LeeHui

Linux FTP 服务器搭建

 1024

FTP or the File Transfer Protocol is the most popular network protocol that is used to transfer files and information between two systems over a network. However, the FTP by default does not encrypt the traffic, which is not a secure method and can result in an attack on a server. This is where VSFTPD comes which stands for Very Secure FTP Daemon and is a secure, stable, and fast FTP server. VSFTPD is licensed under GNU GPL. For most of the Linux distributions, VSFTPD is used as a default FTP server.

Install vsftpd on your Ubuntu system by typing this command into the terminal:

$ sudo apt install vsftpd

#Configure vsftpd server

  1. It’s always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let’s rename the default config file:

    $ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf_orig

  2. Create a new vsftpd configuration file using vim or whichever text editor you prefer:

    $ sudo vim /etc/vsftpd.conf

  3. Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you’ve verified this is working properly:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

    listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=10100
allow_writeable_chroot=YES

    Paste the above lines into your newly created /etc/vsftpd.conf file, and then save changes and close the file.

  4. Ubuntu’s built-in firewall will block FTP traffic by default, but the following command will create an exception in UFW to allow the traffic:

    $ sudo ufw allow from any to any port 20,21,10000:10100 proto tcp
$ sudo ufw status

  5. With the configuration file saved and the firewall rules updated, restart vsftpd to apply the new changes:

    To enable the VSFTPD service to start on boot, issue the following command in Terminal:

$ sudo systemctl enable vsftpd.service
To run the VSFTPD service, issue the following command in Terminal:

$ sudo systemctl start vsftpd.service
If you need to restart the VSFTPD service after making any configuration changes, issue the following command in Terminal:

$ sudo systemctl restart vsftpd.service
To verify if the VSFTPD is active and running, issue the following command in Terminal:
$ sudo systemctl status vsftpd.service

#Create an FTP user

Our FTP server is ready to receive incoming connections, so now it’s time to create a new user account that we’ll use to connect to the FTP service.

  1. Use this first command to create a new account called ftpuser, and the second command to set a password for the account:

    $ sudo useradd -m ftpuser
$ sudo passwd ftpuser
New password: 
Retype new password: 
passwd: password updated successfully

  2. In order to verify that everything’s working properly, you should store at least one file in ftpuser’s home directory. This file should be visible when we login to FTP in the next steps.

    $ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"

#Connect to FTP server via command line

You should now be able to connect to your FTP server either by IP address or hostname. First, ensure that the default FTP client utility is installed on your system by running the following command. It will either install the software or tell you that it already exists on the system.

$ sudo apt install ftp

To connect from command line and verify that everything is working, open a terminal and use Ubuntu’s ftp command to connect to your loopback address (127.0.0.1).

$ ftp 127.0.0.1

#Change default FTP port number

By default, the FTP protocol listens on port 21 for user authentication and port 20 for data transfer. However, we can change this behavior by making a small edit to the /etc/vsftpd.conf file. At the bottom of the file, use the listen_port directive to specify a different port for vsftpd to use. For example, adding the following line will instruct vsftpd to listen on port 2121:

listen_port=2121

#限制可访问的目录

如新建一个 admin 用户,若指定 admin 只能访问 /home /uftp 目录下的 administer 目录。则:

  1. 首先要存在 administer 目录,并且保证 administer 目录不具备可写的权限,否则将造成登录失败。可使用“chmod a-w + 目录”进行权限的修改。
  2. vim /etc/vsftpd.conf 在文件末位添加 local_root=/home/uftp/administer。其中 administer 即是限制访问的目录。
  3. chroot_list_enable=YESchroot_list_file=/etc/vsftpd.chroot_list 的注释去掉。
  4. 若没有 vsftpd.chroot_list 文件,则新建 vsftpd.chroot_list 文件:vim / etc/ vsftpd.chroot_list
  5. 在文件里添加“admin”用户。
  6. 重启 FTP 服务器 sudo systemctl restart vsftpd.service

#参考

https://linuxconfig.org/how-to-setup-and-use-ftp-server-in-ubuntu-linux

https://linuxhint.com/installing_ftp_server_linux_mint/

updatedupdated2022-07-192022-07-19

相关文章: