知识大全 vsftpd frequently asked questions

Posted 2022-07-16 文字

篇首语：好汉做事干到底，好马登程跑到头。本文由小常识网(cha138.com)小编为大家整理，主要介绍了知识大全 vsftpd frequently asked questions相关的知识，希望对你有一定的参考价值。

　　Q) Can I restrict users to their home directories?　　A) Yes You are probably after the setting:　　chroot_local_user=YES　　Q) Does vsftpd support a limit on the number of users connected?　　A ) Yes indirectly vsftpd is an inetd based service If use the popular　　 xinetd as your inetd this supports per service per IP connection limits 　　There is an example of this in the EXAMPLE directory 　　A ) If you run vsftpd in standalone mode with the setting listen=YES then　　you can investigate the setting (e g ):　　max_clients= 　　Q) Help! I m getting the error message refusing to run with writable anonymous　　root 　　A) vsftpd is protecting against dangerous configurations The cause of this　　message is usually dodgy ownership of the ftp home directory The home　　directory should NOT be owned by the ftp user itself Neither should it　　be writable by the ftp user A way to fix this is:　　chown root ~ftp; chmod w ~ftp　　Q) Help! I m getting the error message str_getpwnam 　　A) The most likely cause of this is that the nobody user does not exist on　　your system vsftpd needs this user to run bits of itself with no privilege 　　Q) Help! Local users cannot log in 　　A) There are various possible problems 　　A ) By default vsftpd disables any logins other than anonymous logins Put　　local_enable=YES in your /etc/nf to allow local users to log in 　　A ) vsftpd tries to link with PAM (Run ldd vsftpd and look for libpam to　　find out whether this has happened or not) If vsftpd links with PAM then　　you will need to have a PAM file installed for the vsftpd service There is　　a sample one for RedHat systems included in the RedHat directory put it　　under /etc/pam d　　A ) If vsftpd didn t link with PAM then there are various possible issues Is　　the user s shell in /etc/shells? If you have shadowed passwords does your　　system have a shadow h file in the include path?　　A ) If you are not using PAM then vsftpd will do its own check for a valid　　user shell in /etc/shells You may need to disable this if you use an invalid　　shell to disable logins other than FTP logins Put check_shell=NO in your　　/etc/nf 　　Q) Help! Uploads or other write mands give me Unknown mand 　　A) By default write mands including uploads and new directories are　　disabled This is a security measure To enable writes put write_enable=YES　　in your /etc/nf 　　Q) Help! What are the security implications referred to in the　　 chroot_local_user option?　　A) Firstly note that other ftp daemons have the same implications It is a　　generic problem 　　The problem isn t too severe but it is this: Some people have FTP user　　accounts which are not trusted to have full shell access If these　　accounts can also upload files there is a small risk A bad user now has　　control of the filesystem root which is their home directory The ftp　　daemon might cause some config file to be read e g /etc/some_file With　　chroot() this file is now under the control of the user vsftpd is　　careful in this area But the system s libc might want to open locale　　config files or other settings 　　Q) Help! Uploaded files are appearing with permissions rw 　　A) Depending on if this is an upload by a local user or an anonymous user 　　use local_umask or anon_umask to change this For example use　　 anon_umask= to give anonymously uploaded files permissions　　 rw r r Note that the before the is important 　　Q) Help! How do I integrate with LDAP users and logins?　　A) Use vsftpd s PAM integration to do this and have PAM authenticate against　　an LDAP repository 　　Q) Help! Does vsftpd do virtual hosting setups?　　A ) Yes If you integrate vsftpd with xinetd you can use xinetd to bind to　　several different IP addresses For each IP address get xinetd to launch　　vsftpd with a different config file This way you can get different behaviour　　per virtual address 　　A ) Alternatively run as many copies as vsftpd as necessary in standalone　　mode Use listen_address=x x x x to set the virtual IP 　　Q) Help! Does vsftpd support virtual users?　　A) Yes via PAM integration Set guest_enable=YES in /etc/nf This　　has the effect of mapping every non anonymous successful login to the local　　username specified in guest_username Then use PAM and (e g ) its pam_userdb　　module to provide authentication against an external (i e non /etc/passwd)　　repository of users 　　Note currently there is a restriction that with guest_enable enabled local　　users also get mapped to guest_username 　　There is an example of virtual users setup in the EXAMPLE directory 　　Q) Help! Does vsftpd support different settings for different users?　　A) Yes in a very powerful way Look at the setting user_config_dir in the　　manual page 　　Q) Help! Can I restrict vsftpd data connections to a specific range of ports?　　A) Yes See the config settings pasv_min_port and pasv_max_port 　　Q) Help! I m getting the message OOPS: chdir 　　A) If this is for an anonymous login check that the home directory for the　　user ftp is correct If you are using the config setting anon_root check　　that is correct too cha138/Article/program/Oracle/201311/16532