Xx VSFTPD
The vsftpd package contains a very secure and very small FTP daemon. This is useful for serving files over a network.
VSFTPD软件包兼安全与小巧集一身的FTP守护进程,这对于通用的网络来说很有用。
This package is known to build and work properly using an LFS-10.1 platform.
这个包可以使用LFS-10.1平台正常构建和工作。
Ax VSFTPD安装与配置
安装 apt-get install vsftpd
开启服务 service vsftpd start
核心配置文件 vim /etc/vsftpd.conf
用户文件 vim /etc/ftpusers
核心文件
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon(守护进程) more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
# |---匿名登入FTP,默认关闭,确实,关闭安全一点
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# |---本地登入
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
# |---任何形式的FTP写入命令
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# |---本地是077,如果想改成022,打开
#local_umask=022
# 这个022是权限的一种写法,umask意思是禁止使用某种权限。
# 022 ----w--w- 077 ---rwxrwx
# 那么反过来可以执行的权限为 rwxr-xr-x rwx------ 022表示上传文件所具有的权限
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# |---允许匿名用户上传
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
# |---允许匿名用户创建,写入
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# |---#激活目录消息-当远程用户进入某个目录时给他们的消息。
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
# |---显示本地时间吧
use_localtime=YES
#
# Activate logging of uploads/downloads.
# |--开启日志
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
# |---如果你愿意,你可以安排上传的匿名文件被拥有
#不同的用户,不推荐使用root
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
# |--- 日志的路径
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
# |---将日志文件设置为xferlog格式
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
# |---使用utf8格式文件系统。
utf8_filesystem=YES
Bx FTP命令
NAME
ftp — Internet file transfer program
SYNOPSIS
ftp [-46pinegvd] [host [port]]
pftp [-46inegvd] [host [port]]
DESCRIPTION
Ftp is the user interface to the Internet standard File Transfer Protocol. The program allows a user to transfer files to and from a remote network site.
Options may be specified at the command line, or to the command interpreter.
-4 Use only IPv4 to contact any host.
-6 Use IPv6 only.
-p Use passive mode for data transfers. Allows use of ftp in environments where a firewall prevents connections from the outside world back to the client machine. Requires that the ftp server
support the PASV command. This is the default if invoked as pftp.
-i Turns off interactive prompting during multiple file transfers.
-n Restrains ftp from attempting “auto-login” upon initial connection. If auto-login is enabled, ftp will check the .netrc (see netrc(5)) file in the user's home directory for an entry de‐
scribing an account on the remote machine. If no entry exists, ftp will prompt for the remote machine login name (default is the user identity on the local machine), and, if necessary,
prompt for a password and an account with which to login.
-e Disables command editing and history support, if it was compiled into the ftp executable. Otherwise, does nothing.
-g Disables file name globbing.
-v Verbose option forces ftp to show all responses from the remote server, as well as report on data transfer statistics.
-d Enables debugging.
The client host and an optional port number with which ftp is to communicate may be specified on the command line. If this is done, ftp will immediately attempt to establish a connection to an
FTP server on that host; otherwise, ftp will enter its command interpreter and await instructions from the user. When ftp is awaiting commands from the user the prompt ‘ftp>’ is provided to the
user. The following commands are recognized by ftp:
! [command [args]]
Invoke an interactive shell on the local machine. If there are arguments, the first is taken to be a command to execute directly, with the rest of the arguments as its arguments.
$ macro-name [args]
Execute the macro macro-name that was defined with the macdef command. Arguments are passed to the macro unglobbed.
account [passwd]
Supply a supplemental password required by a remote system for access to resources once a login has been successfully completed. If no argument is included, the user will be
prompted for an account password in a non-echoing input mode.
append local-file [remote-file]
Append a local file to a file on the remote machine. If remote-file is left unspecified, the local file name is used in naming the remote file after being altered by any ntrans or
nmap setting. File transfer uses the current settings for type, format, mode, and structure.
ascii Set the file transfer type to network ASCII. This is the default type.
bell Arrange that a bell be sounded after each file transfer command is completed.
binary Set the file transfer type to support binary image transfer.
bye Terminate the FTP session with the remote server and exit ftp. An end of file will also terminate the session and exit.
case Toggle remote computer file name case mapping during mget commands. When case is on (default is off), remote computer file names with all letters in upper case are written in the
local directory with the letters mapped to lower case.
cd remote-directory
Change the working directory on the remote machine to remote-directory.
cdup Change the remote machine working directory to the parent of the current remote machine working directory.
chmod mode file-name
Change the permission modes of the file file-name on the remote system to mode.
close Terminate the FTP session with the remote server, and return to the command interpreter. Any defined macros are erased.
cr Toggle carriage return stripping during ascii type file retrieval. Records are denoted by a carriage return/linefeed sequence during ascii type file transfer. When cr is on (the
default), carriage returns are stripped from this sequence to conform with the UNIX single linefeed record delimiter. Records on non-UNIX remote systems may contain single line‐
feeds; when an ascii type transfer is made, these linefeeds may be distinguished from a record delimiter only when cr is off.
qc Toggle the printing of control characters in the output of ASCII type commands. When this is turned on, control characters are replaced with a question mark if the output file is
the standard output. This is the default when the standard output is a tty.
delete remote-file
Delete the file remote-file on the remote machine.
debug [debug-value]
Toggle debugging mode. If an optional debug-value is specified it is used to set the debugging level. When debugging is on, ftp prints each command sent to the remote machine, pre‐
ceded by the string ‘-->’
dir [remote-directory] [local-file]
Print a listing of the directory contents in the directory, remote-directory, and, optionally, placing the output in local-file. If interactive prompting is on, ftp will prompt the
user to verify that the last argument is indeed the target local file for receiving dir output. If no directory is specified, the current working directory on the remote machine is
used. If no local file is specified, or local-file is -, output comes to the terminal.
disconnect A synonym for close.
form format
Set the file transfer form to format. The default format is “file”.
get remote-file [local-file]
Retrieve the remote-file and store it on the local machine. If the local file name is not specified, it is given the same name it has on the remote machine, subject to alteration by
the current case, ntrans, and nmap settings. The current settings for type, form, mode, and structure are used while transferring the file.
glob Toggle filename expansion for mdelete, mget and mput. If globbing is turned off with glob, the file name arguments are taken literally and not expanded. Globbing for mput is done
as in csh(1). For mdelete and mget, each remote file name is expanded separately on the remote machine and the lists are not merged. Expansion of a directory name is likely to be
different from expansion of the name of an ordinary file: the exact result depends on the foreign operating system and ftp server, and can be previewed by doing ‘mls remote-files -’
Note: mget and mput are not meant to transfer entire directory subtrees of files. That can be done by transferring a tar(1) archive of the subtree (in binary mode).
hash [increment]
Toggle hash-sign (``#'') printing for each transferred data block, but only in the absence of an argument. The size of a data block is set to 1024 bytes by default, but can be
changed by the argument increment, which also accepts the suffixed multipliers 'k' and 'K' for kilobytes, 'm' and 'M' for Megabytes, and finally 'g' and 'G' for Gigabytes. Setting a
size activates hash printing unconditionally.
help [command]
Print an informative message about the meaning of command. If no argument is given, ftp prints a list of the known commands.
idle [seconds]
Set the inactivity timer on the remote server to seconds seconds. If seconds is omitted, the current inactivity timer is printed.
ipany Allow the address resolver to return any address family.
ipv4 Restrict the address resolver to look only for IPv4 addresses.
ipv6 Restrict host adressing to IPv6 only.
lcd [directory]
Change the working directory on the local machine. If no directory is specified, the user's home directory is used.
ls [remote-directory] [local-file]
Print a listing of the contents of a directory on the remote machine. The listing includes any system-dependent information that the server chooses to include; for example, most
UNIX systems will produce output from the command ‘ls -l’. (See also nlist.) If remote-directory is left unspecified, the current working directory is used. If interactive prompt‐
ing is on, ftp will prompt the user to verify that the last argument is indeed the target local file for receiving ls output. If no local file is specified, or if local-file is ‘-’,
the output is sent to the terminal.
macdef macro-name
Define a macro. Subsequent lines are stored as the macro macro-name; a null line (consecutive newline characters in a file or carriage returns from the terminal) terminates macro
input mode. There is a limit of 16 macros and 4096 total characters in all defined macros. Macros remain defined until a close command is executed. The macro processor interprets
`$' and `\' as special characters. A `$' followed by a number (or numbers) is replaced by the corresponding argument on the macro invocation command line. A `$' followed by an `i'
signals that macro processor that the executing macro is to be looped. On the first pass `$i' is replaced by the first argument on the macro invocation command line, on the second
pass it is replaced by the second argument, and so on. A `\' followed by any character is replaced by that character. Use the `\' to prevent special treatment of the `$'.
mdelete [remote-files]
Delete the remote-files on the remote machine.
mdir remote-files local-file
Like dir, except multiple remote files may be specified. If interactive prompting is on, ftp will prompt the user to verify that the last argument is indeed the target local file
for receiving mdir output.
mget remote-files
Expand the remote-files on the remote machine and do a get for each file name thus produced. See glob for details on the filename expansion. Resulting file names will then be pro‐
cessed according to case, ntrans, and nmap settings. Files are transferred into the local working directory, which can be changed with ‘lcd directory’; new local directories can be
created with ‘! mkdir directory’.
mkdir directory-name
Make a directory on the remote machine.
mls remote-files local-file
Like nlist, except multiple remote files may be specified, and the local-file must be specified. If interactive prompting is on, ftp will prompt the user to verify that the last ar‐
gument is indeed the target local file for receiving mls output.
mode [mode-name]
Set the file transfer mode to mode-name. The default mode is “stream” mode.
modtime file-name
Show the last modification time of the file on the remote machine.
mput local-files
Expand wild cards in the list of local files given as arguments and do a put for each file in the resulting list. See glob for details of filename expansion. Resulting file names
will then be processed according to ntrans and nmap settings.
newer file-name [local-file]
Get the file only if the modification time of the remote file is more recent that the file on the current system. If the file does not exist on the current system, the remote file
is considered newer. Otherwise, this command is identical to get.
nlist [remote-directory] [local-file]
Print a list of the files in a directory on the remote machine. If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftp
will prompt the user to verify that the last argument is indeed the target local file for receiving nlist output. If no local file is specified, or if local-file is -, the output is
sent to the terminal.
nmap [inpattern outpattern]
Set or unset the filename mapping mechanism. If no arguments are specified, the filename mapping mechanism is unset. If arguments are specified, remote filenames are mapped during
mput commands and put commands issued without a specified remote target filename. If arguments are specified, local filenames are mapped during mget commands and get commands issued
without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer with different file naming conventions or practices. The mapping
follows the pattern set by inpattern and outpattern. [Inpattern] is a template for incoming filenames (which may have already been processed according to the ntrans and case set‐
tings). Variable templating is accomplished by including the sequences `$1', `$2', ..., `$9' in inpattern. Use `\' to prevent this special treatment of the `$' character. All
other characters are treated literally, and are used to determine the nmap [inpattern] variable values. For example, given inpattern $1.$2 and the remote file name "mydata.data", $1
would have the value "mydata", and $2 would have the value "data". The outpattern determines the resulting mapped filename. The sequences `$1', `$2', ...., `$9' are replaced by any
value resulting from the inpattern template. The sequence `$0' is replace by the original filename. Additionally, the sequence ‘[seq1, seq2]’ is replaced by [seq1] if seq1 is not a
null string; otherwise it is replaced by seq2. For example, the command
nmap $1.$2.$3 [$1,$2].[$2,file]
would yield the output filename "myfile.data" for input filenames "myfile.data" and "myfile.data.old", "myfile.file" for the input filename "myfile", and "myfile.myfile" for the in‐
put filename ".myfile". Spaces may be included in outpattern, as in the example: `nmap $1 sed "s/ *$//" > $1' . Use the `\' character to prevent special treatment of the
`$','[','[', and `,' characters.
ntrans [inchars [outchars]]
Set or unset the filename character translation mechanism. If no arguments are specified, the filename character translation mechanism is unset. If arguments are specified, charac‐
ters in remote filenames are translated during mput commands and put commands issued without a specified remote target filename. If arguments are specified, characters in local
filenames are translated during mget commands and get commands issued without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer
with different file naming conventions or practices. Characters in a filename matching a character in inchars are replaced with the corresponding character in outchars. If the
character's position in inchars is longer than the length of outchars, the character is deleted from the file name.
open host [port]
Establish a connection to the specified host FTP server. An optional port number may be supplied, in which case, ftp will attempt to contact an FTP server at that port. If the
auto-login option is on (default), ftp will also attempt to automatically log the user in to the FTP server (see below).
prompt Toggle interactive prompting. Interactive prompting occurs during multiple file transfers to allow the user to selectively retrieve or store files. If prompting is turned off (de‐
fault is on), any mget or mput will transfer all files, and any mdelete will delete all files.
proxy ftp-command
Execute an ftp command on a secondary control connection. This command allows simultaneous connection to two remote ftp servers for transferring files between the two servers. The
first proxy command should be an open, to establish the secondary control connection. Enter the command "proxy ?" to see other ftp commands executable on the secondary connection.
The following commands behave differently when prefaced by proxy: open will not define new macros during the auto-login process, close will not erase existing macro definitions, get
and mget transfer files from the host on the primary control connection to the host on the secondary control connection, and put, mput, and append transfer files from the host on the
secondary control connection to the host on the primary control connection. Third party file transfers depend upon support of the ftp protocol PASV command by the server on the sec‐
ondary control connection.
put local-file [remote-file]
Store a local file on the remote machine. If remote-file is left unspecified, the local file name is used after processing according to any ntrans or nmap settings in naming the re‐
mote file. File transfer uses the current settings for type, format, mode, and structure.
pwd Print the name of the current working directory on the remote machine.
quit A synonym for bye.
quote arg1 arg2 ...
The arguments specified are sent, verbatim, to the remote FTP server.
recv remote-file [local-file]
A synonym for get.
reget remote-file [local-file]
Reget acts like get, except that if local-file exists and is smaller than remote-file, local-file is presumed to be a partially transferred copy of remote-file and the transfer is
continued from the apparent point of failure. If local-file does not exist ftp won't fetch the file. This command is useful when transferring very large files over networks that
are prone to dropping connections.
remotehelp [command-name]
Request help from the remote FTP server. If a command-name is specified it is supplied to the server as well.
remotestatus [file-name]
With no arguments, show status of remote machine. If file-name is specified, show status of file-name on remote machine.
rename [from] [to]
Rename the file from on the remote machine, to the file to.
reset Clear reply queue. This command re-synchronizes command/reply sequencing with the remote ftp server. Resynchronization may be necessary following a violation of the ftp protocol by
the remote server.
restart marker
Restart the immediately following get or put at the indicated marker. On UNIX systems, marker is usually a byte offset into the file.
rmdir directory-name
Delete a directory on the remote machine.
runique Toggle storing of files on the local system with unique filenames. If a file already exists with a name equal to the target local filename for a get or mget command, a ".1" is ap‐
pended to the name. If the resulting name matches another existing file, a ".2" is appended to the original name. If this process continues up to ".99", an error message is
printed, and the transfer does not take place. The generated unique filename will be reported. Note that runique will not affect local files generated from a shell command (see be‐
low). The default value is off.
send local-file [remote-file]
A synonym for put.
sendport Toggle the use of PORT commands. By default, ftp will attempt to use a PORT command when establishing a connection for each data transfer. The use of PORT commands can prevent de‐
lays when performing multiple file transfers. If the PORT command fails, ftp will use the default data port. When the use of PORT commands is disabled, no attempt will be made to
use PORT commands for each data transfer. This is useful for certain FTP implementations which do ignore PORT commands but, incorrectly, indicate they've been accepted.
site arg1 arg2 ...
The arguments specified are sent, verbatim, to the remote FTP server as a SITE command.
size file-name
Return size of file-name on remote machine.
status Show the current status of ftp.
struct [struct-name]
Set the file transfer structure to struct-name. By default “stream” structure is used.
sunique Toggle storing of files on remote machine under unique file names. Remote ftp server must support ftp protocol STOU command for successful completion. The remote server will report
unique name. Default value is off.
system Show the type of operating system running on the remote machine.
tenex Set the file transfer type to that needed to talk to TENEX machines.
trace Toggle packet tracing.
type [type-name]
Set the file transfer type to type-name. If no type is specified, the current type is printed. The default type is network ASCII.
umask [newmask]
Set the default umask on the remote server to newmask. If newmask is omitted, the current umask is printed.
user user-name [password] [account]
Identify yourself to the remote FTP server. If the password is not specified and the server requires it, ftp will prompt the user for it (after disabling local echo). If an account
field is not specified, and the FTP server requires it, the user will be prompted for it. If an account field is specified, an account command will be relayed to the remote server
after the login sequence is completed if the remote server did not require it for logging in. Unless ftp is invoked with “auto-login” disabled, this process is done automatically on
initial connection to the FTP server.
verbose Toggle verbose mode. In verbose mode, all responses from the FTP server are displayed to the user. In addition, if verbose is on, when a file transfer completes, statistics regard‐
ing the efficiency of the transfer are reported. By default, verbose is on.
? [command]
A synonym for help.
Command arguments which have embedded spaces may be quoted with quote `"' marks.
常用命令
! delete literal prompt send
? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary glob mkdir recv verbose
bye hash mls remotehelp
cd help mput rename
close lcd open rmdir
解释
bye # 结束
cd # 进入
open # 打开
close # 关闭
quote # 模式 PORT 或 PASV
# 查看目录
ls
dir
help # 帮助
lcd # 本机目录
pwd # FTP目录
rename # 改名
mkdir # 创建文件
delete # 删除文件
user # 登入某用户