ubuntu 18.04装ftp服务器+外网访问
转 https://blog.csdn.net/u011668104/article/details/82682890
环境如下:Ubuntu18.04 vsftpd 3.0.3;
要求: 用winscp 5.13.4,从外网可以连接到服务器,账号只具有上传功能,没有下载和删除功能
以下是操作记录:
sudo apt-get install vsftpd
sudo vim /etc/vsftpd.conf
修改为以下内容
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
download_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
local_root=/home/ftpout/data
修改路由器转发设置
winscp连接报错:连接失败 OOPS: cannot change directory:/xxx
尝试1:修改权限
sudo chown -R ftpout:ftpout /media/smartclass/video_data
结果:错误依然,完全相同
尝试2:
sudo apt install policycoreutils
sudo setsebool -P ftpd_disable_trans 1
sudo service vsftpd restart
结果:错误依然,完全相同
尝试3:
sudo chmod 755 /media/smartclass/
结果:出现另一个错误:Illegal PORT command.
上传数据则会出现
Server sent passive reply with unroutable address 192.168.1.xx, using host address instead.
无法打开传输通道。原因:由于目标计算机积极拒绝,无法连接。
监测到超时! (控制连接)
复制文件到远端时错误。
已解决,解决方案如下:
sudo vim /etc/vsftpd.conf
修改为以下内容
cat /etc/vsftpd.conf | grep -v ‘^#’(这句的意思是打印出文件里面非以#开头的行,意思就是下面是conf文件的非注释行)
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
download_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
port_enable=YES
connect_from_port_20=YES
ftp_data_port=55537
xferlog_file=/var/log/vsftpd.log
ascii_upload_enable=YES
ascii_download_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
local_root=/media/smartclass/video_data
pasv_enable=YES
pasv_address=xx.xx.xx.xx
pasv_max_port=32469
pasv_min_port=32467
路由器端口映射除了ftp协议的21端口需要对外映射以外,还需要把pasv对应的数据端口映射出去,如下图
最后,重启ftp:sudo service vsftpd restart
外网访问连接ftp时,比如用winscp访问,直接用默认的被动模式就好,不需要刻意修改为主动模式。
另外,中文乱码和无法上传的问题:
winscp中解决方案如下:选择高级设置->开启文件名UFT-8编码
现在我们可以上传和删除、修改,不能下载
接下来我们设置删除权限
参考:https://blog.csdn.net/u012743859/article/details/79019583
具体操作如下:
sudo mkdir -p /etc/vsftpd/vsftpd_user_conf
sudo vim /etc/vsftpd/vsftpd_user_conf/ftpuser
写一行:cmds_denied=DELE,RMD 保存
sudo vim /etc/vsftpd.conf
增加一行:user_config_dir=/etc/vsftpd/vsftpd_user_conf
重启ftp:sudo service vsftpd restart
搞定!
补充:
用户自定义设置权限的方式中,DELE和RMD分别代表什么?还有其他权限呢?
cmds_allowed是允许某些权限,cmds_denied是禁止某些权限
ABOR - abort a file transfer
CWD - change working directory
DELE - delete a remote file
LIST - list remote files
MDTM - return the modification time of a file
MKD - make a remote directory
NLST - name list of remote directory
PASS - send password
PASV - enter passive mode
PORT - open a data port
PWD - print working directory
QUIT - terminate the connection
RETR - retrieve a remote file
RMD - remove a remote directory
RNFR - rename from
RNTO - rename to
SITE - site-specific commands
SIZE - return the size of a file
STOR - store a file on the remote host
TYPE - set transfer type
USER - send username
ACCT* - send account information
APPE - append to a remote file
CDUP - CWD to the parent of the current directory
HELP - return help on using the server
MODE - set transfer mode
NOOP - do nothing
REIN* - reinitialize the connection
STAT - return server status
STOU - store a file uniquely
STRU - set file transfer structure
SYST - return system type
参考:
http://blog.chinaunix.net/uid-24250828-id-3760115.html
https://blog.csdn.net/chenguibao/article/details/46301951