FTP-server搭建、各种报错解决方案、添加ftp虚拟用户
服务器:192.168.100.2332位redhat5.7系统;配置:yum本地源配置:# pwd/etc/yum.repos.d# cat rhel-source.repo name=Red Hat Enterprise Linux $releasever - $basearch - Source#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/baseurl=file:///mnt/rhel62/Serverenabled=1gpgcheck=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-releasename=Red Hat Enterprise Linux $releasever Beta - $basearch - Sourcebaseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/enabled=0gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release系统环境、安装包centOS 5.4db4vsftpd需要RPM包db4-tcl-4.3.29-10.el5_5.2db4-4.3.29-10.el5_5.2db4-java-4.3.29-10.el5_5.2db4-utils-4.3.29-10.el5_5.2db4-devel-4.3.29-10.el5_5.2vsftpd-2.0.5-16.el5_5.12、安装vsftpyum install vsftpd*yum install db4-*添加虚拟用户口令vim /etc/login.txt yzlreadyzldsz!@#yzlwriteyzldsz#@!yzlotheryzldsz***生成虚拟用户口令认证文件db_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login.db 注意:每次新加用户,都要执行此条,生成数据库。chmod 600 /etc/vsftpd/vsftpd_login.db编辑vsftpd的PAM认证文件vi /etc/pam.d/vsftpd将里面的全部注释掉,添加下面的两行32位authrequired/lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccountrequired/lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login注:64位系统,动态库位置有变化:/lib64/security/pam_userdb.soauthrequired/lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccountrequired/lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login建立本地映射用户并设置宿主目录权限useradd -d /home/ftpsite -s /sbin/nologin virtualchmod 700 /home/ftpsite配置vsftpd.conf解析:vi /etc/vsftpd/vsftpd.confanonymous_enable=NOlocal_enable=YESlisten=YES#设置VSFTP服务器启动方式为独立启动#virtual_use_local_privs=YES#将此配置注释掉,否则虚拟用户的权限无法细分user_config_dir=/etc/vsftpd/vsftpd_user_conf#创建此目录,此目录为用户的权限文件配置目录chroot_local_user=YES#设置目录不可以更改主目录listen_port=21pasv_enable=YESpasv_max_port=30000pasv_min_port=30999 guest_enable=YES#开启虚拟用户guest_username=virtual#FTP虚拟用户对于的系统用户pam_service_name=vsftpd#PAM认证文件实例配置:cd /etc/vsftpdcp vsftpd.conf vsftpd.conf.origecho>vsftpd.confvim /etc/vsftpd/vsftpd.conf# Example config file /etc/vsftpd/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.## Allow anonymous FTP? (Beware - allowed by default if you comment this out).anonymous_enable=NO#anonymous_enable=YES## Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=NO## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.anon_upload_enable=NO## Uncomment this if you want the anonymous FTP user to be able to create# new directories.anon_mkdir_write_enable=NOanon_other_write_enable=NOanon_world_readable_only=NO## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## The target log file can be vsftpd_log_file or xferlog_file.# This depends on setting xferlog_std_format parameterxferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## The name of log file when xferlog_enable=YES and xferlog_std_format=YES# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log#xferlog_file=/var/log/xferlog## Switches between logging into vsftpd_log_file and xferlog_file files.# NO writes to vsftpd_log_file, YES to xferlog_filexferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd/banned_emails## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().chroot_local_user=YES#chroot_list_enable=YES#chroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd/chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive.listen=YES## This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6# sockets, you must run two copies of vsftpd whith two configuration files.# Make sure, that one of the listen options is commented !!#listen_ipv6=YESlisten_port=21pasv_enable=YESpasv_max_port=30000pasv_min_port=30999guest_enable=YESguest_username=virtualpam_service_name=vsftpd#userlist_enable=YEStcp_wrappers=YESuser_config_dir=/etc/vsftpd/vsftpd_user_confdual_log_enable=YESvsftpd_log_file=/var/log/vsftpd.log用户配置权限mkdir /etc/vsftpd/vsftpd_user_confvi /etc/vsftpd/vsftpd_user_conf/yzlreadlocal_root=/home/ftpsite/write_enable=YESanon_world_readable_only=NOvi /etc/vsftpd/vsftpd_user_conf/yzlwritelocal_root=/home/ftpsite/如果/home/ftpsite/zhanxunwrite_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESvi /etc/vsftpd/vsftpd_user_conf/yzlotherlocal_root=/home/ftpsite/write_enable=YESanon_world_readable_only=NOanon_upload_enable=YES启动服务:service vsftpd restart访问:ftp://192.168.0.222问题分析:修改配置时报启动错误:# service vsftpd restartShutting down vsftpd:Starting vsftpd for vsftpd: 500 OOPS: bad bool value in config file for: guest_enable登录报认证失败:但登录的密码实际并没有错误。Connected to localhost (127.0.0.1).220 (vsFTPd 2.2.2)Name (localhost:root): yzlread331 Please specify the password.Password:530 Login incorrect.Login failed.LOG日志:# tail -f vsftpd.logWed Jul 18 12:06:33 2012 FAIL LOGIN: Client "127.0.0.1"Wed Jul 18 12:07:10 2012 CONNECT: Client "127.0.0.1"Wed Jul 18 12:07:41 2012 CONNECT: Client "127.0.0.1"Wed Jul 18 12:08:14 2012 FAIL LOGIN: Client "127.0.0.1"检查各配置项,没有发现错误,完全按照文档配置。在32机器上正常,在64位机器上不正常。最后检查认证的配置:# vim/etc/pam.d/vsftpd #%PAM-1.0#sessionoptionalpam_keyinit.soforce revoke#authrequiredpam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed#authrequiredpam_shells.so#authincludepassword-auth#accountincludepassword-auth#sessionrequiredpam_loginuid.so#sessionincludepassword-authauthrequired/lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccountrequired/lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login分析:在想,难道是认证的包不存在?# ll/lib/security/pam_userdb.sols: cannot access /lib/security/pam_userdb.so: No such file or directory#果然不存在。# find /lib64 -name pam_userdb.so/lib64/security/pam_userdb.so原来,64位的库位置变了!教训:从32位程序安装到64位,要考虑动态库的位置变化等因素。启动时报错:/etc/init.d/vsftpd start|restart500 OOPS: cannot change directory:
linux打开ftp遇到的问题 500 OOPS: cannot change directory:
google好多都是执行这个就OK setsebool ftpd_disable_trans 1 service vsftpd restart
但是执行的时候遇到这个问题Could not change active booleans: Invalid boolean
搜了好久终于解决
setsebool -P ftp_home_dir=1教训:安装linux时最好先关闭selinux.登录报file size错误:# ftp localhostTrying ::1...ftp: connect to address ::1Connection refusedTrying 127.0.0.1...Connected to localhost (127.0.0.1).220 (vsFTPd 2.2.2)Name (localhost:root): yzlwrite331 Please specify the password.Password:/etc/vsftpd/vsftpd_login.db: file size not a multiple of the pagesizeLogin failed.rpm -qa|grep db4db4-4.7.25-16.el6.i686db4-devel-4.7.25-16.el6.x86_64db4-devel-4.7.25-16.el6.i686db4-cxx-4.7.25-16.el6.x86_64db4-cxx-4.7.25-16.el6.i686db4-4.7.25-16.el6.x86_64db4-utils-4.7.25-16.el6.x86_64删除I686的包:rpm -e db4-devel-4.7.25-16.el6.i686yum install db4-tcl-*Error Downloading Packages:db4-tcl-4.7.25-16.el6.x86_64: failure: Packages/db4-tcl-4.7.25-16.el6.x86_64.rpm from base: No more mirrors to try.# pwd/opt/soft/db4wget http://mirror.centos.org/centos/6/os/x86_64/Packages/db4-tcl-4.7.25-17.el6.x86_64.rpmdb4-java-4.7.25-16.el6.x86_64.rpm比较0.222环境:db4-4.7.25-16.el6.x86_64db4-devel-4.7.25-16.el6.x86_64db4-utils-4.7.25-16.el6.x86_64db4-cxx-4.7.25-16.el6.x86_64这几个包都有,不用再安装java,tcl等开发包。再执行:# db_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login.dbdb_load: /etc/vsftpd/vsftpd_login.db: file size not a multiple of the pagesize# file /etc/vsftpd/vsftpd_login.db/etc/vsftpd/vsftpd_login.db: Berkeley DB (Hash, version 9, native byte-order)db_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login1.dbdb_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login.db db_load: /etc/vsftpd/vsftpd_login.db: file size not a multiple of the pagesizedb_load: DB->open: /etc/vsftpd/vsftpd_login.db: Invalid argument删除之并重建:# rm -rf /etc/vsftpd/vsftpd_login.db # db_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login.dbOK!没有报错了。原因:使用yum installdb4-*将32位的包也装上了,弄错了数据了。
==============================================================================
FTP添加用户vim /etc/login.txt第一步:增加用户yzlreadyzldsz!@#yzlwriteyzldsz#@!yzlotheryzldsz***testwrite给测试部开的yzl#@!test第二部:生成虚拟用户口令认证文件注意:每次新加用户,都要执行此条,生成数据库。db_load -T -t hash -f /etc/login.txt /etc/vsftpd/vsftpd_login.db 第三部:新建目录/home/ftpsite/zhanxun测试部跟展讯使用必须执行chown virtual.virtual -R zhanxun第四步:配置权限# cd /etc/vsftpd/vsftpd_user_conf#vim testwrite用户名local_root=/home/ftpsite/zhanxunwrite_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES第五步:重启服务service vsftpd restart
女,喜甜食,甚胖!该女有一癖好:痛恨蚂蚁,见必杀之。问其故曰:这小东西,那么爱吃甜食,腰还那么细! 流氓不可怕,就怕流氓有文化。 写的真的很不错 我是来刷分的,嘿嘿 睡眠是一门艺术——谁也无法阻挡我追求艺术的脚步! 避孕的效果:不成功,便成“人”。
页:
[1]