªºFTPì«h»¡©ú§¹²¦¡A¤]§ó·s§¹²¦Åo¡ã¯h³Ò¡ã

2003/09/03¥H¨Ó²Îp¤H¼Æ