常見響應碼
| 響應碼 | 含義 |
| 110 | 重新啟動標記應答 |
| 120 | 服務在指定時間內准備好 |
| 125 | 數據連接打開,開始傳輸 |
| 150 | 文件狀態良好,將要打開數據連接 |
| 200 | 命令成功 |
| 202 | 命令沒有執行 |
| 211 | 系統狀態回復 |
| 212 | 目錄狀態回復 |
| 213 | 文件狀態回復 |
| 214 | 幫助信息回復 |
| 215 | 系統類型回復 |
| 220 | 服務就緒 |
| 221 | 服務關閉控制連接,可以退出登錄 |
| 225 | 數據連接打開,無傳輸正在進行 |
| 226 | 關閉數據連接,請求的文件操作成功 |
| 227 | 進入被動模式 |
| 230 | 用戶已經登錄 |
| 250 | 請求的文件操作完成 請求文件操作終止,超過存儲分配 |
| 257 | 創建路徑名 |
| 332 | 登錄時需要賬戶信息 |
| 350 | 請求的文件操作需要進一步的口令 |
| 426 | 關閉連接,終止傳輸 |
| 450 | 文件不可用 |
| 451 | 中止請求操作,有本地錯誤 |
| 452 | 磁盤空間不足 |
| 500 | 權限過大 |
| 501 | 語法錯誤 |
| 502 | 命令未執行 |
| 503 | 命令順序錯誤 |
| 504 | 無效命令參數 |
| 530 | 認證失敗 |
| 532 | 存儲文件需要賬戶信息 |
| 550 | 服務本身不允許 |
| 551 | 請求操作終止,頁類型未知 |
| 553 | 文件系統權限過小 |
ftp的常見問題
匿名用戶家目錄的權限問題
ftp不能修改匿名用戶的家目錄,否則服務及時啟動了,用戶也登錄不了,會出現下面的現象,輸入完用戶名,兩次回車后,就卡着不動了。
抓包可以看出
[root@iZ8vb2hjg65famgbqjk1diZ ~]# tcpdump -nnn -i eth0 tcp port 21 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 19:40:49.683144 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [S], seq 3111604523, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0 19:40:49.683185 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [S.], seq 1886686711, ack 3111604524, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 19:40:49.694527 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 1, win 259, length 0 19:40:49.696843 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 1:21, ack 1, win 229, length 20: FTP: 220 (vsFTPd 3.0.3) 19:40:49.791142 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 21, win 259, length 0 以上為建立命令連接時的三次握手的TCP報文 19:41:00.230394 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [P.], seq 1:11, ack 21, win 259, length 10: FTP: USER ftp 19:41:00.230422 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [.], ack 11, win 229, length 0 19:41:00.230646 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 21:55, ack 11, win 229, length 34: FTP: 331 Please specify the password. 19:41:00.286832 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 55, win 259, length 0 以上為用戶認證時的認證時的報文 19:41:05.782272 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [P.], seq 11:18, ack 55, win 259, length 7: FTP: PASS 19:41:05.785501 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 55:65, ack 18, win 229, length 10: FTP: 500 OOPS: [!ftp] 19:41:05.785515 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:05.785525 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 123:125, ack 18, win 229, length 2: FTP: 19:41:05.785903 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [F.], seq 125, ack 18, win 229, length 0 19:41:05.803200 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 65, win 258, options [nop,nop,sack 1 {123:125}], length 0 19:41:05.803219 IP 114.249.135.195.27828 > 172.26.53.172.21: Flags [.], ack 65, win 258, options [nop,nop,sack 1 {123:125}], length 0 19:41:05.808702 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:06.037744 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:06.493712 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp] 19:41:07.437699 IP 172.26.53.172.21 > 114.249.135.195.27828: Flags [P.], seq 65:123, ack 18, win 229, length 58: FTP: vsftpd: refusing to run with writable root inside chroot()[!ftp]
修改pam認證也會造成輸入完用戶名密碼就不動了
[root@iZzm446eh1ux98Z pam.d]# vim /etc/security/access.conf -:zhang:ALL EXCEPT 121.89.165.3 ## 表示zhang用戶訪問ftp只能通過121.89.165.3這台服務器
修改pam
[root@iZzm446eh1ux98Z pam.d]# vim /etc/pam.d/vsftpd #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account required pam_access.so # 添加的內容 account include password-auth session required pam_loginuid.so session include password-auth
重啟vsftpd
[root@iZzm446eh1ux98Z pam.d]# systemctl restart vsftpd
登錄測試
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
其他服務器就卡在哪里了
[root@ans1 ~]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password:
修改權限一般報錯就是500 OOPS
[root@iZzm446eh1ux98Z pam.d]# ll /home/ total 4 drwxrwxrwx 2 zhang zhang 4096 May 16 19:04 zhang
登錄的時候報錯
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.43.56.7 Connected to 182.43.56.7 (182.43.56.7). 220 (vsFTPd 3.0.2) Name (182.43.56.7:root): zhang 331 Please specify the password. Password: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed. 421 Service not available, remote server has closed connection
修改對應用戶家目錄權限即可
[root@iZzm446eh1ux98Z pam.d]# chmod 700 /home/zhang/ [root@iZzm446eh1ux98Z pam.d]# systemctl restart vsftpd
登錄測試
[root@iZ8vb2hjg65famgbqjk1diZ vsftpd]# ftp 182.92.58.141 Connected to 182.92.58.141 (182.92.58.141). 220 (vsFTPd 3.0.2) Name (182.92.58.141:root): zhang 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
啟動vsftpd的方法問題
使用vsftpd命令啟動服務的時候,如果重啟使用systemctl的unit腳本文件,會無法重啟
[root@test ~]# vsftpd
[root@test ~]# ss -lntp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5)) LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15)) LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1396,fd=3)) [root@test ~]# systemctl restart vsftpd Job for vsftpd.service failed because the control process exited with error code. See "systemctl status vsftpd.service" and "journalctl -xe" for details.
根據提示看了一下日志
Apr 15 20:57:38 test systemd[1]: Reloading.
Apr 15 20:57:42 test systemd[1]: Starting Vsftpd ftp daemon... -- Subject: Unit vsftpd.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit vsftpd.service has begun starting up. Apr 15 20:57:45 test systemd[1]: vsftpd.service: Control process exited, code=exited status=1 Apr 15 20:57:45 test systemd[1]: vsftpd.service: Failed with result 'exit-code'. Apr 15 20:57:45 test systemd[1]: Failed to start Vsftpd ftp daemon. -- Subject: Unit vsftpd.service has failed -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit vsftpd.service has failed. -- -- The result is RESULT.
我猜想肯定是啟動腳本的問題,看了一下unit文件
[root@test ~]# vim /usr/lib/systemd/system/vsftpd.service
[Unit]
Description=Vsftpd ftp daemon After=network.target [Service] Type=forking ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf [Install] WantedBy=multi-user.target
嘗試用unit中的啟動方式啟動
[root@test ~]# /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[root@test ~]# ss -lntp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5)) LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15)) LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1707,fd=3))
再重啟還是報錯
[root@test ~]# systemctl restart vsftpd.service
Job for vsftpd.service failed because the control process exited with error code. See "systemctl status vsftpd.service" and "journalctl -xe" for details.
用unit文件啟動就好使
[root@test ~]# systemctl start vsftpd.service
[root@test ~]# ss -lntp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5)) LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15)) LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1739,fd=3)) [root@test ~]# systemctl restart vsftpd.service [root@test ~]# ss -lntp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=873,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=918,fd=5)) LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=873,fd=15)) LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1767,fd=3))
與unit文件中的Type有關系
使用命令啟動的時候只啟動了一個進程
[root@node03 ~]# vsftpd
[root@node03 ~]# ps -ef|grep ftp root 1732 1 0 09:58 ? 00:00:00 vsftpd root 1734 1366 0 09:58 pts/0 00:00:00 grep --color=auto ftp
使用unit啟動的時候fork了子進程
[root@test ~]# ps -ef|grep ftp root 2210 1 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf nobody 2211 2210 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf ftp 2213 2211 0 21:51 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf