vsftpd 基本配置实践 匿名anonymous用户上传文件 和 root 登陆
可可火山 20080411
以下为在CentOS中测试,让匿名anonymous用户上传文件,一切配置文件从初时状态开始:
1.file:/etc/vsftpd/vsftpd.conf
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
2.anonymous登陆后发现还是不能upload,报权限错误,不管在/目录还是/pub.检查/pub权限发现权限很低.
[root@CentOS5 pub]# ls -ld /var/ftp/pub/
drwxr-xr-x 3 root root 4096 Mar 17 00:07 /var/ftp/pub/
这个时候需要建个目录来让用户上传.
[root@CentOS5 pub]# mkdir /var/ftp/incomming
[root@CentOS5 pub]# chmod a+w /var/ftp/incomming
3.重新匿名用户登陆,在/incomming内上传文件和建目录OK.
以下为在CentOS中测试,让root通过ftp登陆,一切配置文件从初时状态开始:
1.删除/etc/vsftpd/user_list中的root一行.
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
这样用root登陆,不会直接deny,但输入正确密码还是不能登陆.查看/etc/log/secure就可以发现pam阻止了root的登陆.
2.找到/etc/pam.d/vsftpd发现pam会检查/etc/vsftpd/ftpusers配置文件.
打开/etc/vsftpd/ftpusers的第一行说明了这个配置文件的作用
# Users that are not allowed to login via ftp
删除root一行重启vsftpd后root就可以登陆了.
后话:1.ftp属于明文传输,有安全隐患.更不用说拿root直接登陆ftp.
2.推荐使用ssh,即可以跑命令也可以传文件.
阅读(4032) | 评论(0) | 转发(0) |
