ubuntu 18.04裝ftp服務器+外網訪問
轉 https://blog.csdn.net/u011668104/article/details/82682890
環境如下:Ubuntu18.04 vsftpd 3.0.3;
要求: 用winscp 5.13.4,從外網可以連接到服務器,賬號只具有上傳功能,沒有下載和刪除功能
以下是操作記錄:
sudo apt-get install vsftpd
sudo vim /etc/vsftpd.conf
修改為以下內容
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
download_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
local_root=/home/ftpout/data
修改路由器轉發設置
winscp連接報錯:連接失敗 OOPS: cannot change directory:/xxx
嘗試1:修改權限
sudo chown -R ftpout:ftpout /media/smartclass/video_data
結果:錯誤依然,完全相同
嘗試2:
sudo apt install policycoreutils
sudo setsebool -P ftpd_disable_trans 1
sudo service vsftpd restart
結果:錯誤依然,完全相同
嘗試3:
sudo chmod 755 /media/smartclass/
結果:出現另一個錯誤:Illegal PORT command.
上傳數據則會出現
Server sent passive reply with unroutable address 192.168.1.xx, using host address instead.
無法打開傳輸通道。原因:由於目標計算機積極拒絕,無法連接。
監測到超時! (控制連接)
復制文件到遠端時錯誤。
已解決,解決方案如下:
sudo vim /etc/vsftpd.conf
修改為以下內容
cat /etc/vsftpd.conf | grep -v ‘^#’(這句的意思是打印出文件里面非以#開頭的行,意思就是下面是conf文件的非注釋行)
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
download_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
port_enable=YES
connect_from_port_20=YES
ftp_data_port=55537
xferlog_file=/var/log/vsftpd.log
ascii_upload_enable=YES
ascii_download_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
local_root=/media/smartclass/video_data
pasv_enable=YES
pasv_address=xx.xx.xx.xx
pasv_max_port=32469
pasv_min_port=32467
路由器端口映射除了ftp協議的21端口需要對外映射以外,還需要把pasv對應的數據端口映射出去,如下圖
最后,重啟ftp:sudo service vsftpd restart
外網訪問連接ftp時,比如用winscp訪問,直接用默認的被動模式就好,不需要刻意修改為主動模式。
另外,中文亂碼和無法上傳的問題:
winscp中解決方案如下:選擇高級設置->開啟文件名UFT-8編碼
現在我們可以上傳和刪除、修改,不能下載
接下來我們設置刪除權限
參考:https://blog.csdn.net/u012743859/article/details/79019583
具體操作如下:
sudo mkdir -p /etc/vsftpd/vsftpd_user_conf
sudo vim /etc/vsftpd/vsftpd_user_conf/ftpuser
寫一行:cmds_denied=DELE,RMD 保存
sudo vim /etc/vsftpd.conf
增加一行:user_config_dir=/etc/vsftpd/vsftpd_user_conf
重啟ftp:sudo service vsftpd restart
搞定!
補充:
用戶自定義設置權限的方式中,DELE和RMD分別代表什么?還有其他權限呢?
cmds_allowed是允許某些權限,cmds_denied是禁止某些權限
ABOR - abort a file transfer
CWD - change working directory
DELE - delete a remote file
LIST - list remote files
MDTM - return the modification time of a file
MKD - make a remote directory
NLST - name list of remote directory
PASS - send password
PASV - enter passive mode
PORT - open a data port
PWD - print working directory
QUIT - terminate the connection
RETR - retrieve a remote file
RMD - remove a remote directory
RNFR - rename from
RNTO - rename to
SITE - site-specific commands
SIZE - return the size of a file
STOR - store a file on the remote host
TYPE - set transfer type
USER - send username
ACCT* - send account information
APPE - append to a remote file
CDUP - CWD to the parent of the current directory
HELP - return help on using the server
MODE - set transfer mode
NOOP - do nothing
REIN* - reinitialize the connection
STAT - return server status
STOU - store a file uniquely
STRU - set file transfer structure
SYST - return system type
參考:
http://blog.chinaunix.net/uid-24250828-id-3760115.html
https://blog.csdn.net/chenguibao/article/details/46301951