1. Install vsftpd software package
Use the command sudo apt-get install vsftpd to install vsftpd software
After the installation is complete, use vsftpd -v to check whether the version is correct.
sudo apt-get install vsftpd
2. Configuration file
1. The default configuration file translation is as follows
# Sample configuration file, address: /etc/vsftpd.conf # # The default compilation settings of vsftpd are more cautious. This sample file will relax some restrictions and make the ftp service easier to use. # It is also recommended to check the vsftpd.conf.5 file for all compilation defaults. # # Special reminder: This sample file does not contain all the vsftpd options. It is recommended to read the vsftpd.conf.5 man page to fully understand the functions of vsftpd. # # # # Used to set whether vsftpd runs as an independent daemon. # If set to "listen=YES", it means vsftpd will run as an independent daemon process; # If set to "listen=NO", it means vsftpd will not run as an independent daemon process, but will be started through inetd or initscript. listen=NO # # Set whether vsftpd enables IPv6 monitoring. # If set to "listen_ipv6=YES", it means vsftpd will enable IPv6 listening; # If set to "listen_ipv6=NO", it means vsftpd will not enable IPv6 listening. # By default, the IPv6 listening address is "::", and it can accept connections from IPv6 and IPv4 clients. # If you only need to monitor IPv4 or IPv6 addresses, you do not need to enable both monitors at the same time. If you need to monitor specific IPv4 and IPv6 addresses at the same time, you need to run two vsftpd instances and use two different configuration files. configuration. listen_ipv6=YES # #Set whether to allow anonymous FTP login. anonymous_enable=NO # #Set whether to allow local users to log in to the FTP server. local_enable=YES # # Set whether FTP users are allowed to perform write operations. # write_enable=YES # #Set the default umask value for local users. #umask is a three-digit octal number used to control access permissions for newly created files or directories. # In the FTP server, the local_umask option is used to set the default permissions for local users when uploading files or creating directories. # By default, the value of local_umask is 077, which means that the newly created file or directory permissions are readable, writable, and executable only by the owner, and other users do not have permission to access. # If your user wants the default permissions to be readable, writable, and executable by the owner, and readable and executable by other users, you can set the value of local_umask to 022. local_umask=022 # #Set whether to allow anonymous FTP users to upload files. # If you uncomment this option (that is, delete "#") and set its value to YES, anonymous FTP users are allowed to upload files. # However, this option will only take effect if global write permission is activated. Additionally, you will need to create a directory that is writable by the FTP user so that anonymous FTP users can upload files. # It should be noted that turning on the function of anonymous FTP users to upload files may involve certain security risks, so it needs to be used with caution. # anon_upload_enable=YES # #Set whether to allow anonymous FTP users to create new directories. # If you uncomment this option (that is, delete "#") and set its value to YES, anonymous FTP users are allowed to create new directories. # It should be noted that turning on the function of creating new directories for anonymous FTP users may have certain security risks, so it needs to be used with caution. # anon_mkdir_write_enable=YES # # This configuration file is used to set whether to enable the directory message function. # If set to YES, it means the directory message function is enabled. When a remote user enters a directory, messages for that directory are displayed. dirmessage_enable=YES # #Set whether to enable the local time function. # After enabling the local time function, vsftpd will display local time instead of GMT time in the directory list. use_localtime=YES # # Enable upload and download logging. # After enabling this function, vsftpd will record each user's upload and download operations and log them to the specified log file. xferlog_enable=YES # #Set the port number for data transmission. # Set its value to YES, which means the port number used for data transmission is 20. connect_from_port_20=YES # # Set the owner of files uploaded by anonymous users. # Set to YES, which means the uploaded file will be converted to the ownership of the specified user. # chown_uploads=YES # Set to the specified username. #chown_username=whoever # #Set the path of the vsftpd log file. The path must be writable and accessible to the vsftpd process. # xferlog_file=/var/log/vsftpd.log # # Set the format of vsftpd log file. If the device is YES, it is stored in the standard ftpd xferlog format. # xferlog_std_format=YES # # Set vsftpd idle session timeout time (in seconds). # idle_session_timeout=600 # # Set vsftpd data connection timeout time (in seconds). # data_connection_timeout=120 # # vsftpd recommends defining a unique user on the system for use by the FTP server, as a fully isolated and unprivileged user. # The nopriv_user option can be used to specify the username of this user. # nopriv_user=ftpsecure # # Used to enable recognition of asynchronous ABOR requests. # The asynchronous ABOR request is an FTP client request used to cancel the currently ongoing data transfer operation. # Enabling this option can improve the performance of the FTP server, but it will also increase security risks. Because the code of asynchronous ABOR requests is relatively complex, it may be used by hackers to conduct malicious attacks. # Therefore, if security is the primary concern, it is not recommended to enable this option. # async_abor_enable=YES # # Used to control whether the FTP server enables file conversion in ASCII mode. # By default, the FTP server will pretend to allow ASCII mode, but will actually ignore the request. # If you need to enable file conversion in ASCII mode, you can uncomment the ascii_upload_enable and ascii_download_enable options and set their values to YES. # In ASCII mode, the FTP server will convert line feeds and carriage returns in text files for transmission between different operating systems. # However, it should be noted that there may be some security risks in ASCII mode. For example, an attacker can use the SIZE command to send a very large file name in ASCII mode, causing the FTP server to crash. # Therefore, it is recommended to use ASCII mode with caution and ensure that the FTP server has taken appropriate security measures. # ascii_upload_enable=YES # ascii_download_enable=YES # # The setting of the login banner of vsftpd can be understood as a welcome message after successful login. # ftpd_banner=Welcome to blah FTP service. # # Whether the device rejects anonymous email addresses # Helps mitigate Denial of Service (DoS) attacks using anonymous access to FTP servers. If a banned email address is detected, the server will deny access to that user. # deny_email_enable=YES # If the option to deny anonymous email addresses is enabled, the list of banned email addresses is read from the specified file "/etc/vsftpd.banned_emails". # banned_email_file=/etc/vsftpd.banned_emails # # The device restricts local users to only access their home directory. # If enabled, local users will only access their home directory and its subdirectories, and will not be able to access other directories. # chroot_local_user=YES # # Whether to allow local users and whether to restrict local users to their home directories. If set to YES, users listed in chroot_list_file will not be restricted to their home directories. # chroot_local_user=YES # Whether to enable the chroot_list_file list, used to specify which users should not be restricted to the home directory. # chroot_list_enable=YES # Specifies the path and name of the chroot_list_file list. One username per line. # chroot_list_file=/etc/vsftpd.chroot_list # # No enables the recursive option "-R" of the ls command, which can recursively list subdirectories when listing directory contents. # By default, this option is disabled to avoid excessive I/O caused by remote users on large sites. #ls_recurse_enable=YES # # Custom configuration: # # An empty directory is specified as a safe chroot() jail. # In some cases, vsftpd does not need to access the file system, so FTP users can be restricted to this empty directory to enhance security. This directory should be empty and should not be writable by the FTP user. secure_chroot_dir=/var/run/vsftpd/empty # # Specify the name of the PAM service that vsftpd will use. # By default, the value of pam_service_name is "vsftpd", which means vsftpd will use the PAM service named "vsftpd" for authentication. # If you need to use other PAM services, you can modify the value of this option. pam_service_name=vsftpd # # Used to specify the location of the RSA certificate used in SSL encrypted connections. # Specify the location of the RSA certificate and private key by setting the rsa_cert_file and rsa_private_key_file options. # Among them, the rsa_cert_file option is used to specify the location of the certificate file, and the rsa_private_key_file option is used to specify the location of the private key file. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key # Whether to enable SSL encrypted connection. ssl_enable=NO # # Specify whether to use UTF-8 encoded file system in vsftpd. #utf8_filesystem=YES
2. Modify the configuration file
Add and modify based on the original code. The specific additions and modifications that need to be made are as follows
local_enable=YES write_enable=YES chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list # Set the local root directory of the FTP user. That is to say, after the FTP user logs in, his or her working directory will be limited to this directory and its subdirectories. local_root=/data/liss/data //The address here is your own newly created address
3. Create ftp user directory
This is the first directory entered after ftp is run.
First create a folder, usually in the root directory, the code is as follows
sudo mkdir /home/lzc/ftproot
After creating it, remember to modify the permissions of the file. Here I will change it to the highest permissions. The command is as follows
sudo chmod 777 /home/lzc/ftproot
By the way, let’s talk about the meaning of 777
The permissions of the three objects configured in 777 are owner, group, and other.
owner: The first one indicates the owner’s permissions group: The second digit indicates the permissions of users in the same group other: The third digit indicates public user permissions
Each number consists of three binary digits, in orderr,w,x
r (read): can read the actual content of this file, such as reading the text content of a text file, etc. w (write): You can edit, add or modify the content of the file (but not delete the file) x (execute): The file has permission to be executed by the system For example, 7 means r + w + x, which means it has read, write, and executable permissions. 3 means w + x, which has writable and executable permissions, and so on
The second step is to add the FTP user uftp, specify the user’s home directory and the shell used
# The `-d` option specifies the user's home directory, which is the default directory where the user logs in. In this example, `-d /home/uftp` specifies that the `uftp` user's home directory is `/home/uftp`. # The `-s` option specifies the user's default shell. Shell is a command line interpreter that allows users to interact with the operating system. In this example, `-s /bin/bash` specifies that the default shell for the `uftp` user is Bash. sudo useradd -d /home/lzc/ftproot -s /bin/bash ftproot
It should be noted here that the address of the folder must be correct, otherwise an error will be reported when using file zilla to transfer files. I made this simple mistake here and did not find it. I tortured my family all afternoon. Who knows?
500 OOPS:cannot read user list file
Step 3: Set password
sudo passwd uftp
4. Add vsftpd.chroot_list
Edit the /etc/vsftpd.chroot_list file, which is used to store addresses that allow ftp access. It is easy to see from the name that this is a linked list.
Enter the following command
sudo vim /etc/vsftpd.chroot_list
Add the name of the folder you just created. Here I created ftproot
You can also add as many as you like
5. Restart the ftp service
Use the command to restart the ftp service
sudo service vsftpd restart
6. File Zilla connection
Open File Zilla, enter the IP address of ubuntu, the user name is the name of the file created under ubuntu, the password is the password you just set when you created it, and the port number defaults to 21. That’s it.
Summary
This is not the first time I have configured it, but there are still low-level errors, and I have been tortured. I am still saying that, my family, who understands! ! ! Dear students, you should be more careful so as not to waste a lot of unnecessary time.
Reference link: Building an FTP server on Ubuntu system_ubuntu ftp_QiD Brain’s Blog-CSDN Blog
I would like to thank the author here, with some citations.