关于VSFTPD的用户,可分为三类用户:
1.匿名帐户: anonymous。 权限使用anon_XXX控制。
2.本地帐户:完全取决于本地帐户的权限。
3.虚拟账户:vsftpd手册里说权限和匿名帐户相同,但是测试发现与anonymous的部分行为不同,比较琐碎。
关于vsftpd的用法参见:
1.FAQ: https://security.appspot.com/vsftpd/FAQ.txt
2.上一篇配置说明:http://blog.csdn.net/yunhuang2010/article/details/6950830
3。conf文件:
# listen=YES connect_from_port_20=YES # limit max clients max_clients=100 anonymous_enable=YES #anonymous user root anon_root=/ftp/pub # if it is set, anonymous users will be permitted # to perform write operations other than upload # and create directory, such as deletion and renaming # ***** can rename and delete files anon_other_write_enable=YES # enbale upload, virtual user treated as anonymous user, # so it also require to set Yes when virtaul user needs upload # ***** can upload files anon_upload_enable=YES # enable anonymous to mkdir, also require write_enable=Yes # ***** can mkdir and delete folders anon_mkdir_write_enable=YES # when enabled, anonymous users will only be allowed to download files anon_world_readable_only=NO # If enabled, all anonymously uploaded files will have the # ownership changed to the user specified in the setting chown_username chown_uploads=YES chown_username=ftp-admin # must enable to allow local user(include virtual user) to login local_enable=YES # local_umask=022 # write_enable=YES # local_root=/ftp/$USER user_sub_token=$USER # This is the name of the user that is used by vsftp # when it wants to be totally unprivileged # nopriv_user=vsftpd nopriv_user=ftp # chroot chroot_local_user=YES # point new configuration file for each user, some options # can not affect by this because they are whole-control ones # such as listen_address, banner_file, max_per_ip, # max_clients, xferlog_file, etc user_config_dir=/etc/vsftpd_user_conf # virtual user, If enabled, all non-anonymous logins are classed as "guest" logins. guest_enable=YES guest_username=vsftpd # If enabled, virtual users will use the same privileges as local users. By default, # virtual users will use the same privileges as anonymous users, which tends to be more # restrictive (especially in terms of write access) virtual_use_local_privs=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/vsftpd.pem dirmessage_enable=YES banner_file=/etc/vsftpd_banner syslog_enable=NO log_ftp_protocol=YES xferlog_std_format=NO xferlog_enable=YES vsftpd_log_file=/var/log/vsftpd/vsftpd.log xferlog_file=/var/log/vsftpd/xferlog.log data_connection_timeout=15
virtual_use_local_privs=YES什么意思? 设为YES所有虚拟用户使用用户vsftpd的权限;设为NO,所有虚拟用户使用anonymous权限?