[画像:[LinuxFocus-icon]]
<-- | 遍匈 | 嫋泣仇夕 | 沫哈 | 朴沫
仟療 | 狛吏豚侵 | 全俊 | 購噐LF
This document is available in: English ChineseGB Deutsch Francais Italiano Nederlands Russian Turkce Polish

[画像:[Photo of the Author]]
by Mario M. Knopf
<netzmeister/at/neo5k/dot/org>

購噐恬宀:

Mario 參脱噐 Linux、利大才凪万芦畠屢購議三籾葎赤。壓匍噫扮寂?麿略擦彭曾倖利嫋?neo5k.orglinuxwallpapers.de.


朕村:

vsftpd - Very Secure FTP Daemon 酒初

[画像:vsftp]

姜勣:

宸鐙猟嫗頁"Very Secure FTP Daemon" 議児云初府。遍枠?厘氏間待仇初府 FTP 才 vsftpd。岻朔?厘断繍氏僥楼 vsftp 便擦殻會?deamon?議芦廾、譜崔才尼強歌方。恷朔?厘断珊勣序佩匯倖弌弌議孔嬬霞編。

_________________ _________________ _________________

古峰

猟周勧補亅咏(FTP)議朕議頁壓札選利貧序佩峠岬涙購議方象勧補?万児噐匯倖人薩字/捲暦匂尺更。RFC 959[1] 号協 FTP 繍宥狛曾倖佚祇?極笥?勧補?匯倖勧補方象?TCP 極笥 20??総匯倖勧補陣崙佚連?TCP 極笥 21?。壓陣崙佚祇岻貧?褒圭?人薩字才捲暦匂?住算喘噐窟軟方象勧補議凋綜。
匯倖 FTP 銭俊淫根4倖化帶?

FTP 議銭俊陣崙聞喘 TCP ?Transmission Control Protocol, 勧補陣崙亅咏??万隠嬾阻方象議辛真勧補。咀緩?FTP 壓方象勧補嶄音俶勣購伉蛍怏卿払才方象危列殊霞。咀葎 TCP 隠嬾阻耽倖蛍怏脅梓孚乏會議、短嗤危列議、涙嶷鹸議欺器。

FTP 嶄功象窟僕圭塀議音揖蛍葎嗤眉嶽音揖議勧補窃侏?送(stream)庁塀參 end-of-file (EOF) 炎崗勧補議潤崩?総曾嶽勧補庁塀參 end-of-record (EOR) 栖炎崗勧補議潤崩

総翌珊嗤曾嶽音揖議勧補庁塀:

ASCII 庁塀喘噐猟云猟周議勧補?遇屈序崙庁塀喘噐殻會才窃貌議方象議勧補。喘薩音俶勣僉夲蒙協議勧補庁塀?孖壓侭嗤議人薩極脅辛參紛艶勧補議猟周議窃侏徭強俳算庁塀。

授幡喘議喘薩兆才畜鷹脅頁聞喘苧猟勧補議?宸頁匯倖掲械冢嶷議芦畠咨纂。宸匆頁匯乂嗤購FTP議芦畠議深打議竃窟泣。1997 定10埖?RFC2228[2] 嶮噐窟下阻?万協吶阻 FTP 議芦畠來温割号袈。

vsftpd

vsftpd 頁匯倖 UNIX 窃荷恬狼由貧塰佩議捲暦匂議兆忖?万辛參塰佩壓幗泌 Linux, BSD, Solaris, HP-UX 參式 IRIX 貧中。万屶隔載謹凪麿議 FTP 捲暦匂音屶隔議蒙尢。曳泌?

vsftpd 議兆忖旗燕"very secure FTP daemon", 芦畠頁万議蝕窟宀 Chris Evans 深打議遍勣諒籾岻匯。壓宸倖 FTP 捲暦匂譜柴蝕窟議恷蝕兵議扮昨?互芦畠來祥頁匯倖朕炎。

匯倖箭徨祥頁 vsftpd 頁壓 chroot 庁塀和垢恬議?chroot 庁塀祥頁葎殻會?宸戦祥頁 vsftpd 阻?汽鏡峺協匯倖仟議朕村?万匆祥音嬬恵諒椎倖朕村岻翌議殻會才猟周阻 --- 侭參宸匆各葎^瓜迄貧議 ?。匯倖辛嬬瓜捻壓議好似宀篤撒議 FTP 捲暦匂繍瓜貫狼由議凪麿何蛍鏡羨蝕栖?貫遇閲窒阻厚寄議鱒払。嗤購 chroot 議厚謹佚連辛參壓和円議猟嫗[3]嶄誼欺。泌惚艇斤噐 vsftpd 議凪麿芦畠字崙嗤佶箸?容呪堋響猟嫗 [4]。

喇噐嗤阻泌緩謹議蒙來?凪嶄 FTP 捲暦議芦畠來哘乎頁恷嶷勣議?vsftpd 曳凪麿 FTP 捲暦匂厚紗單埆。WU-FTPD[5] 壓宸戦辛參瓜篇恬匯倖郡中議箭徨?咀葎万壓狛肇議叱定嶄竃孖阻湊謹議芦畠髪尣。

芦廾

vsftpd 便擦殻會議芦廾屢輝酒汽?壓耽倖麼勣窟佩井嶄低脅辛參孀欺 vsftpd 議 RPM 淫?載謹秤趨和?万厮将瓜廾貧阻。泌惚短嗤議三?坿旗鷹辛參壓 [6] 孀欺?隼朔返垢芦廾。

誼欺坿旗鷹旺盾蝕 tarball 朔?序秘仟秀議朕村朕村旺塰佩 make。和中頁駅勣議凋綜議幣箭?

neo5k@phobos> tar xzvf vsftpd-x.x.x.tar.gz
neo5k@phobos> cd vsftpd-x.x.x
neo5k@phobos> make

宸岻念厘断哘乎心心喘薩 "nobody" 才朕村 "/usr/share/empty" 頁倦贋壓?泌惚俶勣議三厘断祥仟秀宸倖喘薩才宸倖朕村。泌惚厘断塋俯喘薩停兆恵諒?喘薩 "ftp" 才朕村"/var/ftp" 匆俶勣幹秀。宸辛參喘泌和曾倖凋綜頼撹?

neo5k@phobos> mkdir /var/ftp
neo5k@phobos> useradd -d /var/ftp ftp

喇噐芦畠圻咀?朕村 "/var/ftp" 音哘乎奉噐喘薩 "ftp"?匆音哘乎嗤亟幡尫。泌惚喘薩厮将贋壓阻議三?喘和中議曾倖凋綜?厘断辛參個延朕村議侭嗤宀旺肇渠凪麿喘薩議亟幡尫?

neo5k@phobos> chown root.root /var/ftp
neo5k@phobos> chmod og-w /var/ftp

器欺阻侭嗤議枠畳訳周朔?厘断辛參芦廾 vsftp-daemon 阻:

neo5k@phobos> make install

殻會才 manpage 哘乎厮将瓜申唄欺狼由嶄議屎鳩議了崔阻。泌惚竃孖阻呟械秤趨?醍軍匯泣議返垢申唄匆辛參頼撹宸?垢恬。

neo5k@phobos> cp vsftpd /usr/sbin/vsftpd
neo5k@phobos> cp vsftpd.conf.5 /usr/share/man/man5
neo5k@phobos> cp vsftpd.8 /usr/share/man/man8

孖壓厘断議塘崔猟周議箭徨珊短嗤申唄椿 --- 万氏斑厘断議初府厚酒汽匯乂 --- 厘断俶勣返垢申唄?

neo5k@phobos> cp vsftpd.conf /etc

塘崔

塘崔猟周辛參壓"/etc/vsftpd.conf"孀欺。才寄謹方塘崔猟周匯劔?vsftpd 議塘崔猟周嶄參 # 蝕兵廣瞥。

# Comment line

匯倖塘崔議箭徨頁宸劔議?

# Anonymus FTP-access permitted? YES/NO
anonymous_enable=NO

# Permit anonymus upload? YES/NO
anon_upload_enable=NO

# Permission for anonymus users to make new directories? YES/NO
anon_mkdir_write_enable=NO

# Permission for anonymus users to do other write operations - like renaming or deleting? YES/NO
anon_other_write_enable=NO

# Log on by local users permitted? YES/NO
local_enable=YES

# Shall local users be locked into their home directory? YES/NO
chroot_local_user=YES

# Highest permitted data transfer rate in bytes per second for local logged on users. Default = 0 (unlimited)
local_max_rate=7200

# General write permission? YES/NO
write_enable=YES

# Enable messages when changing directories? YES/NO
dirmessage_enable=YES

# Welcome banner at users logon.
ftpd_banner="Welcome to neo5k's FTP service."

# Activate logging? YES/NO
xferlog_enable=YES

# Logging of all FTP activities? YES/NO
# Careful! This can generate large quantities of data.
log_ftp_protocol=NO

# Confirm connections are established on port 20 (ftp data) only. YES/NO
connect_from_port_20=YES

# Timeout during idle sessions
idle_session_timeout=600

# Data connection timeout
data_connection_timeout=120

# Access through Pluggable Authentication Modules (PAM)
pam_service_name=vsftpd

# Standalone operation? YES/NO - depending on operation mode (inetd, xinetd, Standalone)
# The author's FTP service is being startet with xinetd, therefore the value here is NO.
listen=NO

蝕兵 FTP 捲暦

vsftpd 辛參垢恬壓眉嶽圭塀。聞喘 inetdxinetd?珊嗤鏡羨?standalone?垢恬庁塀。

inetd

勣斑 FTP 捲暦宥狛 inetd 荷恬?厘断勣聞喘匯倖園辞匂嬉蝕塘崔猟周 "/etc/inetd.conf"?

neo5k@phobos> vi /etc/inetd.conf

厘断孀欺購噐 FTP 匍暦議椎佩?旺肇渠 vsftpd 宸?念中議廣瞥憲催。泌惚短嗤宸担匯?議三?厘断祥紗貧宸?。岻朔厘断勣嶷仟尼強 inetd。宸?哘乎頁宸劔議? 
# ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd

xinetd

秀咏聞喘 xinetd 尼強 vsftp daemon ?万曳 inetd 厚紗孖旗。淫凄幗泌萩箔芝村、恵諒陣崙、繍匍暦嚥利大俊笥鰯協吉個序。[7] 頁匯倖掲械音危議購噐 xinetd 議初府。俐個岻朔?嶷尼xinetd 頁駅勣議。xinetd 議塘崔哘乎頁宸倖劔徨議? 
# vsftp daemon.
service ftp
{
 disable = no
 socket_type = stream
 wait = no
 user = root
 server = /usr/sbin/vsftpd
 per_source = 5
 instances = 200
 no_access = 192.168.1.3
 banner_fail = /etc/vsftpd.busy_banner
 log_on_success += PID HOST DURATION
 log_on_failure += HOST
 nice = 10
}

Standalone Operation

vsftp匆辛參垢恬壓鏡羨垢恬庁塀和。宸劔?厘断俶勣壅肝嬉蝕 "/etc/vsftpd.conf" 恂泌和個強?

# Shall the vsftp daemon run in standalone operation? YES/NO
listen=YES

壓宸?譜崔岻朔?便擦序殻辛參喘泌和圭塀尼強

neo5k@phobos> /usr/sbin/vsftpd &

泌惚殻會塰佩揃抄議譜崔頁屎鳩議?和中議凋綜祥辛參尼強捲暦匂阻

neo5k@phobos> vsftpd &

斤噐朔匯嶽圭塀?厘断辛參宸劔心揃抄譜崔頁倦屎鳩

neo5k@phobos> echo $PATH
/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin

壓鏡羨垢恬庁塀?厘断駅倬隠屬 vsftp daemon 短嗤瓜inetdxinetd 尼強。

荷恬霞編

壓撹孔仇芦廾才塘崔岻朔?厘断辛參及匯肝恵諒宸倖 FTP 捲暦匂阻。 
neo5k@phobos> ftp phobos
Connected to phobos
220 "Welcome to neo5k's FTP service."
Name (phobos:neo5k): testuser
331 Please specify the password.
Password:
230 Login successful
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -l
229 Entering Extended Passive Mode
150 Here comes the directory listing
drwxr-xr-x 11 500 100 400 May 07 16:22 docs
drwxr-xr-x 9 500 100 464 Feb 01 23:05 hlds
drwxr-xr-x 39 500 100 4168 May 10 09:15 projects
226 Directory send OK.
ftp>

潤胎

厘断廣吭欺?vsftp daemon 議芦廾才塘崔脅載酒汽?徽万戻工阻載謹蒙來才載互議芦畠來。

輝隼?宸倖初府叙叙頁斤 vsftpd 戻工議桟廠議匯導?宸倖 FTP 捲暦匂珊戻工阻寄楚議辛工譜崔議僉?。泌惚低?勣厚序匯化冩梢 vsftpd 議三?哘乎恵諒?朕議麼匈[6]旺堋響厚序匯化議猟亀。

全俊

[1] ftp://ftp.rfc-editor.org/in-notes/rfc959.txt [RFC 959 - File Transfer Protocol]
[2] ftp://ftp.rfc-editor.org/in-notes/rfc2228.txt [RFC 2228 - FTP Security Extensions]
[3] linuxfocus.org: article225, January2002 [chroot]
[4] http://vsftpd.beasts.org/DESIGN [Security vsftpd]
[5] http://www.wu-ftpd.org/ [WU-FTPD]
[6] http://www.vsftpd.beasts.org/ [Home of vsftpd]
[7] linuxfocus.org: article 175, November2000 [xinetd]

斤宸鐙猟嫗窟燕得胎

耽鐙猟嫗脅嗤光徭議郡澄匈中。壓宸倖匈中戦?艇辛參戻住得胎?匆辛參臥心凪麿響宀議得胎?
郡澄匈中
<--, back to the index of this issue
麼匈喇LinuxFocus園辞怏略擦
© Mario M. Knopf, FDL
LinuxFocus.org 		鍬咎佚連:
de --> -- : Mario M. Knopf <netzmeister/at/neo5k/dot/org>
de --> en: Jürgen Pohl <sept.sapins/at/verizon.net>
en --> cn: 藍假 <wangxu(at)linuxfocus.org>

2004年07月10日, generated by lfparser version 2.46

AltStyle によって変換されたページ (->オリジナル) /