[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/user1"
ftp> dir
227 Entering Passive Mode (127,0,0,1,229,168)
150 Here comes the directory listing.
drwx—— 3 501 501 4096 Aug 27 13:02 mail
-rw——- 1 501 501 4081 Aug 27 11:20 mbox
226 Directory send OK.
ftp> cd /var/ftp/pub
250-This is pub dir
250 Directory successfully changed. —用户可以任意切换目录
ftp> pwd
257 "/var/ftp/pub"
ftp> bye
221 Goodbye.
[root@mail ~]# vim /etc/vsftpd/vsftpd.conf
93 # You may specify an explicit list of local users to chroot() to their home
94 # directory. If chroot_local_user is YES, then this list becomes a list of
95 # users to NOT chroot().
100 chroot_local_user=yes
[root@mail ~]# service vsftpd restart
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> cd /var/ftp/pub
550 Failed to change directory.
ftp> bye
221 Goodbye.
[root@mail ~]# vim /etc/vsftpd/vsftpd.conf
96 chroot_list_enable=YES
98 chroot_list_file=/etc/vsftpd/chroot_list
[root@mail ~]# vim /etc/vsftpd/chroot_list
user1
[root@mail ~]#
[root@mail ~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> cd /var/ftp/pub
550 Failed to change directory.
ftp> bye
221 Goodbye.
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/user2"
ftp> cd /var/ftp/pub
250-This is pub dir
250 Directory successfully changed.
ftp> pwd
257 "/var/ftp/pub"
ftp> bye
221 Goodbye.
[root@mail ~]#
2.超级守护进程
[root@mail xinetd.d]# vim /etc/vsftpd/vsftpd.conf
109 listen=no
[root@mail xinetd.d]# pwd
/etc/xinetd.d
[root@mail xinetd.d]# cp tftp vsftp
[root@mail xinetd.d]# vim /etc/xinetd.d/vsftpd
service ftp
{
id =vsftpd
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd/vsftpd.conf
disable = no
accesss_times =8:00-20:00
}
[root@mail xinetd.d]# service xinetd restart
3.user–list列表
[root@mail ~]# vim /etc/vsftpd/vsftpd.conf
116 pam_service_name=vsftpd
117 userlist_enable=YES
118 userlist_deny=YES —启用deny表里的用户不能访问,其他用户可以
119 tcp_wrappers=YES
"/etc/vsftpd/vsftpd.conf" 119L, 4452C written
[root@mail ~]# vim /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
user1
~
~
"/etc/vsftpd/user_list" 21L, 367C written
[root@mail ~]# service vsftpd restart
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user1
530 Permission denied.
Login failed.
ftp> bye
221 Goodbye.
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
[root@mail ~]# vim /etc/vsftpd/vsftpd.conf
userlist_enable=YES
userlist_deny=NO –进列表里的用户可以访问,其他用户被拒绝
[root@mail ~]# service vsftpd restart
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp>
ftp> bye
221 Goodbye.
[root@mail ~]#
[root@mail ~]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 Welcome to lwy’s FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): user2
530 Permission denied.
Login failed.
ftp> bye
221 Goodbye.
[root@mail ~]#
4.防火墙
[root@mail ~]# vim /etc/vsftpd/vsftpd.conf
tcp_wrappers=YES
[root@mail ~]# vim /etc/hosts.allow
vsftpd:192.168.101.177:allow
#可以写deny的策略
#vsftpd:192.168.101.10:deny
"/etc/hosts.allow" 6L, 188C written
[root@mail ~]# vim /etc/hosts.deny
vsftpd:all:deny
"/etc/hosts.deny" 9L, 362C written
[root@mail ~]# service vsftpd restart
测试:
–允许通过的主机
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.101.177
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.101.254
C:\Documents and Settings\Administrator>ftp 192.168.101.9
Connected to 192.168.101.9.
220 Welcome to lwy’s FTP service.
User (192.168.101.9:(none)): user2
331 Please specify the password.
Password:
230 Login successful.
ftp>
–被拒绝的主机
650) this.width=650;” src=”http://cdn.verydemo.com/upload/2013_04_28/13670955947490.jpg” small=”0″ alt=”” />
一抹茶色阳光
平平淡淡才是真
