[ ftp ] ubuntu 安裝 ftp 與設定權限

本篇主要是和大家分享如何在 ubuntu 上安裝 ftp,並透過 ftp 上傳靜態網頁資料,透過 soft link 至 apache 網頁伺服器資料夾,並設定其相關權限。

安裝 ftp server

vsftpd 為 Linux 下非常普及的 ftp 伺服器,大部份企業安裝後,可以讓使用者登入,上傳/下載資料、刪除資料,並共用這些資料夾。

1. 透過 apt 安裝 vsftpd

sudo apt-get install vsftpd libpam-pwdfile  

2. 更新 ftp config 檔案

sudo vi /etc/vsftpd.conf  
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# 關掉匿名連線
anonymous_enable=NO  
#
# Uncomment this to allow local users to log in.
local_enable=YES  
#
# Uncomment this to enable any form of FTP write command.
# 支援檔案上傳
write_enable=YES  
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# 設定 local_umask=000 主要是為了讓透過 FTP 上傳的檔案的預設群組權限為「可寫入/修改/刪除」
local_umask=000  
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES  
#
# Activate logging of uploads/downloads.
xferlog_enable=YES  
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES  
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot
allow_writeable_chroot=YES  
chroot_local_user=YES  
# 設定 chroot_local_user=YES 之後,新版的 vsftpd 會限制根目錄不能開啟「寫入權限」
#chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list  
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES  
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty

# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp

#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem  
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key


# Disable delete commands
#cmds_denied=DELE,RMD
cmds_denied=RMD  
# 使指令無效
# DELE: 刪除檔案
# RMD: 刪除目錄

3. 新增一個不能登入 OS 的使用者

sudo useradd -M  -s /usr/sbin/nologin user1  

-M: Do not create the user's home directory.
-s: The name of the user's login shell.

4. 新增此 user1 帳號的密碼

sudo passwd user1  

5. 設定 ftp 上的密碼

sudo htpasswd -cd /etc/vsftpd.passwd user1  

6. 新增與設定資料夾權限

sudo mkdir /home/user1  
sudo chmod 777 /home/user1  
sudo mkdir /home/user1/uploads  
sudo chmod 777 /home/user1/uploads  
sudo chown user1:ftp -R /home/user1  

由於新版 vsftpd 的限制,透過 chroot 限制的帳號,登入 FTP 時會要求根目錄不能有任何「寫入權限」,否則會出現 500 OOPS: vsftpd: refusing to run with writable root inside chroot() 的錯誤訊息!

因此需要在 config ,將 localumask=000 及 cmdsdenied=RMD 改掉(上述第二部的 config 已修改過)

設定完成後,可以透過下列指令確認權限是否更改正確

ls -laF /home/mysite/  

7. 重新啟動 vsftpd 服務

/etc/init.d/vsftpd restart

我這裡實作的情境是需要透過 ftp 上傳靜態網頁內容到 ftp 底下的資料夾,然後在 apache 網頁伺服器下建 soft link 連結到 ftp 底下的資料夾,當資料夾內容有更新,靜態網頁也會隨之更新。

前置準備作業

  1. 安裝好的 Apache service
sudo ln -s /home/user1/KAILIInstall/ /var/www/html/  

完成後,即可到開啟瀏覽器打上你的 IP 位置,確認是否能讀取到網頁

系統環境版本資訊

  • Ubuntu 16.04

參考文獻

ALL RIGHTS RESERVED. COPYRIGHT © 2016. Designed and Coded by Makee.io