由 askever 在 02-19-2004 18:57 发表:

vsftp权限设置求助!!

求助:

我在rh9.0下用自带的vsftp架设ftp服务器,以/home/FTP/为FTP的根目录,里面有FTP1和FTP2两个子目录.

开始,我设置了允许匿名登陆,登陆的跟目录在FTP1,可以下载不能上传和进入其他上级目录,目录的所有者是root,权限设置是775,

我又建了4个用户名,a/b/c/d,并且都更改为加入root组,可是这个ftp服务器只能C用户和匿名用户登陆,root和其他ABD用户都无法登陆,这是为什么?

后来,我新建了ftper用户,是虚拟用户,无法登入系统,只能登陆ftp的那种,并且将目录的所有者更改成ftper,可是ftper仍然不能登陆ftp,仍然只有C用户能登陆系统,并且C用户还是root组群,没有加入ftper组.这是为什么阿?

是哪里出了问题呢?请各位大侠明示!

253先了~

楼主阿,在遇到你之前，我对人世间是否有真正的圣人是怀疑的；而现在，我终于相信了！我曾经忘情于汉廷的歌赋，我曾经惊讶于李杜的诗才，我曾经流连于宋元的词曲；但现在，我才知道我有多么浅薄！

由 ruochen 在 02-20-2004 10:10 发表:

你考虑的太少了点吧！~

首先你的安全性就不好！~组怎么用root组呢？

vsftp的默认是不允许root来访问的！~

多看点书或者多来论坛看看！~

samaung753dfx+msikt333+duron1.2+128ram+GF2 400+st60G+ecom+samsung52cdrom

+rt8139

winxp+2000server+freebsd5.1+fedora1.0+debian3.0

由 attiseve 在 02-22-2004 00:11 发表:

1 是不是用户根目录没设正确

2 添加用户后是否用passwd命令设置用户密码

3 检查home与FTP文件夹的权限

由 askever 在 02-22-2004 13:44 发表:

首先回2楼,vsftp是可以让root组登陆的,我用一个root组用户名登陆过,后来加了一个用户名之后,就只能那个新加入的用户名可以登陆了,别的都不能登陆了

我看了书,并且和书上设置的基本一样,后来我把用户都删了,文件夹也删了重新建了,用原始的vsftpd.conf文件覆盖了文件.可是还是不行

由 askever 在 02-24-2004 09:37 发表:

我的vsftpd配置文件

Example config file /etc/vsftpd.conf

The default compiled in settings are very paranoid. This sample file

loosens things up a bit, to make the ftp daemon more usable.

Allow anonymous FTP?

anonymous_enable=YES

Uncomment this to allow local users to log in.

local_enable=YES

Uncomment this to enable any form of FTP write command.

write_enable=YES

Default umask for local users is 077. You may wish to change this to 022,

if your users expect that (022 is used by most other ftpd's)

local_umask=022

Uncomment this to allow the anonymous FTP user to upload files. This only

has an effect if the above global write enable is activated. Also, you will

obviously need to create a directory writable by the FTP user.

anon_upload_enable=NO

Uncomment this if you want the anonymous FTP user to be able to create

new directories.

anon_mkdir_write_enable=NO

Activate directory messages - messages given to remote users when they

go into a certain directory.

dirmessage_enable=YES

Activate logging of uploads/downloads.

xferlog_enable=YES

Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

If you want, you can arrange for uploaded anonymous files to be owned by

a different user. Note! Using "root" for uploaded files is not

recommended!

#chown_uploads=YES

#chown_username=whoever

You may override where the log file goes if you like. The default is shown

below.

#xferlog_file=/var/log/vsftpd.log

If you want, you can have your log file in standard ftpd xferlog format

xferlog_std_format=YES

You may change the default value for timing out an idle session.

#idle_session_timeout=600

You may change the default value for timing out a data connection.

#data_connection_timeout=120

It is recommended that you define on your system a unique user which the

ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

Enable this and the server will recognise asynchronous ABOR requests. Not

recommended for security (the code is non-trivial). Not enabling it,

however, may confuse older FTP clients.

#async_abor_enable=YES

By default the server will pretend to allow ASCII mode but in fact ignore

the request. Turn on the below options to have the server actually do ASCII

mangling on files when in ASCII mode.

Beware that turning on ascii_download_enable enables malicious remote parties

to consume your I/O resources, by issuing the command "SIZE /big/file" in

ASCII mode.

These ASCII options are split into upload and download because you may wish

to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),

without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be

on the client anyway..

#ascii_upload_enable=YES

#ascii_download_enable=YES

ftpd_banner=Welcome to linux FTP service!

You may specify a file of disallowed anonymous e-mail addresses. Apparently

useful for combatting certain DoS attacks.

#deny_email_enable=YES

(default follows)

#banned_email_file=/etc/vsftpd.banned_emails

You may specify an explicit list of local users to chroot() to their home

directory. If chroot_local_user is YES, then this list becomes a list of

users to NOT chroot().

#chroot_list_enable=NO

(default follows)

#chroot_list_file=/etc/vsftpd.chroot_list

You may activate the "-R" option to the builtin ls. This is disabled by

default to avoid remote users being able to cause excessive I/O on large

sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

pam_service_name=vsftpd

userlist_enable=YES

#enable for standalone mode

listen=YES

tcp_wrappers=YES

anon_max_rate=400000

anon_root=/home/FTP1

local_enable=YES

max_clients=100

max_per_ip=5

我的FTP根目录:/home/FTP

drwxr-xr-x 4 root root 4096 16:19 FTP

ls -l /home/FTP

drwxr-xr-x 2 root root 4096 16:21 FTP1

drwxr-xr-x 2 root root 4096 16:14 FTP2

现在任何用户都不能登陆了,是不是什么服务没有打开?我vsftpd肯定打开了.

由 ruochen 在 02-24-2004 10:17 发表:

我的FTP根目录:/home/FTP

drwxr-xr-x 4 root root 4096 16:19 FTP

ls -l /home/FTP

drwxr-xr-x 2 root root 4096 16:21 FTP1

drwxr-xr-x 2 root root 4096 16:14 FTP2

(都是root的所有者和组，那就只有是root组的能访问了，别的都进不去的，你一般用户进去的时候肯定都是权限被禁止的提示，是不？)

是你的目录所有者和权限的问题！~

你想实现怎么样的ftp？

你输入这样的命令后再试：

chown -R nobody.nobody FTP1

最好不要涉及到root来管理ftp，不安全的！~

搜索（用vsftp关键字）这个论坛！你会找到答案的！~

samaung753dfx+msikt333+duron1.2+128ram+GF2 400+st60G+ecom+samsung52cdrom

+rt8139

winxp+2000server+freebsd5.1+fedora1.0+debian3.0

由 askever 在 02-24-2004 10:25 发表:

求助:

我现在的vsftp服务器谁都不能登陆了,配置文件如下:

Example config file /etc/vsftpd.conf

The default compiled in settings are very paranoid. This sample file

loosens things up a bit, to make the ftp daemon more usable.

Allow anonymous FTP?

anonymous_enable=YES

no_anon_password=YES

Uncomment this to allow local users to log in.

local_enable=YES

Uncomment this to enable any form of FTP write command.

write_enable=YES

Default umask for local users is 077. You may wish to change this to 022,

if your users expect that (022 is used by most other ftpd's)

local_umask=002

Uncomment this to allow the anonymous FTP user to upload files. This only

has an effect if the above global write enable is activated. Also, you will

obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

Uncomment this if you want the anonymous FTP user to be able to create

new directories.

#anon_mkdir_write_enable=YES

Activate directory messages - messages given to remote users when they

go into a certain directory.

dirmessage_enable=YES

Activate logging of uploads/downloads.

xferlog_enable=YES

Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

If you want, you can arrange for uploaded anonymous files to be owned by

a different user. Note! Using "root" for uploaded files is not

recommended!

chown_uploads=YES

chown_username=terry

You may override where the log file goes if you like. The default is shown

below.

#xferlog_file=/var/log/vsftpd.log

If you want, you can have your log file in standard ftpd xferlog format

xferlog_std_format=YES

You may change the default value for timing out an idle session.

#idle_session_timeout=600

vsftp权限设置求助!!

Example config file /etc/vsftpd.conf

The default compiled in settings are very paranoid. This sample file

loosens things up a bit, to make the ftp daemon more usable.

Allow anonymous FTP?

Uncomment this to allow local users to log in.

Uncomment this to enable any form of FTP write command.

Default umask for local users is 077. You may wish to change this to 022,

if your users expect that (022 is used by most other ftpd's)

Uncomment this to allow the anonymous FTP user to upload files. This only

has an effect if the above global write enable is activated. Also, you will

obviously need to create a directory writable by the FTP user.

Uncomment this if you want the anonymous FTP user to be able to create

new directories.

Activate directory messages - messages given to remote users when they

go into a certain directory.

Activate logging of uploads/downloads.

Make sure PORT transfer connections originate from port 20 (ftp-data).

If you want, you can arrange for uploaded anonymous files to be owned by

a different user. Note! Using "root" for uploaded files is not

recommended!

You may override where the log file goes if you like. The default is shown

below.

If you want, you can have your log file in standard ftpd xferlog format

You may change the default value for timing out an idle session.

You may change the default value for timing out a data connection.

It is recommended that you define on your system a unique user which the

ftp server can use as a totally isolated and unprivileged user.

Enable this and the server will recognise asynchronous ABOR requests. Not

recommended for security (the code is non-trivial). Not enabling it,

however, may confuse older FTP clients.

By default the server will pretend to allow ASCII mode but in fact ignore

the request. Turn on the below options to have the server actually do ASCII

mangling on files when in ASCII mode.

Beware that turning on ascii_download_enable enables malicious remote parties

to consume your I/O resources, by issuing the command "SIZE /big/file" in

ASCII mode.

These ASCII options are split into upload and download because you may wish

to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),

without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be

on the client anyway..

You may fully customise the login banner string:

You may specify a file of disallowed anonymous e-mail addresses. Apparently

useful for combatting certain DoS attacks.

(default follows)

You may specify an explicit list of local users to chroot() to their home

directory. If chroot_local_user is YES, then this list becomes a list of

users to NOT chroot().

(default follows)

You may activate the "-R" option to the builtin ls. This is disabled by

default to avoid remote users being able to cause excessive I/O on large

sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

the presence of the "-R" option, so there is a strong case for enabling it.

Example config file /etc/vsftpd.conf

The default compiled in settings are very paranoid. This sample file

loosens things up a bit, to make the ftp daemon more usable.

Allow anonymous FTP?

Uncomment this to allow local users to log in.

Uncomment this to enable any form of FTP write command.

Default umask for local users is 077. You may wish to change this to 022,

if your users expect that (022 is used by most other ftpd's)

Uncomment this to allow the anonymous FTP user to upload files. This only

has an effect if the above global write enable is activated. Also, you will

obviously need to create a directory writable by the FTP user.

Uncomment this if you want the anonymous FTP user to be able to create

new directories.

Activate directory messages - messages given to remote users when they

go into a certain directory.

Activate logging of uploads/downloads.

Make sure PORT transfer connections originate from port 20 (ftp-data).

If you want, you can arrange for uploaded anonymous files to be owned by

a different user. Note! Using "root" for uploaded files is not

recommended!

You may override where the log file goes if you like. The default is shown

below.

If you want, you can have your log file in standard ftpd xferlog format

You may change the default value for timing out an idle session.

You may ch