{"id":1213,"date":"2012-10-19T21:43:48","date_gmt":"2012-10-19T13:43:48","guid":{"rendered":"http:\/\/www.huzs.top\/?p=1213"},"modified":"2012-10-19T21:54:45","modified_gmt":"2012-10-19T13:54:45","slug":"ftp-%e6%9c%8d%e5%8a%a1%e5%99%a8%ef%bc%88vsftpd%ef%bc%89%e6%90%ad%e5%bb%ba%e9%b8%9f%e5%93%a5%e8%af%a6%e7%bb%86%e6%95%99%e6%9d%90","status":"publish","type":"post","link":"https:\/\/www.huzs.top\/?p=1213","title":{"rendered":"FTP \u670d\u52a1\u5668\uff08vsftpd\uff09\u642d\u5efa\u9e1f\u54e5\u8be6\u7ec6\u6559\u6750"},"content":{"rendered":"<table summary=\"\u6392\u7248\uff1a\u6587\u7ae0\u6863\u5934\u7684\u8bf4\u660e\"><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td>FTP (File Transfer Protocol) \u53ef\u8bf4\u662f\u6700\u53e4\u8001\u7684\u534f\u8bae\u4e4b\u4e00\u4e86\uff0c\u4e3b\u8981\u662f\u7528\u6765\u8fdb\u884c\u6863\u6848\u7684\u4f20\u8f93\uff0c\u5c24\u5176\u662f\u5927\u578b\u6863\u6848\u7684\u4f20\u8f93\u4f7f\u7528 FTP \u66f4\u662f\u65b9\u4fbf\uff01\u4e0d\u8fc7\uff0c\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u4f7f\u7528 FTP \u6765\u4f20\u8f93\u65f6\uff0c\u5176\u5b9e\u662f\u5177\u6709\u4e00\u5b9a\u7a0b\u5ea6\u7684\u300e\u5371\u9669\u6027\u300f\uff0c \u56e0\u4e3a\u6570\u636e\u5728\u56e0\u7279\u7f51\u4e0a\u9762\u662f\u5b8c\u5168\u6ca1\u6709\u53d7\u5230\u4fdd\u62a4\u7684\u300e\u660e\u7801\u300f\u4f20\u8f93\u65b9\u5f0f\uff01\u4f46\u662f\u5355\u7eaf\u7684 FTP \u670d\u52a1\u8fd8\u662f\u6709\u5176\u5fc5\u8981\u6027\u7684\uff0c\u4f8b\u5982\u5f88\u591a\u5b66\u6821\u5c31\u6709 FTP \u670d\u52a1\u5668\u7684\u67b6\u8bbe\u9700\u6c42\u554a\uff01<\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><!--more--><br \/>&nbsp;<\/p>\n<div>1 <a href=\"#theory\">FTP \u7684\u6570\u636e\u94fe\u8def\u539f\u7406<\/a><br \/>1.1 <a href=\"#theory_function\">FTP \u529f\u80fd\u7b80\u4ecb<\/a><br \/>1.2 <a href=\"#theory_port\">FTP \u7684\u8fd0\u4f5c\u6d41\u7a0b\u4e0e\u4f7f\u7528\u5230\u7684\u7aef\u53e3<\/a><br \/>1.3 <a href=\"#theory_pasv\">\u5ba2\u6237\u7aef\u9009\u62e9\u88ab\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f<\/a><br \/>1.4 <a href=\"#theory_security\">FTP \u7684\u5b89\u5168\u6027\u95ee\u9898\u4e0e\u66ff\u4ee3\u65b9\u6848<\/a><br \/>1.5 <a href=\"#theory_who\">\u5f00\u653e\u4ec0\u4e48\u8eab\u4efd\u7684\u4f7f\u7528\u8005\u767b\u5165<\/a><br \/>2 <a href=\"#server\">vsftpd \u670d\u52a1\u5668\u57fa\u7840\u8bbe\u5b9a<\/a><br \/>2.1 <a href=\"#server_before\">\u4e3a\u4f55\u4f7f\u7528 vsftpd<\/a><br \/>2.2 <a href=\"#server_pkg\">\u6240\u9700\u8981\u7684\u8f6f\u4ef6\u4ee5\u53ca\u8f6f\u4ef6\u7ed3\u6784<\/a><br \/>2.3 <a href=\"#server_vsftpd.conf\">vsftpd.conf \u8bbe\u5b9a\u503c\u8bf4\u660e <\/a><br \/>2.4 <a href=\"#server_start\">vsftpd \u542f\u52a8\u7684\u6a21\u5f0f<\/a><br \/>2.5 <a href=\"#server_basic\">CentOS \u7684 vsftpd \u9ed8\u8ba4\u503c<\/a>\uff1a <a href=\"#use_local_time\">\u4f7f\u7528\u672c\u5730\u7aef\u65f6\u95f4<\/a><br \/>2.6 <a href=\"#server_real\">\u9488\u5bf9\u5b9e\u4f53\u8d26\u53f7\u7684\u8bbe\u5b9a<\/a>\uff1a <a href=\"#server_real_selinux\">SELinux<\/a>, <a href=\"#server_real_chroot\">chroot<\/a>, <a href=\"#server_real_flow\">\u9650\u5236\u5e26\u5bbd<\/a>, <a href=\"#server_real_client\">\u6700\u5927\u4e0a\u7ebf\u4eba\u6570<\/a>, <a href=\"#server_real_userlist\">\u53ef\u7528\u8d26\u53f7\u5217\u8868<\/a><br \/>2.7 <a href=\"#server_anon\">\u4ec5\u6709\u533f\u540d\u767b\u5f55\u7684\u76f8\u5173\u8bbe\u5b9a<\/a>\uff1a <a href=\"#anon_home\">\u533f\u540d\u7684\u6839<\/a>, <a href=\"#server_anon_upload\">\u53ef\u4e0a\u4f20\u4e0b\u8f7d<\/a>, <a href=\"#server_anon_upload2\">\u4ec5\u53ef\u4e0a\u4f20<\/a>, <a href=\"#server_anon_pasv\">\u88ab\u52a8\u5f0f\u8054\u673a\u57e0\u53e3<\/a><br \/>2.8 <a href=\"#other_iptables\">\u9632\u706b\u5899\u8bbe\u5b9a<\/a><br \/>2.9 <a href=\"#other_faq\">\u5e38\u89c1\u95ee\u9898\u4e0e\u89e3\u51b3\u4e4b\u9053<\/a><br \/>3 <a href=\"#client\">\u5ba2\u6237\u7aef\u7684\u56fe\u5f62\u63a5\u53e3 FTP \u8054\u673a\u8f6f\u4ef6<\/a><br \/>3.1 <a href=\"#client_filezilla\">Filezilla<\/a><br \/>3.2 <a href=\"#client_browser\">\u900f\u8fc7\u6d4f\u89c8\u5668\u53d6\u5f97 FTP \u8054\u673a<\/a><br \/>4 <a href=\"#server_ssl\">\u8ba9 vsftpd \u589e\u52a0 SSL \u7684\u52a0\u5bc6\u529f\u80fd<\/a><br \/>5 <a href=\"#hint\">\u91cd\u70b9\u56de\u987e<\/a><br \/>6 <a href=\"#ex\">\u672c\u7ae0\u4e60\u9898<\/a><br \/>7 <a href=\"#reference\">\u53c2\u8003\u6570\u636e\u4e0e\u5ef6\u4f38\u9605\u8bfb<\/a><\/div>\n<hr \/>\n<p><a name=\"theory\"><\/a>1 FTP \u7684\u6570\u636e\u94fe\u8def\u539f\u7406<\/p>\n<div>\n<p>FTP (File transfer protocol) \u662f\u76f8\u5f53\u53e4\u8001\u7684\u4f20\u8f93\u534f\u8bae\u4e4b\u4e00\uff0c\u4ed6\u6700\u4e3b\u8981\u7684\u529f\u80fd\u662f\u5728\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u4e4b\u95f4\u8fdb\u884c\u6863\u6848\u7684\u4f20\u8f93\u3002 \u8fd9\u4e2a\u53e4\u8001\u7684\u534f\u8bae\u4f7f\u7528\u7684\u662f\u660e\u7801\u4f20\u8f93\u65b9\u5f0f\uff0c\u4e14\u8fc7\u53bb\u6709\u76f8\u5f53\u591a\u7684\u5b89\u5168\u5371\u673a\u5386\u53f2\u3002\u4e3a\u4e86\u66f4\u5b89\u5168\u7684\u4f7f\u7528 FTP \u534f\u8bae\uff0c\u6211\u4eec\u4e3b\u8981\u4ecb\u7ecd\u8f83\u4e3a\u5b89\u5168\u4f46\u529f\u80fd\u8f83\u5c11\u7684 vsftpd \u8fd9\u4e2a\u8f6f\u4ef6\u5436\u3002<\/p>\n<hr \/>\n<p><a name=\"theory_function\"><\/a>2.1.1 FTP \u529f\u80fd\u7b80\u4ecb<\/p>\n<div>\n<p>FTP \u670d\u52a1\u5668\u7684\u529f\u80fd\u9664\u4e86\u5355\u7eaf\u7684\u8fdb\u884c\u6863\u6848\u7684\u4f20\u8f93\u4e0e\u7ba1\u7406\u4e4b\u5916\uff0c\u4f9d\u636e\u670d\u52a1\u5668\u8f6f\u4ef6\u7684\u8bbe\u5b9a\u67b6\u6784\uff0c\u5b83\u8fd8\u53ef\u4ee5\u63d0\u4f9b\u51e0\u4e2a\u4e3b\u8981\u7684\u529f\u80fd\u3002 \u5e95\u4e0b\u6211\u4eec\u7ea6\u7565\u7684\u6765\u8c08\u4e00\u8c08\uff1a<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u4e0d\u540c\u7b49\u7ea7\u7684\u7528\u6237\u8eab\u4efd\uff1auser, guest, anonymous<\/li>\n<p><\/ul>\n<p>FTP \u670d\u52a1\u5668\u5728\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b\uff0c\u4f9d\u636e\u4f7f\u7528\u8005\u767b\u5165\u7684\u60c5\u51b5\u800c\u5206\u4e3a\u4e09\u79cd\u4e0d\u540c\u7684\u8eab\u4efd\uff0c\u5206\u522b\u662f\uff1a (1)\u5b9e\u4f53\u8d26\u53f7,real user\uff1b(2)\u8bbf\u5ba2, guest\uff1b(3)\u533f\u540d\u767b\u5f55\u8005, anonymous \u8fd9\u4e09\u79cd\u3002\u8fd9\u4e09\u79cd\u8eab\u4efd\u7684\u7528\u6237\u5728\u7cfb\u7edf\u4e0a\u9762\u7684\u6743\u9650\u5dee\u5f02\u5f88\u5927\u5594\uff01\u4f8b\u5982\u5b9e\u4f53\u7528\u6237\u53d6\u5f97\u7cfb\u7edf\u7684\u6743\u9650\u6bd4\u8f83\u5b8c\u6574\uff0c \u6240\u4ee5\u53ef\u4ee5\u8fdb\u884c\u6bd4\u8f83\u591a\u7684\u52a8\u4f5c\uff1b\u81f3\u4e8e\u533f\u540d\u767b\u5f55\u8005\uff0c\u5927\u6982\u6211\u4eec\u5c31\u4ec5\u63d0\u4f9b\u4ed6\u4e0b\u8f7d\u8d44\u6e90\u7684\u80fd\u529b\u800c\u5df2\uff0c\u5e76\u4e0d\u8bb8\u533f\u540d\u8005\u4f7f\u7528\u592a\u591a\u4e3b\u673a\u7684\u8d44\u6e90\u554a\uff01 \u5f53\u7136\uff0c\u8fd9\u4e09\u79cd\u4eba\u7269\u80fd\u591f\u4f7f\u7528\u7684\u300e\u5728\u7ebf\u6307\u4ee4\u300f\u81ea\u7136\u4e5f\u5c31\u4e0d\u76f8\u540c\u5570\uff01 ^_^<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u547d\u4ee4\u8bb0\u5f55\u4e0e\u767b\u5f55\u6587\u4ef6\u8bb0\u5f55\uff1a<\/li>\n<p><\/ul>\n<p>FTP \u53ef\u4ee5\u5229\u7528\u7cfb\u7edf\u7684 <a href=\"http:\/\/linux.vbird.org\/linux_basic\/0570syslog.php\">syslogd<\/a> \u6765\u8fdb\u884c\u6570\u636e\u7684\u7eaa\u5f55\uff0c \u800c\u8bb0\u5f55\u7684\u6570\u636e\u62a5\u62ec\u4e86\u7528\u6237\u66fe\u7ecf\u4e0b\u8fbe\u8fc7\u7684\u547d\u4ee4\u4e0e\u7528\u6237\u4f20\u8f93\u6570\u636e(\u4f20\u8f93\u65f6\u95f4\u3001\u6863\u6848\u5927\u5c0f\u7b49\u7b49)\u7684\u7eaa\u5f55\u5462\uff01 \u6240\u4ee5\u4f60\u53ef\u4ee5\u5f88\u8f7b\u677e\u7684\u5728 \/var\/log\/ \u91cc\u9762\u627e\u5230\u5404\u9879\u767b\u5f55\u4fe1\u606f\u5594\uff01<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u9650\u5236\u7528\u6237\u6d3b\u52a8\u7684\u76ee\u5f55\uff1a (change root, \u7b80\u79f0 chroot)<\/li>\n<p><\/ul>\n<p>\u4e3a\u4e86\u907f\u514d\u7528\u6237\u5728\u4f60\u7684 Linux \u7cfb\u7edf\u5f53\u4e2d\u968f\u610f\u901b\u5927\u8857 (\u610f\u6307\u79bb\u5f00\u7528\u6237\u81ea\u5df1\u7684\u5bb6\u76ee\u5f55\u800c\u8fdb\u5165\u5230 Linux \u7cfb\u7edf\u7684\u5176\u4ed6\u76ee\u5f55\u53bb)\uff0c \u6240\u4ee5\u5c06\u4f7f\u7528\u8005\u7684\u5de5\u4f5c\u8303\u56f4\u300e\u5c40\u9650\u300f\u5728\u7528\u6237\u7684\u5bb6\u76ee\u5f55\u5e95\u4e0b\uff0c\u55ef\uff01\u5b9e\u5728\u662f\u4e2a\u4e0d\u9519\u7684\u597d\u4e3b\u610f\uff01FTP \u53ef\u4ee5\u9650\u5236\u7528\u6237\u4ec5\u80fd\u5728\u81ea\u5df1\u7684\u5bb6\u76ee\u5f55\u5f53\u4e2d\u6d3b\u52a8\u5594\uff01\u5982\u6b64\u4e00\u6765\uff0c\u7531\u4e8e\u4f7f\u7528\u8005\u65e0\u6cd5\u79bb\u5f00\u81ea\u5df1\u7684\u5bb6\u76ee\u5f55\uff0c\u800c\u4e14\u767b\u5165 FTP \u540e\uff0c\u663e\u793a\u7684\u300e\u6839\u76ee\u5f55\u300f\u5c31\u662f\u81ea\u5df1\u5bb6\u76ee\u5f55\u7684\u5185\u5bb9\uff0c\u8fd9\u79cd\u73af\u5883\u79f0\u4e4b\u4e3a change root \uff0c\u7b80\u79f0 chroot \uff0c\u6539\u53d8\u6839\u76ee\u5f55\u7684\u610f\u601d\u5566\uff01<\/p>\n<p>\u8fd9\u6709\u4ec0\u4e48\u597d\u5904\u5462\uff1f\u5f53\u4e00\u4e2a\u6076\u610f\u7684\u4f7f\u7528\u8005\u4ee5 FTP \u767b\u5165\u4f60\u7684\u7cfb\u7edf\u5f53\u4e2d\uff0c\u5982\u679c\u6ca1\u6709 chroot \u7684\u73af\u5883\u4e0b\uff0c\u4ed6\u53ef\u4ee5\u5230 \/etc, \/usr\/local, \/home \u7b49\u5176\u4ed6\u91cd\u8981\u76ee\u5f55\u5e95\u4e0b\u53bb\u5bdf\u770b\u6863\u6848\u6570\u636e\uff0c\u5c24\u5176\u662f\u5f88\u91cd\u8981\u7684 \/etc\/ \u5e95\u4e0b\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u5982 \/etc\/passwd \u7b49\u7b49\u3002\u5982\u679c\u4f60\u6ca1\u6709\u505a\u597d\u4e00\u4e9b\u6863\u6848\u6743\u9650\u7684\u7ba1\u7406\u4e0e\u4fdd\u62a4\uff0c\u90a3\u4ed6\u5c31\u6709\u529e\u6cd5\u53d6\u5f97\u7cfb\u7edf\u7684\u67d0\u4e9b\u91cd\u8981\u4fe1\u606f\uff0c \u7528\u6765\u300e\u5165\u4fb5\u300f\u4f60\u7684\u7cfb\u7edf\u5462\uff01\u6240\u4ee5\u5728 chroot \u7684\u73af\u5883\u4e0b\uff0c\u5f53\u7136\u5c31\u6bd4\u8f83\u5b89\u5168\u4e00\u4e9b\u54af\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"theory_port\"><\/a>1.2 FTP \u7684\u8fd0\u4f5c\u6d41\u7a0b\u4e0e\u4f7f\u7528\u5230\u7684\u7aef\u53e3<\/p>\n<div>\n<p>FTP \u7684\u4f20\u8f93\u4f7f\u7528\u7684\u662f TCP \u5c01\u5305\u534f\u8bae\uff0c\u5728<a href=\"http:\/\/linux.vbird.org\/linux_server\/0110network_basic.php\">\u7b2c\u4e8c\u7ae0\u7f51\u7edc\u57fa\u7840<\/a>\u4e2d\u6211\u4eec\u8c08\u8fc7\uff0c TCP \u5728\u5efa\u7acb\u8054\u673a\u524d\u4f1a\u5148\u8fdb\u884c\u4e09\u5411\u4ea4\u63e1\u3002\u4e0d\u8fc7 FTP \u670d\u52a1\u5668\u662f\u6bd4\u8f83\u9ebb\u70e6\u4e00\u4e9b\uff0c\u56e0\u4e3a FTP \u670d\u52a1\u5668\u4f7f\u7528\u4e86\u4e24\u4e2a\u8054\u673a\uff0c\u5206\u522b\u662f\u547d\u4ee4\u4fe1\u9053\u4e0e\u6570\u636e\u6d41\u901a\u9053 (ftp-data) \u3002\u8fd9\u4e24\u4e2a\u8054\u673a\u90fd\u9700\u8981\u7ecf\u8fc7\u4e09\u5411\u4ea4\u63e1\uff0c \u56e0\u4e3a\u662f TCP \u5c01\u5305\u561b\uff01\u90a3\u4e48\u8fd9\u4e24\u4e2a\u8054\u673a\u901a\u9053\u7684\u5173\u7cfb\u662f\u5982\u4f55\u5462\uff1f\u5e95\u4e0b\u6211\u4eec\u5148\u4ee5 FTP \u9884\u8bbe\u7684\u4e3b\u52a8\u5f0f (active) \u8054\u673a\u6765\u4f5c\u4e2a\u7b80\u7565\u7684\u8bf4\u660e\u5570\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"connect_active\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active.gif\" alt=\"connect_active\" width=\"289\" height=\"267\" \/><\/a><br \/>\u56fe 1-1\u3001FTP \u670d\u52a1\u5668\u7684\u4e3b\u52a8\u5f0f\u8054\u673a\u793a\u610f\u56fe<\/center>\u7b80\u5355\u7684\u8054\u673a\u6d41\u7a0b\u5c31\u5982\u4e0a\u56fe\u6240\u793a\uff0c\u81f3\u4e8e\u8054\u673a\u7684\u6b65\u9aa4\u662f\u8fd9\u6837\u7684\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u5efa\u7acb\u547d\u4ee4\u901a\u9053\u7684\u8054\u673a<br \/>\u5982\u4e0a\u56fe\u6240\u793a\uff0c\u5ba2\u6237\u7aef\u4f1a\u968f\u673a\u53d6\u4e00\u4e2a\u5927\u4e8e 1024 \u4ee5\u4e0a\u7684\u57e0\u53e3 (port AA) \u6765\u4e0e FTP \u670d\u52a1\u5668\u7aef\u7684 port 21 \u8fbe\u6210\u8054\u673a\uff0c \u8fd9\u4e2a\u8fc7\u7a0b\u5f53\u7136\u9700\u8981\u4e09\u5411\u4ea4\u63e1\u4e86\uff01\u8fbe\u6210\u8054\u673a\u540e\u5ba2\u6237\u7aef\u4fbf\u53ef\u4ee5\u900f\u8fc7\u8fd9\u4e2a\u8054\u673a\u6765\u5bf9 FTP \u670d\u52a1\u5668\u4e0b\u8fbe\u6307\u4ee4\uff0c \u5305\u62ec\u67e5\u8be2\u6863\u540d\u3001\u4e0b\u8f7d\u3001\u4e0a\u4f20\u7b49\u7b49\u6307\u4ee4\u90fd\u662f\u5229\u7528\u8fd9\u4e2a\u901a\u9053\u6765\u4e0b\u8fbe\u7684\uff1b<\/li>\n<p>\t<\/p>\n<li>\u901a\u77e5 FTP \u670d\u52a1\u5668\u7aef\u4f7f\u7528 active \u4e14\u544a\u77e5\u8fde\u63a5\u7684\u57e0\u53f7<br \/>FTP \u670d\u52a1\u5668\u7684 21 \u57e0\u53f7\u4e3b\u8981\u7528\u5728\u547d\u4ee4\u7684\u4e0b\u8fbe\uff0c\u4f46\u662f\u5f53\u7275\u6d89\u5230\u6570\u636e\u6d41\u65f6\uff0c\u5c31\u4e0d\u662f\u4f7f\u7528\u8fd9\u4e2a\u8054\u673a\u4e86\u3002 \u5ba2\u6237\u7aef\u5728\u9700\u8981\u6570\u636e\u7684\u60c5\u51b5\u4e0b\uff0c\u4f1a\u544a\u77e5\u670d\u52a1\u5668\u7aef\u8981\u7528\u4ec0\u4e48\u65b9\u5f0f\u6765\u8054\u673a\uff0c\u5982\u679c\u662f\u4e3b\u52a8\u5f0f (active) \u8054\u673a\u65f6\uff0c \u5ba2\u6237\u7aef\u4f1a\u5148\u968f\u673a\u542f\u7528\u4e00\u4e2a\u57e0\u53e3 (\u56fe 1-1 \u5f53\u4e2d\u7684 port BB) \uff0c\u4e14\u900f\u8fc7\u547d\u4ee4\u901a\u9053\u544a\u77e5 FTP \u670d\u52a1\u5668\u8fd9\u4e24\u4e2a\u4fe1\u606f\uff0c\u5e76\u7b49\u5f85 FTP \u670d\u52a1\u5668\u7684\u8054\u673a\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u670d\u52a1\u5668\u300e\u4e3b\u52a8\u300f\u5411\u5ba2\u6237\u7aef\u8054\u673a<br \/>FTP \u670d\u52a1\u5668\u7531\u547d\u4ee4\u901a\u9053\u4e86\u89e3\u5ba2\u6237\u7aef\u7684\u9700\u6c42\u540e\uff0c\u4f1a\u4e3b\u52a8\u7684\u7531 20 \u8fd9\u4e2a\u57e0\u53f7\u5411\u5ba2\u6237\u7aef\u7684 port BB \u8054\u673a\uff0c \u8fd9\u4e2a\u8054\u673a\u5f53\u7136\u4e5f\u4f1a\u7ecf\u8fc7\u4e09\u5411\u4ea4\u63e1\u5566\uff01\u6b64\u65f6 FTP \u7684\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u7aef\u5171\u4f1a\u5efa\u7acb\u4e24\u6761\u8054\u673a\uff0c\u5206\u522b\u7528\u5728\u547d\u4ee4\u7684\u4e0b\u8fbe\u4e0e\u6570\u636e\u7684\u4f20\u9012\u3002 \u800c\u9884\u8bbe FTP \u670d\u52a1\u5668\u7aef\u4f7f\u7528\u7684\u4e3b\u52a8\u8054\u673a\u57e0\u53f7\u5c31\u662f port 20 \u5570\uff01<\/li>\n<p><\/ol>\n<p>\u5982\u6b64\u4e00\u6765\u5219\u6210\u529f\u7684\u5efa\u7acb\u8d77\u300e\u547d\u4ee4\u300f\u4e0e\u300e\u6570\u636e\u4f20\u8f93\u300f\u4e24\u4e2a\u4fe1\u9053\uff01\u4e0d\u8fc7\uff0c\u8981\u6ce8\u610f\u7684\u662f\uff0c \u300e\u6570\u636e\u4f20\u8f93\u4fe1\u9053\u300f\u662f\u5728\u6709\u6570\u636e\u4f20\u8f93\u7684\u884c\u4e3a\u65f6\u624d\u4f1a\u5efa\u7acb\u7684\u901a\u9053\u5594\uff01\u5e76\u4e0d\u662f\u4e00\u5f00\u59cb\u8fde\u63a5\u5230 FTP \u670d\u52a1\u5668\u5c31\u7acb\u523b\u5efa\u7acb\u7684\u901a\u9053\u5462\uff01\u7559\u610f\u4e00\u4e0b\u5570\uff01<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u4e3b\u52a8\u5f0f\u8054\u673a\u4f7f\u7528\u5230\u7684\u57e0\u53f7<\/li>\n<p><\/ul>\n<p>\u5229\u7528\u4e0a\u8ff0\u7684\u8bf4\u660e\u6765\u6574\u7406\u4e00\u4e0b FTP \u670d\u52a1\u5668\u7aef\u4f1a\u4f7f\u7528\u5230\u7684\u57e0\u53f7\u4e3b\u8981\u6709\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u547d\u4ee4\u901a\u9053\u7684 ftp (\u9ed8\u8ba4\u4e3a port 21) \u4e0e<\/li>\n<p>\t<\/p>\n<li>\u6570\u636e\u4f20\u8f93\u7684 ftp-data (\u9ed8\u8ba4\u4e3aport 20)\u3002<\/li>\n<p><\/ul>\n<p>\u518d\u5f3a\u8c03\u4e00\u6b21\uff0c\u8fd9\u4e24\u4e2a\u57e0\u53e3\u7684\u5de5\u4f5c\u662f\u4e0d\u4e00\u6837\u7684\uff0c\u800c\u4e14\uff0c\u91cd\u8981\u7684\u662f\u4e24\u8005\u7684\u8054\u673a\u53d1\u8d77\u7aef\u662f\u4e0d\u4e00\u6837\u7684\uff01\u9996\u5148 port 21 \u4e3b\u8981\u63a5\u53d7\u6765\u81ea\u5ba2\u6237\u7aef\u7684\u4e3b\u52a8\u8054\u673a\uff0c\u81f3\u4e8e port 20 \u5219\u4e3a FTP \u670d\u52a1\u5668\u4e3b\u52a8\u8054\u673a\u81f3\u5ba2\u6237\u7aef\u5462\uff01\u8fd9\u6837\u7684\u60c5\u51b5\u5728\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u4e24\u8005\u540c\u65f6\u4e3a\u516c\u5171 IP (Public IP) \u7684\u56e0\u7279\u7f51\u4e0a\u9762\u901a\u5e38\u6ca1\u6709\u592a\u5927\u7684\u95ee\u9898\uff0c\u4e0d\u8fc7\uff0c\u4e07\u4e00\u4f60\u7684\u5ba2\u6237\u7aef\u662f\u5728\u9632\u706b\u5899\u540e\u7aef\uff0c\u6216\u8005\u662f NAT \u670d\u52a1\u5668\u540e\u7aef\u5462\uff1f\u4f1a\u6709\u4ec0\u4e48\u95ee\u9898\u53d1\u751f\u5462\uff1f\u5e95\u4e0b\u6211\u4eec\u6765\u8c08\u4e00\u8c08\u8fd9\u4e2a\u4e25\u91cd\u7684\u95ee\u9898\uff01<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5728\u4e3b\u52a8\u8054\u673a\u7684 FTP \u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u4e4b\u95f4\u5177\u6709\u9632\u706b\u5899\u7684\u8054\u673a\u95ee\u9898<\/li>\n<p><\/ul>\n<p>\u56de\u60f3\u4e00\u4e0b\u6211\u4eec\u7684<a href=\"http:\/\/linux.vbird.org\/linux_server\/0250simple_firewall.php\">\u7b2c\u4e5d\u7ae0\u9632\u706b\u5899<\/a>\uff01 \u4e00\u822c\u6765\u8bf4\uff0c\u5f88\u591a\u7684\u5c40\u57df\u7f51\u7edc\u90fd\u4f1a\u4f7f\u7528\u9632\u706b\u5899 (iptables) \u7684 NAT \u529f\u80fd\uff0c\u90a3\u4e48\u5728 NAT \u540e\u7aef\u7684 FTP \u7528\u6237\u5982\u4f55\u8fde\u63a5\u5230 FTP \u670d\u52a1\u5668\u5462\uff1f \u6211\u4eec\u53ef\u4ee5\u7b80\u5355\u7684\u4ee5\u4e0b\u56fe\u6765\u8bf4\u660e\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active_nat.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"connect_active_nat\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active_nat.gif\" alt=\"connect_active_nat\" width=\"440\" height=\"267\" \/><\/a><br \/>\u56fe 1-2\u3001 FTP \u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u7aef\u8054\u673a\u4e2d\u95f4\u5177\u6709\u9632\u706b\u5899\u7684\u8054\u673a\u72b6\u6001<\/center><\/p>\n<ol>\t<\/p>\n<li>\u7528\u6237\u4e0e\u670d\u52a1\u5668\u95f4\u547d\u4ee4\u4fe1\u9053\u7684\u5efa\u7acb\uff1a<br \/>\u56e0\u4e3a NAT \u4f1a\u4e3b\u52a8\u7684\u8bb0\u5f55\u7531\u5185\u90e8\u9001\u5f80\u5916\u90e8\u7684\u8054\u673a\u4fe1\u606f\uff0c\u800c\u7531\u4e8e\u547d\u4ee4\u4fe1\u9053\u7684\u5efa\u7acb\u662f\u7531\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u7aef\u8054\u673a\u7684\uff0c \u56e0\u6b64\u8fd9\u4e00\u6761\u8054\u673a\u53ef\u4ee5\u987a\u5229\u7684\u5efa\u7acb\u8d77\u6765\u7684\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7528\u6237\u4e0e\u670d\u52a1\u5668\u95f4\u6570\u636e\u4fe1\u9053\u5efa\u7acb\u65f6\u7684\u901a\u77e5\uff1a<br \/>\u540c\u6837\u7684\uff0c\u5ba2\u6237\u7aef\u4e3b\u673a\u4f1a\u5148\u542f\u7528 port BB \uff0c\u5e76\u900f\u8fc7\u547d\u4ee4\u901a\u9053\u544a\u77e5 FTP \u670d\u52a1\u5668\uff0c\u4e14\u7b49\u5f85\u670d\u52a1\u5668\u7aef\u7684\u4e3b\u52a8\u8054\u673a\uff1b<\/li>\n<p>\t<\/p>\n<li>\u670d\u52a1\u5668\u4e3b\u52a8\u8fde\u5230 NAT \u7b49\u5f85\u8f6c\u9012\u81f3\u5ba2\u6237\u7aef\u7684\u8054\u673a\u95ee\u9898\uff1a<br \/>\u4f46\u662f\u7531\u4e8e\u900f\u8fc7 NAT \u7684\u8f6c\u6362\u540e\uff0cFTP \u670d\u52a1\u5668\u53ea\u80fd\u5f97\u77e5 NAT \u7684 IP \u800c\u4e0d\u662f\u5ba2\u6237\u7aef\u7684 IP \uff0c \u56e0\u6b64 FTP \u670d\u52a1\u5668\u4f1a\u4ee5 port 20 \u4e3b\u52a8\u7684\u5411 NAT \u7684 port BB \u53d1\u9001\u4e3b\u52a8\u8054\u673a\u7684\u8981\u6c42\u3002 \u4f46\u4f60\u7684 NAT \u5e76\u6ca1\u6709\u542f\u52a8 port BB \u6765\u76d1\u542c FTP \u670d\u52a1\u5668\u7684\u8054\u673a\u554a\uff01<\/li>\n<p><\/ol>\n<p>\u4e86\u89e3\u95ee\u9898\u7684\u6240\u5728\u4e86\u5417\uff1f\u5728 FTP \u7684\u4e3b\u52a8\u5f0f\u8054\u673a\u5f53\u4e2d\uff0cNAT \u5c06\u4f1a\u88ab\u89c6\u4e3a\u5ba2\u6237\u7aef\uff0c\u4f46 NAT \u5176\u5b9e\u5e76\u975e\u5ba2\u6237\u7aef\u554a\uff0c \u8fd9\u5c31\u9020\u6210\u95ee\u9898\u4e86\u3002\u5982\u679c\u4f60\u66fe\u7ecf\u5728 IP \u5206\u4eab\u5668\u540e\u9762\u8fde\u63a5\u67d0\u4e9b FTP \u670d\u52a1\u5668\u65f6\uff0c\u53ef\u80fd\u5076\u5c14\u4f1a\u53d1\u73b0\u660e\u660e\u5c31\u8fde\u63a5\u4e0a FTP \u670d\u52a1\u5668\u4e86 (\u547d\u4ee4\u901a\u9053\u5df2\u5efa\u7acb)\uff0c\u4f46\u662f\u5c31\u662f\u65e0\u6cd5\u53d6\u5f97\u6587\u4ef6\u540d\u7684\u5217\u8868\uff0c\u800c\u662f\u5728\u8d85\u8fc7\u4e00\u6bb5\u65f6\u95f4\u540e\u663e\u793a\u300e Can&#8217;t build data connection: Connection refused\uff0c\u65e0\u6cd5\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u300f\u4e4b\u7c7b\u7684\u8baf\u606f\uff0c \u90a3\u80af\u5b9a\u5c31\u662f\u8fd9\u4e2a\u539f\u56e0\u6240\u9020\u6210\u7684\u56f0\u6270\u4e86\u3002<\/p>\n<p>\u90a3\u6709\u6ca1\u6709\u529e\u6cd5\u53ef\u4ee5\u514b\u670d\u8fd9\u4e2a\u95ee\u9898\u5462\uff1f\u96be\u9053\u771f\u7684\u5728 Linux NAT \u540e\u9762\u5c31\u4e00\u5b9a\u65e0\u6cd5\u4f7f\u7528 FTP \u5417\uff1f\u5f53\u7136\u4e0d\u662f\uff01 \u76ee\u524d\u6709\u4e24\u4e2a\u7b80\u6613\u7684\u65b9\u6cd5\u53ef\u4ee5\u514b\u670d\u8fd9\u4e2a\u95ee\u9898\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u4f7f\u7528 iptables \u6240\u63d0\u4f9b\u7684 FTP \u4fa6\u6d4b\u6a21\u5757\uff1a\u5176\u5b9e iptables \u65e9\u5c31\u63d0\u4f9b\u4e86\u8bb8\u591a\u597d\u7528\u7684\u6a21\u5757\u4e86\uff0c\u8fd9\u4e2a FTP \u5f53\u7136\u4e0d\u4f1a\u88ab\u9519\u8fc7\uff01 \u4f60\u53ef\u4ee5\u4f7f\u7528 <a href=\"http:\/\/linux.vbird.org\/linux_basic\/0510osloader.php#kernel_load\">modprobe<\/a> \u8fd9\u4e2a\u6307\u4ee4\u6765\u52a0\u8f7d ip_conntrack_ftp \u53ca ip_nat_ftp \u7b49\u6a21\u5757\uff0c\u8fd9\u51e0\u4e2a\u6a21\u5757\u4f1a\u4e3b\u52a8\u7684\u5206\u6790\u300e\u76ee\u6807\u662f port 21 \u7684\u8054\u673a\u300f\u4fe1\u606f\uff0c \u6240\u4ee5\u53ef\u4ee5\u5f97\u5230 port BB \u7684\u8d44\u6599\uff0c\u6b64\u65f6\u82e5\u63a5\u53d7\u5230 FTP \u670d\u52a1\u5668\u7684\u4e3b\u52a8\u8054\u673a\uff0c\u5c31\u80fd\u591f\u5c06\u8be5\u5c01\u5305\u5bfc\u5411\u6b63\u786e\u7684\u540e\u7aef\u4e3b\u673a\u4e86\uff01 ^_^\n<p>\u4e0d\u8fc7\uff0c\u5982\u679c\u4f60\u94fe\u63a5\u7684\u76ee\u6807 FTP \u670d\u52a1\u5668\u4ed6\u7684\u547d\u4ee4\u901a\u9053\u9ed8\u8ba4\u7aef\u53e3\u53f7\u5e76\u975e\u6807\u51c6\u7684 21 \u57e0\u53f7\u65f6 (\u4f8b\u5982\u67d0\u4e9b\u5730\u4e0b FTP \u670d\u52a1\u5668)\uff0c \u90a3\u4e48\u8fd9\u4e24\u4e2a\u6a21\u5757\u5c31\u65e0\u6cd5\u987a\u5229\u89e3\u6790\u51fa\u6765\u4e86\uff0c\u8fd9\u6837\u8bf4\uff0c\u7406\u89e3\u5417\uff1f<\/li>\n<p>\t<\/p>\n<li>\u5ba2\u6237\u7aef\u9009\u62e9\u88ab\u52a8\u5f0f (Passive) \u8054\u673a\u6a21\u5f0f\uff1a\u9664\u4e86\u4e3b\u52a8\u5f0f\u8054\u673a\u4e4b\u5916\uff0cFTP \u8fd8\u63d0\u4f9b\u4e00\u79cd\u79f0\u4e3a\u88ab\u52a8\u5f0f\u8054\u673a\u7684\u6a21\u5f0f\uff0c\u4ec0\u4e48\u662f\u88ab\u52a8\u5f0f\u5462\uff1f \u65e2\u7136\u4e3b\u52a8\u5f0f\u662f\u7531\u670d\u52a1\u5668\u5411\u5ba2\u6237\u7aef\u8054\u673a\uff0c\u53cd\u8fc7\u6765\u8bb2\uff0c\u88ab\u52a8\u5f0f\u5c31\u662f\u7531\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u7aef\u53d1\u8d77\u8054\u673a\u7684\u5570\uff01 \u65e2\u7136\u662f\u7531\u5ba2\u6237\u7aef\u53d1\u8d77\u8054\u673a\u7684\uff0c\u90a3\u81ea\u7136\u5c31\u4e0d\u9700\u8981\u8003\u8651\u6765\u81ea port 20 \u7684\u8054\u673a\u5566\uff01\u5173\u4e8e\u88ab\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f\u5c06\u5728\u4e0b\u4e00\u5c0f\u8282\u4ecb\u7ecd\u5594\uff01<\/li>\n<p><\/ul>\n<p><\/div>\n<hr \/>\n<p><a name=\"theory_pasv\"><\/a>1.3 \u5ba2\u6237\u7aef\u9009\u62e9\u88ab\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f<\/p>\n<div>\n<p>\u90a3\u4e48\u4ec0\u4e48\u662f\u88ab\u52a8\u5f0f\u8054\u673a\u5462\uff1f\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u5e95\u4e0b\u7684\u56fe\u793a\u6765\u4f5c\u4e2a\u7b80\u7565\u7684\u4ecb\u7ecd\u5594\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_passive.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"connect_passive\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_passive.gif\" alt=\"connect_passive\" width=\"289\" height=\"267\" \/><\/a><br \/>\u56fe 1-3\u3001FTP \u7684\u88ab\u52a8\u5f0f\u6570\u636e\u6d41\u8054\u673a\u6d41\u7a0b<\/center><\/p>\n<ol>\t<\/p>\n<li>\u7528\u6237\u4e0e\u670d\u52a1\u5668\u5efa\u7acb\u547d\u4ee4\u4fe1\u9053\uff1a<br \/>\u540c\u6837\u7684\u9700\u8981\u5efa\u7acb\u547d\u4ee4\u901a\u9053\uff0c\u900f\u8fc7\u4e09\u5411\u4ea4\u63e1\u5c31\u53ef\u4ee5\u5efa\u7acb\u8d77\u8fd9\u4e2a\u901a\u9053\u4e86\u3002<\/li>\n<p>\t<\/p>\n<li>\u5ba2\u6237\u7aef\u53d1\u51fa PASV \u7684\u8054\u673a\u8981\u6c42\uff1a<br \/>\u5f53\u6709\u4f7f\u7528\u6570\u636e\u4fe1\u9053\u7684\u6307\u4ee4\u65f6\uff0c\u5ba2\u6237\u7aef\u53ef\u900f\u8fc7\u547d\u4ee4\u901a\u9053\u53d1\u51fa PASV \u7684\u88ab\u52a8\u5f0f\u8054\u673a\u8981\u6c42 (Passive \u7684\u7f29\u5199)\uff0c \u5e76\u7b49\u5f85\u670d\u52a1\u5668\u7684\u56de\u5e94\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u670d\u52a1\u5668\u542f\u52a8\u6570\u636e\u7aef\u53e3\uff0c\u5e76\u901a\u77e5\u5ba2\u6237\u7aef\u8054\u673a\uff1a<br \/>\u5982\u679c\u4f60\u7684 FTP \u670d\u52a1\u5668\u662f\u80fd\u591f\u5904\u7406\u88ab\u52a8\u5f0f\u8054\u673a\u7684\uff0c\u6b64\u65f6 FTP \u670d\u52a1\u5668\u4f1a\u5148\u542f\u52a8\u4e00\u4e2a\u57e0\u53e3\u5728\u76d1\u542c\u3002 \u8fd9\u4e2a\u7aef\u53e3\u53f7\u7801\u53ef\u80fd\u662f\u968f\u673a\u7684\uff0c\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u67d0\u4e00\u8303\u56f4\u7684\u57e0\u53e3\uff0c\u7aef\u770b\u4f60\u7684 FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u800c\u5b9a\u3002 \u7136\u540e\u4f60\u7684 FTP \u670d\u52a1\u5668\u4f1a\u900f\u8fc7\u547d\u4ee4\u901a\u9053\u544a\u77e5\u5ba2\u6237\u7aef\u8be5\u5df2\u7ecf\u542f\u52a8\u7684\u57e0\u53e3 (\u56fe\u4e2d\u7684 port PASV)\uff0c \u5e76\u7b49\u5f85\u5ba2\u6237\u7aef\u7684\u8054\u673a\u3002<\/li>\n<p>\t<\/p>\n<li>\u5ba2\u6237\u7aef\u968f\u673a\u53d6\u7528\u5927\u4e8e 1024 \u7684\u57e0\u53e3\u8fdb\u884c\u8fde\u63a5\uff1a<br \/>\u7136\u540e\u4f60\u7684\u5ba2\u6237\u7aef\u4f1a\u968f\u673a\u53d6\u7528\u4e00\u4e2a\u5927\u4e8e 1024 \u7684\u7aef\u53e3\u53f7\u6765\u5bf9\u4e3b\u673a\u7684 port PASV \u8054\u673a\u3002 \u5982\u679c\u4e00\u5207\u90fd\u987a\u5229\u7684\u8bdd\uff0c\u90a3\u4e48\u4f60\u7684 FTP \u6570\u636e\u5c31\u53ef\u4ee5\u900f\u8fc7 port BB \u53ca port PASV \u6765\u4f20\u9001\u4e86\u3002<\/li>\n<p><\/ol>\n<p>\u53d1\u73b0\u4e0a\u9762\u7684\u4e0d\u540c\u70b9\u4e86\u5417\uff1f\u88ab\u52a8\u5f0f FTP \u6570\u636e\u4fe1\u9053\u7684\u8054\u673a\u65b9\u5411\u662f\u7531\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u7aef\u8054\u673a\u7684\u5594\uff01 \u5982\u6b64\u4e00\u6765\uff0c\u5728 NAT \u5185\u90e8\u7684\u5ba2\u6237\u7aef\u4e3b\u673a\u5c31\u53ef\u4ee5\u987a\u5229\u7684\u8fde\u63a5\u4e0a FTP Server \u4e86\uff01\u4f46\u662f\uff0c\u4e07\u4e00 FTP \u4e3b\u673a\u4e5f\u662f\u5728 NAT \u540e\u7aef\u90a3\u600e\u4e48\u529e&#8230;\u5475\u5475\uff01\u90a3\u53ef\u5c31\u7cd7\u4e86\u5427\uff5e @_@\u8fd9\u91cc\u5c31\u7275\u6d89\u5230\u66f4\u6df1\u5165\u7684 DMZ \u6280\u5de7\u4e86\uff0c\u6211\u4eec\u8fd9\u91cc\u6682\u4e0d\u4ecb\u7ecd\u8fd9\u4e9b\u6df1\u5165\u7684\u6280\u5de7\uff0c\u5148\u7406\u89e3\u4e00\u4e0b\u8fd9\u4e9b\u7279\u6b8a\u7684\u8054\u673a\u65b9\u5411\uff0c \u8fd9\u5c06\u6709\u52a9\u4e8e\u4f60\u672a\u6765\u670d\u52a1\u5668\u67b6\u8bbe\u65f6\u5019\u7684\u8003\u8651\u56e0\u7d20\u5594\uff01<\/p>\n<p>\u6b64\u5916\uff0c\u4e0d\u6653\u5f97\u4f60\u6709\u65e0\u53d1\u73b0\uff0c\u900f\u8fc7 PASV \u6a21\u5f0f\uff0c\u670d\u52a1\u5668\u5728\u6ca1\u6709\u7279\u522b\u8bbe\u5b9a\u7684\u60c5\u51b5\u4e0b\uff0c\u4f1a\u968f\u673a\u9009\u53d6\u5927\u4e8e 1024 \u7684\u57e0\u53e3\u6765\u63d0\u4f9b\u5ba2\u6237\u7aef\u8fde\u63a5\u4e4b\u7528\u3002\u90a3\u4e48\u4e07\u4e00\u670d\u52a1\u5668\u542f\u7528\u7684\u57e0\u53e3\u88ab\u641e\u9b3c\u600e\u4e48\u529e\uff1f\u800c\u4e14\uff0c \u5982\u6b64\u4e00\u6765\u4e5f\u5f88\u96be\u8ffd\u8e2a\u6765\u81ea\u5165\u4fb5\u8005\u653b\u51fb\u7684\u767b\u5f55\u4fe1\u606f\u554a\uff01\u6240\u4ee5\uff0c\u8fd9\u4e2a\u65f6\u5019\u6211\u4eec\u53ef\u4ee5\u900f\u8fc7 passive ports \u7684\u529f\u80fd\u6765\u300e\u9650\u5b9a\u300f\u670d\u52a1\u5668\u542f\u7528\u7684 port number \u5594\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"theory_security\"><\/a>1.4 FTP \u7684\u5b89\u5168\u6027\u95ee\u9898\u4e0e\u66ff\u4ee3\u65b9\u6848<\/p>\n<div>\n<p>\u5176\u5b9e\uff0c\u5728 FTP \u4e0a\u9762\u4f20\u9001\u7684\u6570\u636e\u5f88\u53ef\u80fd\u88ab\u7a83\u53d6\uff0c\u56e0\u4e3a FTP \u662f\u660e\u7801\u4f20\u8f93\u7684\u561b\uff01\u800c\u4e14\u67d0\u4e9b FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u7684\u8d44\u5b89\u5386\u53f2\u95ee\u9898\u4e5f\u662f\u5f88\u4e25\u91cd\u7684\u3002 \u56e0\u6b64\uff0c\u4e00\u822c\u6765\u8bf4\uff0c\u9664\u975e\u662f\u5b66\u6821\u6216\u8005\u662f\u4e00\u4e9b\u793e\u56e2\u5355\u4f4d\u8981\u5f00\u653e\u6ca1\u6709\u673a\u5bc6\u6216\u6388\u6743\u95ee\u9898\u7684\u8d44\u6599\u4e4b\u5916\uff0cFTP \u662f\u5c11\u7528\u4e3a\u5999\u7684\u3002<\/p>\n<p>\u62dc <a href=\"http:\/\/linux.vbird.org\/linux_server\/0310telnetssh.php\">SSH<\/a> \u6240\u8d50\uff0c\u76ee\u524d\u6211\u4eec\u5df2\u7ecf\u6709\u8f83\u4e3a\u5b89\u5168\u7684 FTP \u4e86\uff0c\u90a3\u5c31\u662f ssh \u63d0\u4f9b\u7684 sftp \u8fd9\u4e2a server \u554a\uff01\u8fd9\u4e2a sftp-server \u6700\u5927\u7684\u4f18\u70b9\u5c31\u662f\uff1a\u300e\u5728\u4e0a\u9762\u4f20\u8f93\u7684\u6570\u636e\u662f\u7ecf\u8fc7\u52a0\u5bc6\u7684\u300f\uff01\u6240\u4ee5\u5728\u56e0\u7279\u7f51\u4e0a\u9762\u6d41\u7a9c\u7684\u65f6\u5019\uff0c \u563f\u563f\uff01\u6bd5\u7adf\u662f\u6bd4\u8f83\u5b89\u5168\u4e00\u4e9b\u5566\uff01\u6240\u4ee5\u5efa\u8bae\u4f60\uff0c\u9664\u975e\u5fc5\u8981\uff0c\u5426\u5219\u7684\u8bdd\u4f7f\u7528 SSH \u63d0\u4f9b\u7684 sftp-server \u529f\u80fd\u5373\u53ef\uff5e<\/p>\n<p>\u7136\u800c\u8fd9\u4e2a\u529f\u80fd\u5bf9\u4e8e\u4e00\u4e9b\u4e60\u60ef\u4e86\u56fe\u5f62\u63a5\u53e3\uff0c\u6216\u8005\u662f\u6709\u4e2d\u6587\u6863\u540d\u7684\u4f7f\u7528\u8005\u6765\u8bf4\uff0c\u5b9e\u5728\u662f\u4e0d\u600e\u4e48\u65b9\u4fbf\uff0c \u867d\u8bf4\u76ee\u524d\u6709\u4e2a\u56fe\u5f62\u63a5\u53e3\u7684 filezilla \u5ba2\u6237\u7aef\u8f6f\u4ef6\uff0c\u4e0d\u8fc7\u5f88\u591a\u65f6\u5019\u8fd8\u662f\u4f1a\u53d1\u751f\u4e00\u4e9b\u83ab\u540d\u7684\u95ee\u9898\u8bf4\uff01 \u6240\u4ee5\uff0c\u6709\u7684\u65f6\u5019 FTP \u7f51\u7ad9\u8fd8\u662f\u6709\u5176\u5b58\u5728\u7684\u9700\u8981\u7684\u3002\u5982\u679c\u771f\u7684\u8981\u67b6\u8bbe FTP \u7f51\u7ad9\uff0c\u90a3\u4e48\u8fd8\u662f\u5f97\u9700\u8981\u6ce8\u610f\u51e0\u4e2a\u4e8b\u9879\u5594\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u968f\u65f6\u66f4\u65b0\u5230\u6700\u65b0\u7248\u672c\u7684 FTP \u8f6f\u4ef6\uff0c\u5e76\u968f\u65f6\u6ce8\u610f\u6f0f\u6d1e\u8baf\u606f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5584\u7528 iptables \u6765\u89c4\u5b9a\u53ef\u4ee5\u4f7f\u7528 FTP \u7684\u7f51\u57df\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5584\u7528 TCP_Wrappers \u6765\u89c4\u8303\u53ef\u4ee5\u767b\u5165\u7684\u7f51\u57df\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5584\u7528 FTP \u8f6f\u4ef6\u7684\u8bbe\u5b9a\u6765\u9650\u5236\u4f7f\u7528\u4f60 FTP \u670d\u52a1\u5668\u7684\u4f7f\u7528\u8005\u7684\u4e0d\u540c\u6743\u9650\u554a\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4f7f\u7528 Super daemon \u6765\u8fdb\u9636\u7ba1\u7406\u4f60\u7684 FTP \u670d\u52a1\u5668\uff1b<\/li>\n<p>\t<\/p>\n<li>\u968f\u65f6\u6ce8\u610f\u7528\u6237\u7684\u5bb6\u76ee\u5f55\u3001\u4ee5\u53ca\u533f\u540d\u7528\u6237\u767b\u5165\u7684\u76ee\u5f55\u7684\u300e\u6863\u6848\u6743\u9650\u300f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u82e5\u4e0d\u5bf9\u5916\u516c\u5f00\u7684\u8bdd\uff0c\u6216\u8bb8\u4e5f\u53ef\u4ee5\u4fee\u6539 FTP \u7684 port \u3002<\/li>\n<p>\t<\/p>\n<li>\u4e5f\u53ef\u4ee5\u4f7f\u7528 FTPs \u8fd9\u79cd\u52a0\u5bc6\u7684 FTP \u529f\u80fd\uff01<\/li>\n<p><\/ol>\n<p>\u65e0\u8bba\u5982\u4f55\uff0c\u5728\u7f51\u7edc\u4e0a\u542c\u8fc7\u592a\u591a\u4eba\u90fd\u662f\u7531\u4e8e\u5f00\u653e FTP \u8fd9\u4e2a\u670d\u52a1\u5668\u800c\u5bfc\u81f4\u6574\u4e2a\u4e3b\u673a\u88ab\u5165\u4fb5\u7684\u4e8b\u4ef6\uff0c\u6240\u4ee5\uff0c \u8fd9\u91cc\u771f\u7684\u8981\u7ed9\u4ed6\u4e00\u76f4\u4e0d\u65ad\u7684\u5f3a\u8c03\uff0c\u8981\u6ce8\u610f\u5b89\u5168\u554a\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"theory_who\"><\/a>1.5 \u5f00\u653e\u4ec0\u4e48\u8eab\u4efd\u7684\u4f7f\u7528\u8005\u767b\u5165<\/p>\n<div>\n<p>\u65e2\u7136 FTP \u662f\u4ee5\u660e\u7801\u4f20\u8f93\uff0c\u5e76\u4e14\u67d0\u4e9b\u65e9\u671f\u7684 FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u4e5f\u6709\u4e0d\u5c11\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u90a3\u53c8\u4e3a\u4f55\u9700\u8981\u67b6\u8bbe FTP \u670d\u52a1\u5668\u554a\uff1f \u6ca1\u529e\u6cd5\u554a\uff0c\u603b\u662f\u6709\u4eba\u6709\u9700\u8981\u8fd9\u4e2a\u73a9\u610f\u513f\u7684\uff0c\u8b6c\u5982\u8bf4\u5404\u5927\u4e13\u9662\u6821\u4e0d\u5c31\u6709\u63d0\u4f9b FTP \u7f51\u7ad9\u7684\u670d\u52a1\u5417\uff1f \u8fd9\u6837\u53ef\u4ee5\u8ba9\u6821\u5185\u7684\u540c\u5b66\u5171\u540c\u5206\u4eab\u6821\u5185\u7684\u7f51\u7edc\u8d44\u6e90\u561b\uff01\u4e0d\u8fc7\uff0c\u7531\u4e8e FTP \u767b\u5165\u8005\u7684\u8eab\u4efd\u53ef\u4ee5\u5206\u4e3a\u4e09\u79cd\uff0c \u4f60\u5230\u5e95\u8981\u5f00\u653e\u54ea\u4e00\u79cd\u8eab\u4efd\u767b\u5165\u5462\uff1f\u8fd9\u4e2a\u65f6\u5019\u4f60\u53ef\u4ee5\u8fd9\u6837\u7b80\u5355\u7684\u601d\u8003\u4e00\u4e0b\u5570\uff1a<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5f00\u653e\u5b9e\u4f53\u7528\u6237\u7684\u60c5\u51b5 (Real user)\uff1a<\/li>\n<p><\/ul>\n<p>\u5f88\u591a\u7684 FTP \u670d\u52a1\u5668\u9ed8\u8ba4\u5c31\u5df2\u7ecf\u5141\u8bb8\u5b9e\u4f53\u7528\u6237\u7684\u767b\u5165\u4e86\u3002\u4e0d\u8fc7\uff0c\u9700\u8981\u4e86\u89e3\u7684\u662f\uff0c\u4ee5\u5b9e\u4f53\u7528\u6237\u505a\u4e3a FTP \u767b\u5165\u8005\u8eab\u4efd\u65f6\uff0c \u7cfb\u7edf\u9ed8\u8ba4\u5e76\u6ca1\u6709\u9488\u5bf9\u5b9e\u4f53\u7528\u6237\u6765\u8fdb\u884c\u300e\u9650\u5236\u300f\u7684\uff0c\u6240\u4ee5\u4ed6\u53ef\u4ee5\u9488\u5bf9\u6574\u4e2a\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u4efb\u4f55\u4ed6\u6240\u5177\u6709\u6743\u9650\u7684\u5de5\u4f5c\u3002 \u56e0\u6b64\uff0c\u5982\u679c\u4f60\u7684 FTP \u4f7f\u7528\u8005\u6ca1\u80fd\u597d\u597d\u7684\u4fdd\u62a4\u81ea\u5df1\u7684\u5bc6\u7801\u800c\u5bfc\u81f4\u88ab\u5165\u4fb5\uff0c\u90a3\u4e48\u4f60\u7684\u6574\u4e2a Linux \u7cfb\u7edf\u6570\u636e\u5c06\u5f88\u6709\u53ef\u80fd\u88ab\u7a83\u53d6\u554a\uff01 \u5f00\u653e\u5b9e\u4f53\u7528\u6237\u65f6\u7684\u5efa\u8bae\u5982\u4e0b\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u4f7f\u7528\u66ff\u4ee3\u7684 FTP \u65b9\u6848\u8f83\u4f73\uff1a \u7531\u4e8e\u5b9e\u4f53\u7528\u6237\u672c\u6765\u5c31\u53ef\u4ee5\u900f\u8fc7\u7f51\u7edc\u8fde\u63a5\u5230\u4e3b\u673a\u6765\u8fdb\u884c\u5de5\u4f5c (\u4f8b\u5982 SSH)\uff0c\u56e0\u6b64\u5b9e\u5728\u6ca1\u6709\u9700\u8981\u7279\u522b\u7684\u5f00\u653e FTP \u7684\u670d\u52a1\u554a\uff01\u56e0\u4e3a\u4f8b\u5982 sftp \u672c\u6765\u5c31\u80fd\u8fbe\u5230\u4f20\u8f93\u6863\u6848\u7684\u529f\u80fd\u5570\uff01<\/li>\n<p>\t<\/p>\n<li>\u9650\u5236\u7528\u6237\u80fd\u529b\uff0c\u5982 chroot \u4e0e \/sbin\/nologin \u7b49\uff1a \u5982\u679c\u786e\u5b9a\u8981\u8ba9\u5b9e\u4f53\u7528\u6237\u5229\u7528 FTP \u670d\u52a1\u5668\u7684\u8bdd\uff0c\u90a3\u4e48\u4f60\u53ef\u80fd\u9700\u8981\u8ba9\u67d0\u4e9b\u7cfb\u7edf\u8d26\u53f7\u65e0\u6cd5\u767b\u5165 FTP \u624d\u884c\uff0c\u4f8b\u5982 bin, apache \u7b49\u7b49\u3002 \u6700\u7b80\u5355\u5e38\u7528\u7684\u4f5c\u6cd5\u662f\u900f\u8fc7 PAM \u6a21\u5757\u6765\u5904\u7406\uff0c\u8b6c\u5982 vsftpd \u8fd9\u4e2a\u8f6f\u4ef6\u9ed8\u8ba4\u53ef\u4ee5\u900f\u8fc7 \/etc\/vsftpd\/ftpusers \u8fd9\u4e2a\u6863\u6848\u6765\u8bbe\u5b9a\u4e0d\u60f3\u8ba9\u4ed6\u5177\u6709\u767b\u5165 FTP \u7684\u8d26\u53f7\u3002\u53e6\u5916\uff0c\u5c06\u4f7f\u7528\u8005\u8eab\u4efd chroot \u662f\u76f8\u5f53\u9700\u8981\u7684\uff01<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u8bbf\u5ba2\u8eab\u4efd (Guest)<\/li>\n<p><\/ul>\n<p>\u901a\u5e38\u4f1a\u5efa\u7acb guest \u8eab\u4efd\u7684\u6848\u4f8b\u5f53\u4e2d\uff0c\u591a\u534a\u662f\u7531\u4e8e\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u7c7b\u4f3c\u300e\u4e2a\u4eba Web \u9996\u9875\u300f\u7684\u529f\u80fd\u7ed9\u4e00\u822c\u8eab\u4efd\u7528\u6237\uff0c \u90a3\u4e48\u8fd9\u4e9b\u4f7f\u7528\u8005\u603b\u662f\u9700\u8981\u7ba1\u7406\u81ea\u5df1\u7684\u7f51\u9875\u7a7a\u95f4\u5427\uff1f\u8fd9\u4e2a\u65f6\u5019\u5c06\u4f7f\u7528\u8005\u7684\u8eab\u4efd\u538b\u7f29\u6210\u4e3a guest \uff0c\u5e76\u4e14\u5c06\u4ed6\u7684\u53ef\u7528\u76ee\u5f55\u8bbe\u5b9a\u597d\uff0c\u5373\u53ef\u63d0\u4f9b\u4f7f\u7528\u8005\u4e00\u4e2a\u65b9\u4fbf\u7684\u4f7f\u7528\u73af\u5883\u4e86\uff01\u4e14\u4e0d\u9700\u8981\u63d0\u4f9b\u4ed6 real user \u7684\u6743\u9650\u5594\uff01 \u5e38\u89c1\u7684\u5efa\u8bae\u5982\u4e0b\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u4ec5\u63d0\u4f9b\u9700\u8981\u767b\u5165\u7684\u8d26\u53f7\u5373\u53ef\uff0c\u4e0d\u9700\u8981\u63d0\u4f9b\u7cfb\u7edf\u4e0a\u9762\u6240\u6709\u4eba\u5747\u53ef\u767b\u5165\u7684\u73af\u5883\u554a\uff01<\/li>\n<p>\t<\/p>\n<li>\u5f53\u7136\uff0c\u6211\u4eec\u5728\u670d\u52a1\u5668\u7684\u8bbe\u5b9a\u5f53\u4e2d\uff0c\u9700\u8981\u9488\u5bf9\u4e0d\u540c\u7684\u8bbf\u5ba2\u7ed9\u4ed6\u4eec\u4e0d\u4e00\u6837\u7684\u300e\u5bb6\u76ee\u5f55\u300f\uff0c \u800c\u8fd9\u4e2a\u5bb6\u76ee\u5f55\u4e0e\u7528\u6237\u7684\u6743\u9650\u8bbe\u5b9a\u9700\u8981\u76f8\u7b26\u5408\u5594\uff01\u4f8b\u5982\u8981\u63d0\u4f9b dmtsai \u8fd9\u4e2a\u4eba\u7ba1\u7406\u4ed6\u7684\u7f51\u9875\u7a7a\u95f4\uff0c\u800c\u4ed6\u7684\u7f51\u9875\u7a7a\u95f4\u653e\u7f6e\u5728 \/home\/dmtsai\/www \u5e95\u4e0b\uff0c\u90a3\u6211\u5c31\u5c06 dmtsai \u5728 FTP \u63d0\u4f9b\u7684\u76ee\u5f55\u4ec5\u6709 \/home\/dmtsai\/www \u800c\u5df2\uff0c\u6bd4\u8f83\u5b89\u5168\u5566\uff01\u800c\u4e14\u4e5f\u65b9\u4fbf\u4f7f\u7528\u8005\u554a\uff01<\/li>\n<p>\t<\/p>\n<li>\u9488\u5bf9\u8fd9\u6837\u7684\u8eab\u4efd\u8005\uff0c\u9700\u8981\u8bbe\u5b9a\u8f83\u591a\u7684\u9650\u5236\uff0c\u5305\u62ec\uff1a\u4e0a\u4e0b\u4f20\u6863\u6848\u6570\u76ee\u4e0e\u786c\u76d8\u5bb9\u91cf\u7684\u9650\u5236\u3001 \u8054\u673a\u767b\u5165\u7684\u65f6\u95f4\u9650\u5236\u3001\u8bb8\u53ef\u4f7f\u7528\u7684\u6307\u4ee4\u8981\u51cf\u5c11\u5f88\u591a\u5f88\u591a\uff0c\u4f8b\u5982 chmod \u5c31\u4e0d\u8981\u5141\u8bb8\u4ed6\u4f7f\u7528\u7b49\u7b49\uff01<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u533f\u540d\u767b\u5f55\u4f7f\u7528\u8005 (anonymous)<\/li>\n<p><\/ul>\n<p>\u867d\u7136\u63d0\u4f9b\u533f\u540d\u767b\u5f55\u7ed9\u56e0\u7279\u7f51\u7684\u4f7f\u7528\u8005\u8fdb\u5165\u5b9e\u5728\u4e0d\u662f\u4e2a\u597d\u4e3b\u610f\uff0c\u56e0\u4e3a\u6bcf\u4e2a\u4eba\u90fd\u53ef\u4ee5\u53bb\u4e0b\u8f7d\u4f60\u7684\u6570\u636e\uff0c \u4e07\u4e00\u5e26\u5bbd\u88ab\u5403\u5149\u5149\u600e\u4e48\u529e\uff1f\u4f46\u5982\u540c\u524d\u9762\u8bb2\u8fc7\u7684\uff0c\u5b66\u6821\u5355\u4f4d\u9700\u8981\u5206\u4eab\u5168\u6821\u540c\u5b66\u4e00\u4e9b\u8f6f\u4ef6\u8d44\u6e90\u65f6\uff0c FTP \u670d\u52a1\u5668\u4e5f\u662f\u4e00\u4e2a\u5f88\u4e0d\u9519\u7684\u89e3\u51b3\u65b9\u6848\u554a\uff01\u4f60\u8bf4\u662f\u5427\u3002\u5982\u679c\u8981\u5f00\u653e\u533f\u540d\u7528\u6237\u7684\u8bdd\uff0c\u8981\u6ce8\u610f\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u65e0\u8bba\u5982\u4f55\uff0c\u63d0\u4f9b\u533f\u540d\u767b\u5f55\u90fd\u662f\u4e00\u4ef6\u76f8\u5f53\u5371\u9669\u7684\u4e8b\u60c5\uff0c\u56e0\u4e3a\u53ea\u8981\u4f60\u4e00\u4e0d\u5c0f\u5fc3\uff0c \u5c06\u91cd\u8981\u7684\u8d44\u6599\u653e\u7f6e\u5230\u533f\u540d\u8005\u53ef\u4ee5\u8bfb\u53d6\u7684\u76ee\u5f55\u4e2d\u65f6\uff0c\u90a3\u4e48\u5c31\u5f88\u6709\u53ef\u80fd\u4f1a\u6cc4\u5bc6\uff01\u4e0e\u5176\u6218\u6218\u5162\u5162\uff0c\u4e0d\u5982\u5c31\u4e0d\u8981\u8bbe\u5b9a\u554a\uff5e<\/li>\n<p>\t<\/p>\n<li>\u679c\u771f\u8981\u5f00\u653e\u533f\u540d\u767b\u5f55\u65f6\uff0c\u5f88\u591a\u9650\u5236\u90fd\u8981\u8fdb\u884c\u7684\uff0c\u8fd9\u5305\u62ec\uff1a(1)\u5141\u8bb8\u7684\u5de5\u4f5c\u6307\u4ee4\u8981\u51cf\u4f4e\u5f88\u591a\uff0c \u51e0\u4e4e\u5c31\u4e0d\u8bb8\u533f\u540d\u8005\u4f7f\u7528\u6307\u4ee4\u5566\u3001(2)\u9650\u5236\u6587\u4ef6\u4f20\u8f93\u7684\u6570\u91cf\uff0c\u5c3d\u91cf\u4e0d\u8981\u5141\u8bb8\u300e\u4e0a\u4f20\u300f\u6570\u636e\u7684\u8bbe\u5b9a\u3001 (3)\u9650\u5236\u533f\u540d\u8005\u540c\u65f6\u767b\u5165\u7684\u6700\u5927\u8054\u673a\u6570\u91cf\uff0c\u53ef\u4ee5\u63a7\u5236\u76d7\u8fde\u5594\uff01<\/li>\n<p><\/ul>\n<p>\u4e00\u822c\u6765\u8bf4\uff0c\u5982\u679c\u4f60\u662f\u8981\u653e\u7f6e\u4e00\u4e9b\u516c\u5f00\u7684\u3001\u6ca1\u6709\u7248\u6743\u7ea0\u7eb7\u7684\u6570\u636e\u5728\u7f51\u7edc\u4e0a\u4f9b\u4eba\u4e0b\u8f7d\u7684\u8bdd\uff0c \u90a3\u4e48\u4e00\u4e2a\u4ec5\u63d0\u4f9b\u533f\u540d\u767b\u5f55\u7684 FTP \u670d\u52a1\u5668\uff0c\u5e76\u4e14\u5bf9\u6574\u4e2a\u56e0\u7279\u7f51\u5f00\u653e\u662f OK \u7684\u5566\uff01 \u4e0d\u8fc7\uff0c\u5982\u679c\u4f60\u9884\u8ba1\u8981\u63d0\u4f9b\u7684\u7684\u8f6f\u4ef6\u6216\u6570\u636e\u662f\u5177\u6709\u7248\u6743\u7684\uff0c\u4f46\u662f\u8be5\u7248\u6743\u5141\u8bb8\u4f60\u5728\u8d35\u5355\u4f4d\u5185\u4f20\u8f93\u7684\u60c5\u51b5\u4e0b\uff0c \u90a3\u4e48\u67b6\u8bbe\u4e00\u4e2a\u300e\u4ec5\u9488\u5bf9\u5185\u90e8\u5f00\u653e\u7684\u533f\u540d FTP \u670d\u52a1\u5668 (\u5229\u7528\u9632\u706b\u5899\u5904\u7406) \u300f\u4e5f\u662f OK \u7684\u5566\uff01<\/p>\n<p>\u5982\u679c\u4f60\u8fd8\u60f3\u8981\u8ba9\u4f7f\u7528\u8005\u53cd\u9988\u7684\u8bdd\uff0c\u90a3\u662f\u5426\u8981\u67b6\u8bbe\u4e00\u4e2a\u533f\u540d\u8005\u53ef\u4e0a\u4f20\u7684\u533a\u57df\u5462\uff1f\u9e1f\u54e5\u5bf9\u8fd9\u4ef6\u4e8b\u60c5\u7684\u770b\u6cd5\u662f&#8230;. \u300e\u4e07\u4e07\u4e0d\u53ef\u300f\u554a\uff01\u5982\u679c\u8981\u8ba9\u4f7f\u7528\u8005\u53cd\u9988\u7684\u8bdd\uff0c\u9664\u975e\u8be5\u4f7f\u7528\u8005\u662f\u4f60\u4fe1\u4efb\u7684\uff0c\u5426\u5219\u4e0d\u8981\u5141\u8bb8\u5bf9\u65b9\u4e0a\u4f20\uff01 \u6240\u4ee5\u6b64\u65f6\u4e00\u4e2a\u6587\u4ef6\u7cfb\u7edf\u6743\u9650\u7ba1\u7406\u4e25\u683c\u7684 FTP \u670d\u52a1\u5668\uff0c\u5e76\u63d0\u4f9b\u5b9e\u4f53\u7528\u6237\u7684\u767b\u5165\u5c31\u6709\u70b9\u9700\u6c42\u5566\uff01 \u603b\u4e4b\uff0c\u8981\u4f9d\u7167\u4f60\u7684\u9700\u6c42\u6765\u601d\u8003\u662f\u5426\u6709\u9700\u8981\u5594\uff01<\/p>\n<\/div>\n<p><\/div>\n<hr \/>\n<p><a name=\"server\"><\/a>2 vsftpd \u670d\u52a1\u5668\u57fa\u7840\u8bbe\u5b9a<\/p>\n<div>\n<p>\u7ec8\u4e8e\u8981\u6765\u804a\u4e00\u804a\u8fd9\u4e2a\u7b80\u5355\u7684 vsftpd \u5570\uff01vsftpd \u7684\u5168\u540d\u662f\u300eVery Secure FTP Daemon \u300f\u7684\u610f\u601d\uff0c \u6362\u53e5\u8bdd\u8bf4\uff0cvsftpd \u6700\u521d\u53d1\u5c55\u7684\u7406\u5ff5\u5c31\u662f\u5728\u5efa\u6784\u4e00\u4e2a\u4ee5\u5b89\u5168\u4e3a\u91cd\u7684 FTP \u670d\u52a1\u5668\u5462\uff01\u6211\u4eec\u5148\u6765\u804a\u4e00\u804a\u4e3a\u4ec0\u4e48 vsftpd \u53f7\u79f0\u300e\u975e\u5e38\u5b89\u5168\u300f\u5462\uff1f\u7136\u540e\u518d\u6765\u8c08\u8bbe\u5b9a\u5427\uff01<\/p>\n<hr \/>\n<p><a name=\"server_before\"><\/a>2.1 \u4e3a\u4f55\u4f7f\u7528 vsftpd<\/p>\n<div>\n<p>\u4e3a\u4e86\u5efa\u6784\u4e00\u4e2a\u5b89\u5168\u4e3a\u4e3b\u7684 FTP \u670d\u52a1\u5668\uff0c vsftpd \u9488\u5bf9\u64cd\u4f5c\u7cfb\u7edf\u7684\u300e\u7a0b\u5e8f\u7684\u6743\u9650 (privilege)\u300f\u6982\u5ff5\u6765\u8bbe\u8ba1\uff0c \u5982\u679c\u4f60\u8bfb\u8fc7\u57fa\u7840\u7bc7\u7684<a href=\"http:\/\/linux.vbird.org\/linux_basic\/0440processcontrol.php\">\u5341\u4e03\u7ae0\u7a0b\u5e8f\u4e0e\u8d44\u6e90\u7ba1\u7406<\/a>\u7684\u8bdd\uff0c \u5e94\u8be5\u4f1a\u6653\u5f97\u7cfb\u7edf\u4e0a\u9762\u6240\u6267\u884c\u7684\u7a0b\u5e8f\u90fd\u4f1a\u5f15\u53d1\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u6211\u4eec\u79f0\u4ed6\u4e3a PID (Process ID)\uff0c \u8fd9\u4e2a PID \u5728\u7cfb\u7edf\u4e0a\u9762\u80fd\u8fdb\u884c\u7684\u4efb\u52a1\u4e0e\u4ed6\u62e5\u6709\u7684\u6743\u9650\u6709\u5173\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c PID \u62e5\u6709\u7684\u6743\u9650\u7b49\u7ea7\u8d8a\u9ad8\uff0c \u4ed6\u80fd\u591f\u8fdb\u884c\u7684\u4efb\u52a1\u5c31\u8d8a\u591a\u3002\u4e3e\u4f8b\u6765\u8bf4\uff0c\u4f7f\u7528 root \u8eab\u4efd\u6240\u89e6\u53d1\u7684 PID \u901a\u5e38\u62e5\u6709\u53ef\u4ee5\u8fdb\u884c\u4efb\u4f55\u5de5\u4f5c\u7684\u6743\u9650\u7b49\u7ea7\u3002<\/p>\n<p>\u4e0d\u8fc7\uff0c\u4e07\u4e00\u89e6\u53d1\u8fd9\u4e2a PID \u7684\u7a0b\u5e8f (program) \u6709\u6f0f\u6d1e\u800c\u5bfc\u81f4\u88ab\u7f51\u7edc\u602a\u5ba2 (cracker) \u6240\u653b\u51fb\u800c\u53d6\u5f97\u6b64 PID \u4f7f\u7528\u6743\u65f6\uff0c \u90a3\u4e48\u7f51\u7edc\u602a\u5ba2\u5c06\u4f1a\u53d6\u5f97\u8fd9\u4e2a PID \u62e5\u6709\u7684\u6743\u9650\u5436\uff01\u6240\u4ee5\uff0c\u8fd1\u6765\u53d1\u5c55\u7684\u8f6f\u4ef6\u90fd\u4f1a\u5c3d\u91cf\u7684\u5c06\u670d\u52a1\u53d6\u5f97\u7684 PID \u6743\u9650\u964d\u4f4e\uff0c\u4f7f\u5f97\u8be5\u670d\u52a1\u5373\u4f7f\u4e0d\u5c0f\u5fc3\u88ab\u5165\u4fb5\u4e86\uff0c\u5165\u4fb5\u8005\u4e5f\u65e0\u6cd5\u5f97\u5230\u6709\u6548\u7684\u7cfb\u7edf\u7ba1\u7406\u6743\u9650\uff0c\u8fd9\u6837\u4f1a\u8ba9\u6211\u4eec\u7684\u7cfb\u7edf\u8f83\u4e3a\u5b89\u5168\u7684\u5566\u3002 vsftpd \u5c31\u662f\u57fa\u4e8e\u8fd9\u79cd\u60f3\u6cd5\u800c\u8bbe\u8ba1\u7684\u3002<\/p>\n<p>\u9664\u4e86 PID \u65b9\u9762\u7684\u6743\u9650\u4e4b\u5916\uff0c vsftpd \u4e5f\u652f\u6301 chroot \u8fd9\u4e2a\u51fd\u5f0f\u7684\u529f\u80fd\uff0cchroot \u987e\u540d\u601d\u4e49\u5c31\u662f\u300e change root directory \u300f\u7684\u610f\u601d\uff0c\u90a3\u4e2a root \u6307\u7684\u662f\u300e\u6839\u76ee\u5f55\u300f\u800c\u975e\u7cfb\u7edf\u7ba1\u7406\u5458\u3002 \u4ed6\u53ef\u4ee5\u5c06\u67d0\u4e2a\u7279\u5b9a\u7684\u76ee\u5f55\u53d8\u6210\u6839\u76ee\u5f55\uff0c\u6240\u4ee5\u4e0e\u8be5\u76ee\u5f55\u6ca1\u6709\u5173\u7cfb\u7684\u5176\u4ed6\u76ee\u5f55\u5c31\u4e0d\u4f1a\u88ab\u8bef\u7528\u4e86\u3002<\/p>\n<p>\u4e3e\u4f8b\u6765\u8bf4\uff0c\u5982\u679c\u4f60\u4ee5\u533f\u540d\u8eab\u4efd\u767b\u5165\u6211\u4eec\u7684 ftp \u670d\u52a1\u7684\u8bdd\uff0c\u901a\u5e38\u4f60\u4f1a\u88ab\u9650\u5b9a\u5728 \/var\/ftp \u76ee\u5f55\u4e0b\u5de5\u4f5c\uff0c \u800c\u4f60\u770b\u5230\u7684\u6839\u76ee\u5f55\u5176\u5b9e\u5c31\u53ea\u662f \/var\/ftp \uff0c\u81f3\u4e8e\u7cfb\u7edf\u5176\u4ed6\u5982 \/etc, \/home, \/usr&#8230; \u7b49\u5176\u4ed6\u76ee\u5f55\u4f60\u5c31\u770b\u4e0d\u5230\u4e86\uff01 \u8fd9\u6837\u4e00\u6765\u5373\u4f7f\u8fd9\u4e2a ftp \u670d\u52a1\u88ab\u653b\u7834\u4e86\uff0c\u6ca1\u6709\u5173\u7cfb\uff0c\u5165\u4fb5\u8005\u8fd8\u662f\u4ec5\u80fd\u5728 \/var\/ftp \u91cc\u9762\u8dd1\u6765\u8dd1\u53bb\u800c\u5df2\uff0c\u800c\u65e0\u6cd5\u4f7f\u7528 Linux \u7684\u5b8c\u6574\u529f\u80fd\u3002\u81ea\u7136\u6211\u4eec\u7684\u7cfb\u7edf\u4e5f\u5c31\u4f1a\u6bd4\u8f83\u5b89\u5168\u5566\uff01<\/p>\n<p>vsftpd \u662f\u57fa\u4e8e\u4e0a\u9762\u7684\u8bf4\u660e\u6765\u8bbe\u8ba1\u7684\u4e00\u4e2a\u8f83\u4e3a\u5b89\u5168\u7684 FTP \u670d\u52a1\u5668\u8f6f\u4ef6\uff0c\u4ed6\u5177\u6709\u5e95\u4e0b\u7684\u7279\u70b9\u5594\uff1a<\/p>\n<ul>\t<\/p>\n<li>vsftpd \u8fd9\u4e2a\u670d\u52a1\u7684\u542f\u52a8\u8005\u8eab\u4efd\u4e3a\u4e00\u822c\u7528\u6237\uff0c\u6240\u4ee5\u5bf9\u4e8e Linux \u7cfb\u7edf\u7684\u6743\u9650\u8f83\u4f4e\uff0c\u5bf9\u4e8e Linux \u7cfb\u7edf\u7684\u5371\u5bb3\u5c31\u76f8\u5bf9\u7684\u51cf\u4f4e\u4e86\u3002\u6b64\u5916\uff0c vsftpd \u4ea6\u5229\u7528 chroot() \u8fd9\u4e2a\u51fd\u5f0f\u8fdb\u884c\u6539\u6362\u6839\u76ee\u5f55\u7684\u52a8\u4f5c\uff0c\u4f7f\u5f97\u7cfb\u7edf\u5de5\u5177\u4e0d\u4f1a\u88ab vsftpd \u8fd9\u652f\u670d\u52a1\u6240\u8bef\u7528\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4efb\u4f55\u9700\u8981\u5177\u6709\u8f83\u9ad8\u6267\u884c\u6743\u9650\u7684 vsftpd \u6307\u4ee4\u5747\u4ee5\u4e00\u652f\u7279\u6b8a\u7684\u4e0a\u5c42\u7a0b\u5e8f\u6240\u63a7\u5236\uff0c \u8be5\u4e0a\u5c42\u7a0b\u5e8f\u4eab\u6709\u7684\u8f83\u9ad8\u6267\u884c\u6743\u9650\u529f\u80fd\u5df2\u7ecf\u88ab\u9650\u5236\u7684\u76f8\u5f53\u7684\u4f4e\uff0c\u5e76\u4ee5\u4e0d\u5f71\u54cd Linux \u672c\u8eab\u7684\u7cfb\u7edf\u4e3a\u51c6\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7edd\u5927\u90e8\u5206 ftp \u4f1a\u4f7f\u7528\u5230\u7684\u989d\u5916\u6307\u4ee4\u529f\u80fd (dir, ls, cd &#8230;) \u90fd\u5df2\u7ecf\u88ab\u6574\u5408\u5230 vsftpd \u4e3b\u7a0b\u5e8f\u5f53\u4e2d\u4e86\uff0c\u56e0\u6b64\u7406\u8bba\u4e0a vsftpd \u4e0d\u9700\u8981\u4f7f\u7528\u5230\u989d\u5916\u7684\u7cfb\u7edf\u63d0\u4f9b\u7684\u6307\u4ee4\uff0c\u6240\u4ee5\u5728 chroot \u7684\u60c5\u51b5\u4e0b\uff0cvsftpd \u4e0d\u4f46\u53ef\u4ee5\u987a\u5229\u8fd0\u4f5c\uff0c\u4e14\u4e0d\u9700\u8981\u989d\u5916\u529f\u80fd\u5bf9\u4e8e\u7cfb\u7edf\u6765\u8bf4\u4e5f\u6bd4\u8f83\u5b89\u5168\u3002<\/li>\n<p>\t<\/p>\n<li>\u6240\u6709\u6765\u81ea\u5ba2\u6237\u7aef\u4e14\u60f3\u8981\u4f7f\u7528\u8fd9\u652f\u4e0a\u5c42\u7a0b\u5e8f\u6240\u63d0\u4f9b\u7684\u8f83\u9ad8\u6267\u884c\u6743\u9650\u4e4b vsftpd \u6307\u4ee4\u7684\u9700\u6c42\uff0c \u5747\u88ab\u89c6\u4e3a\u300e\u4e0d\u53ef\u4fe1\u4efb\u7684\u8981\u6c42\u300f\u6765\u5904\u7406\uff0c\u5fc5\u9700\u8981\u7ecf\u8fc7\u76f8\u5f53\u7a0b\u5ea6\u7684\u8eab\u4efd\u786e\u8ba4\u540e\uff0c\u65b9\u53ef\u5229\u7528\u8be5\u4e0a\u5c42\u7a0b\u5e8f\u7684\u529f\u80fd\u3002 \u4f8b\u5982 chown(), Login \u7684\u8981\u6c42\u7b49\u7b49\u52a8\u4f5c\uff1b<\/li>\n<p>\t<\/p>\n<li>\u6b64\u5916\uff0c\u4e0a\u9762\u63d0\u5230\u7684\u4e0a\u5c42\u7a0b\u5e8f\u4e2d\uff0c\u4f9d\u7136\u4f7f\u7528 chroot() \u7684\u529f\u80fd\u6765\u9650\u5236\u7528\u6237\u7684\u6267\u884c\u6743\u9650\u3002<\/li>\n<p><\/ul>\n<p>\u7531\u4e8e\u5177\u6709\u8fd9\u6837\u7684\u7279\u70b9\uff0c\u6240\u4ee5 vsftpd \u4f1a\u53d8\u7684\u6bd4\u8f83\u5b89\u5168\u4e00\u4e9b\u54af\uff01\u5e95\u4e0b\u5c31\u5f00\u59cb\u6765\u8c08\u5982\u4f55\u8bbe\u5b9a\u5427\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"server_pkg\"><\/a>2.2 \u6240\u9700\u8981\u7684\u8f6f\u4ef6\u4ee5\u53ca\u8f6f\u4ef6\u7ed3\u6784<\/p>\n<div>\n<p>vsftpd \u6240\u9700\u8981\u7684\u8f6f\u4ef6\u53ea\u6709\u4e00\u4e2a\uff0c\u90a3\u5c31\u662f vsftpd \u554a\uff01^_^\uff01\u5982\u679c\u4f60\u7684 CentOS \u6ca1\u6709\u5b89\u88c5\uff0c\u8bf7\u5229\u7528 yum install vsftpd \u6765\u5b89\u88c5\u4ed6\u5427\uff01\u8f6f\u4ef6\u5f88\u5c0f\uff0c\u4e0b\u8f7d\u8fde\u540c\u5b89\u88c5\u4e0d\u9700\u8981\u51e0\u79d2\u949f\u5c31\u641e\u5b9a\u4e86\uff01\u800c\u4e8b\u5b9e\u4e0a\u6574\u4e2a\u8f6f\u4ef6\u63d0\u4f9b\u7684\u914d\u7f6e\u6587\u4ef6\u4e5f\u5c11\u7684\u4ee4\u4eba\u9ad8\u5174\uff01\u7b80\u5355\u6613\u7528\u5c31\u662f vsftpd \u7684\u7279\u8272\u554a\uff01\u8fd9\u4e9b\u8bbe\u5b9a\u6570\u636e\u6bd4\u8f83\u91cd\u8981\u7684\u6709\uff1a<\/p>\n<ul>\t<\/p>\n<li>\/etc\/vsftpd\/vsftpd.conf<br \/>\u4e25\u683c\u6765\u8bf4\uff0c\u6574\u4e2a vsftpd \u7684\u914d\u7f6e\u6587\u4ef6\u5c31\u53ea\u6709\u8fd9\u4e2a\u6863\u6848\uff01\u8fd9\u4e2a\u6863\u6848\u7684\u8bbe\u5b9a\u662f\u4ee5 <a href=\"http:\/\/linux.vbird.org\/linux_basic\/0320bash.php#variable\">bash \u7684\u53d8\u91cf\u8bbe\u5b9a<\/a>\u76f8\u540c\u7684\u65b9\u5f0f\u6765\u5904\u7406\u7684\uff0c \u4e5f\u5c31\u662f\u300e\u53c2\u6570=\u8bbe\u5b9a\u503c\u300f\u6765\u8bbe\u5b9a\u7684\uff0c\u6ce8\u610f\uff0c \u7b49\u53f7\u4e24\u8fb9\u4e0d\u80fd\u6709\u7a7a\u767d\u5594\uff01\u81f3\u4e8e\u8be6\u7ec6\u7684 vsftpd.conf \u53ef\u4ee5\u4f7f\u7528 \u300e man 5 vsftpd.conf \u300f\u6765\u8be6\u67e5\u3002<\/li>\n<p>\t<\/p>\n<li>\/etc\/pam.d\/vsftpd<br \/>\u8fd9\u4e2a\u662f vsftpd \u4f7f\u7528 PAM \u6a21\u5757\u65f6\u7684\u76f8\u5173\u914d\u7f6e\u6587\u4ef6\u3002\u4e3b\u8981\u7528\u6765\u4f5c\u4e3a\u8eab\u4efd\u8ba4\u8bc1\u4e4b\u7528\uff0c\u8fd8\u6709\u4e00\u4e9b\u7528\u6237\u8eab\u4efd\u7684\u62b5\u6321\u529f\u80fd\uff0c \u4e5f\u662f\u900f\u8fc7\u8fd9\u4e2a\u6863\u6848\u6765\u8fbe\u6210\u7684\u3002\u4f60\u53ef\u4ee5\u5bdf\u770b\u4e00\u4e0b\u8be5\u6863\u6848\uff1a<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# cat \/etc\/pam.d\/vsftpd<br>#%PAM-1.0<br>session optional pam_keyinit.so    force revoke<br><span style=\"text-decoration: underline;\">auth required pam_listfile.so item=user sense=deny file=\/etc\/vsftpd\/ftpusers onerr=succeed<\/span><br>auth    required pam_shells.so<br>auth    include  password-auth<br>account include  password-auth<br>session required pam_loginuid.so<br>session include  password-auth<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u4e0a\u9762\u90a3\u4e2a file \u540e\u9762\u63a5\u7684\u6863\u6848\u662f\u300e\u9650\u5236\u4f7f\u7528\u8005\u65e0\u6cd5\u4f7f\u7528 vsftpd \u300f\u4e4b\u610f\uff0c \u4e5f\u5c31\u662f\u8bf4\uff0c\u5176\u5b9e\u4f60\u7684\u9650\u5236\u6863\u6848\u4e0d\u89c1\u5f97\u8981\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u503c\uff0c\u4e5f\u53ef\u4ee5\u5728\u8fd9\u4e2a\u6863\u6848\u91cc\u9762\u8fdb\u884c\u4fee\u6539\u5566\uff01 ^_^<\/li>\n<p>\t<\/p>\n<li>\/etc\/vsftpd\/ftpusers<br \/>\u4e0e\u4e0a\u4e00\u4e2a\u6863\u6848\u6709\u5173\u7cfb\uff0c\u4e5f\u5c31\u662f PAM \u6a21\u5757 (\/etc\/pam.d\/vsftpd) \u6240\u6307\u5b9a\u7684\u90a3\u4e2a\u65e0\u6cd5\u767b\u5165\u7684\u7528\u6237\u914d\u7f6e\u6587\u4ef6\u554a\uff01 \u8fd9\u4e2a\u6863\u6848\u7684\u8bbe\u5b9a\u5f88\u7b80\u5355\uff0c\u4f60\u53ea\u8981\u5c06\u300e\u4e0d\u60f3\u8ba9\u4ed6\u767b\u5165 FTP \u7684\u8d26\u53f7\u300f\u5199\u5165\u8fd9\u4e2a\u6863\u6848\u5373\u53ef\u3002\u4e00\u884c\u4e00\u4e2a\u8d26\u53f7\uff0c\u770b\u8d77\u6765\u50cf\u8fd9\u6837\uff1a<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# cat \/etc\/vsftpd\/ftpusers<br># Users that are not allowed to login via ftp<br>root<br>bin<br>daemon<br>....(\u5e95\u4e0b\u7701\u7565)....<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u77a7\u89c1\u6ca1\u6709\uff1f\u7edd\u5927\u90e8\u5206\u7684\u7cfb\u7edf\u8d26\u53f7\u90fd\u5728\u8fd9\u4e2a\u6863\u6848\u5185\u5594\uff0c\u4e5f\u5c31\u662f\u8bf4\uff0c\u7cfb\u7edf\u8d26\u53f7\u9ed8\u8ba4\u662f\u6ca1\u6709\u529e\u6cd5\u4f7f\u7528 vsftpd \u7684\u5566\uff01 \u5982\u679c\u4f60\u8fd8\u60f3\u8981\u8ba9\u67d0\u4e9b\u4f7f\u7528\u8005\u65e0\u6cd5\u767b\u5165\uff0c\u5199\u5728\u8fd9\u91cc\u662f\u6700\u5feb\u7684\uff01<\/li>\n<p>\t<\/p>\n<li>\/etc\/vsftpd\/user_list<br \/>\u8fd9\u4e2a\u6863\u6848\u662f\u5426\u80fd\u591f\u751f\u6548\u4e0e vsftpd.conf \u5185\u7684\u4e24\u4e2a\u53c2\u6570\u6709\u5173\uff0c\u5206\u522b\u662f\u300e userlist_enable, userlist_deny \u300f\u3002 \u5982\u679c\u8bf4 \/etc\/vsftpd\/ftpusers \u662f PAM \u6a21\u5757\u7684\u62b5\u6321\u8bbe\u5b9a\u9879\u76ee\uff0c\u90a3\u4e48\u8fd9\u4e2a \/etc\/vsftpd\/user_list \u5219\u662f vsftpd \u81ea\u5b9a\u4e49\u7684\u62b5\u6321\u9879\u76ee\u3002\u4e8b\u5b9e\u4e0a\u8fd9\u4e2a\u6863\u6848\u4e0e \/etc\/vsftpd\/ftpusers \u51e0\u4e4e\u4e00\u6a21\u4e00\u6837\uff0c \u5728\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b\uff0c\u4f60\u53ef\u4ee5\u5c06\u4e0d\u5e0c\u671b\u53ef\u767b\u5165 vsftpd \u7684\u8d26\u53f7\u5199\u5165\u8fd9\u91cc\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u6863\u6848\u7684\u529f\u80fd\u4f1a\u4f9d\u636e vsftpd.conf \u914d\u7f6e\u6587\u4ef6\u5185\u7684 userlist_deny={YES\/NO} \u800c\u4e0d\u540c\uff0c\u8fd9\u5f97\u8981\u7279\u522b\u7559\u610f\u5594\uff01<\/li>\n<p>\t<\/p>\n<li>\/etc\/vsftpd\/chroot_list<br \/>\u8fd9\u4e2a\u6863\u6848\u9884\u8bbe\u662f\u4e0d\u5b58\u5728\u7684\uff0c\u6240\u4ee5\u4f60\u5fc5\u987b\u8981\u624b\u52a8\u81ea\u884c\u5efa\u7acb\u3002\u8fd9\u4e2a\u6863\u6848\u7684\u4e3b\u8981\u529f\u80fd\u662f\u53ef\u4ee5\u5c06\u67d0\u4e9b\u8d26\u53f7\u7684\u4f7f\u7528\u8005 chroot \u5728\u4ed6\u4eec\u7684\u5bb6\u76ee\u5f55\u4e0b\uff01\u4f46\u8fd9\u4e2a\u6863\u6848\u8981\u751f\u6548\u4e0e vsftpd.conf \u5185\u7684\u300e chroot_list_enable, chroot_list_file \u300f\u4e24\u4e2a\u53c2\u6570\u6709\u5173\u3002 \u5982\u679c\u4f60\u60f3\u8981\u5c06\u67d0\u4e9b\u5b9e\u4f53\u7528\u6237\u9650\u5236\u5728\u4ed6\u4eec\u7684\u5bb6\u76ee\u5f55\u4e0b\u800c\u4e0d\u8bb8\u5230\u5176\u4ed6\u76ee\u5f55\u53bb\uff0c\u53ef\u4ee5\u542f\u52a8\u8fd9\u4e2a\u8bbe\u5b9a\u9879\u76ee\u5594\uff01<\/li>\n<p>\t<\/p>\n<li>\/usr\/sbin\/vsftpd<br \/>\u8fd9\u5c31\u662f vsftpd \u7684\u4e3b\u8981\u6267\u884c\u6863\u54af\uff01\u4e0d\u8981\u6000\u7591\uff0c vsftpd \u53ea\u6709\u8fd9\u4e00\u4e2a\u6267\u884c\u6863\u800c\u5df2\u554a\uff01<\/li>\n<p>\t<\/p>\n<li>\/var\/ftp\/<br \/>\u8fd9\u4e2a\u662f vsftpd \u7684\u9884\u8bbe\u533f\u540d\u8005\u767b\u5165\u7684\u6839\u76ee\u5f55\u5594\uff01\u5176\u5b9e\u4e0e ftp \u8fd9\u4e2a\u8d26\u53f7\u7684\u5bb6\u76ee\u5f55\u6709\u5173\u5566\uff01<\/li>\n<p><\/ul>\n<p>\u5927\u81f4\u4e0a\u5c31\u53ea\u6709\u8fd9\u51e0\u4e2a\u6863\u6848\u9700\u8981\u6ce8\u610f\u800c\u5df2\uff0c\u800c\u4e14\u6bcf\u4e2a\u6863\u6848\u7684\u8bbe\u5b9a\u53c8\u90fd\u5f88\u7b80\u5355\uff01\u771f\u662f\u4e0d\u9519\u554a\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"server_vsftpd.conf\"><\/a>2.3 vsftpd.conf \u8bbe\u5b9a\u503c\u8bf4\u660e<\/p>\n<div>\n<p>\u4e8b\u5b9e\u4e0a\uff0c\/etc\/vsftpd\/vsftpd.conf \u672c\u8eab\u5c31\u662f\u4e00\u4e2a\u633a\u8be6\u7ec6\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u4e14\u4f7f\u7528\u300e man 5 vsftpd.conf \u300f\u5219\u53ef\u4ee5\u5f97\u5230\u5b8c\u6574\u7684\u53c2\u6570\u8bf4\u660e\u3002 \u4e0d\u8fc7\u6211\u4eec\u8fd9\u91cc\u4f9d\u65e7\u5148\u5c06 vsftpd.conf \u5185\u7684\u5e38\u7528\u53c2\u6570\u7ed9\u4ed6\u5199\u51fa\u6765\uff0c\u5e0c\u671b\u5bf9\u4f60\u6709\u5e2e\u52a9\uff1a<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u4e0e\u670d\u52a1\u5668\u73af\u5883\u8f83\u76f8\u5173\u7684\u8bbe\u5b9a\u503c<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>connect_from_port_20=YES (NO)<br \/>\u8bb0\u5f97\u5728\u524d\u4e00\u5c0f\u8282\u63d0\u5230\u7684\u4e3b\u52a8\u5f0f\u8054\u673a\u4f7f\u7528\u7684 FTP \u670d\u52a1\u5668\u7684 port \u5417\uff1f\u8fd9\u5c31\u662f ftp-data \u7684\u57e0\u53f7\uff1b<\/li>\n<p>\t<\/p>\n<li>listen_port=21<br \/>vsftpd \u4f7f\u7528\u7684\u547d\u4ee4\u901a\u9053 port\uff0c\u5982\u679c\u4f60\u60f3\u8981\u4f7f\u7528\u975e\u6b63\u89c4\u7684\u57e0\u53f7\uff0c\u5728\u8fd9\u4e2a\u8bbe\u5b9a\u9879\u76ee\u4fee\u6539\u5427\uff01 \u4e0d\u8fc7\u4f60\u5fc5\u987b\u8981\u77e5\u9053\uff0c\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u4ec5\u9002\u5408\u4ee5 stand alone \u7684\u65b9\u5f0f\u6765\u542f\u52a8\u5594\uff01(\u5bf9\u4e8e super daemon \u65e0\u6548)<\/li>\n<p>\t<\/p>\n<li>dirmessage_enable=YES (NO)<br \/>\u5f53\u7528\u6237\u8fdb\u5165\u67d0\u4e2a\u76ee\u5f55\u65f6\uff0c\u4f1a\u663e\u793a\u8be5\u76ee\u5f55\u9700\u8981\u6ce8\u610f\u7684\u5185\u5bb9\uff0c\u663e\u793a\u7684\u6863\u6848\u9ed8\u8ba4\u662f .message \uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528\u5e95\u4e0b\u7684\u8bbe\u5b9a\u9879\u76ee\u6765\u4fee\u8ba2\uff01<\/li>\n<p>\t<\/p>\n<li>message_file=.message<br \/>\u5f53 dirmessage_enable=YES \u65f6\uff0c\u53ef\u4ee5\u8bbe\u5b9a\u8fd9\u4e2a\u9879\u76ee\u6765\u8ba9 vsftpd \u5bfb\u627e\u8be5\u6863\u6848\u6765\u663e\u793a\u8baf\u606f\uff01<\/li>\n<p>\t<\/p>\n<li>listen=YES (NO)<br \/>\u82e5\u8bbe\u5b9a\u4e3a YES \u8868\u793a vsftpd \u662f\u4ee5 standalone \u7684\u65b9\u5f0f\u6765\u542f\u52a8\u7684\uff01\u9884\u8bbe\u662f NO \u5466\uff01\u6240\u4ee5\u6211\u4eec\u7684 CentOS \u5c06\u5b83\u6539\u4e3a YES \u54e9\uff01\u8fd9\u6837\u624d\u80fd\u4f7f\u7528 stand alone \u7684\u65b9\u5f0f\u6765\u5524\u9192\u3002<\/li>\n<p>\t<\/p>\n<li>pasv_enable=YES (NO)<br \/>\u652f\u6301\u6570\u636e\u6d41\u7684\u88ab\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f(passive mode)\uff0c\u4e00\u5b9a\u8981\u8bbe\u5b9a\u4e3a YES \u7684\u5566\uff01<\/li>\n<p>\t<\/p>\n<li>use_localtime=YES (NO)<br \/>\u662f\u5426\u4f7f\u7528\u672c\u5730\u65f6\u95f4\uff1fvsftpd \u9884\u8bbe\u4f7f\u7528 GMT \u65f6\u95f4(\u683c\u6797\u5a01\u6cbb)\uff0c\u6240\u4ee5\u9884\u8bbe\u7684 FTP \u5185\u7684\u6863\u6848\u65e5\u671f\u4f1a\u6bd4\u53f0\u6e7e\u665a 8 \u5c0f\u65f6\uff0c\u5efa\u8bae\u4fee\u6539\u8bbe\u5b9a\u4e3a YES \u5427\uff01<\/li>\n<p>\t<\/p>\n<li>write_enable=YES (NO)<br \/>\u5982\u679c\u4f60\u5141\u8bb8\u7528\u6237\u4e0a\u4f20\u6570\u636e\u65f6\uff0c\u5c31\u8981\u542f\u52a8\u8fd9\u4e2a\u8bbe\u5b9a\u503c\uff1b<\/li>\n<p>\t<\/p>\n<li>connect_timeout=60<br \/>\u5355\u4f4d\u662f\u79d2\uff0c\u5728\u6570\u636e\u8fde\u63a5\u7684\u4e3b\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f\u4e0b\uff0c\u6211\u4eec\u53d1\u51fa\u7684\u8fde\u63a5\u8baf\u53f7\u5728 60 \u79d2\u5185\u5f97\u4e0d\u5230\u5ba2\u6237\u7aef\u7684\u54cd\u5e94\uff0c\u5219\u4e0d\u7b49\u5f85\u5e76\u5f3a\u5236\u65ad\u7ebf\u54af\u3002<\/li>\n<p>\t<\/p>\n<li>accept_timeout=60<br \/>\u5f53\u7528\u6237\u4ee5\u88ab\u52a8\u5f0f PASV \u6765\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u65f6\uff0c\u5982\u679c\u670d\u52a1\u5668\u542f\u7528 passive port \u5e76\u7b49\u5f85 client \u8d85\u8fc7 60 \u79d2\u800c\u65e0\u56de\u5e94\uff0c \u90a3\u4e48\u5c31\u7ed9\u4ed6\u5f3a\u5236\u65ad\u7ebf\uff01\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u4e0e connect_timeout \u7c7b\u4f3c\uff0c\u4e0d\u8fc7\u4e00\u4e2a\u662f\u7ba1\u7406\u4e3b\u52a8\u8054\u673a\uff0c\u4e00\u4e2a\u7ba1\u7406\u88ab\u52a8\u8054\u673a\u3002<\/li>\n<p>\t<\/p>\n<li>data_connection_timeout=300<br \/>\u5982\u679c\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u7684\u6570\u636e\u8054\u673a\u5df2\u7ecf\u6210\u529f\u5efa\u7acb (\u4e0d\u8bba\u4e3b\u52a8\u8fd8\u662f\u88ab\u52a8\u8054\u673a)\uff0c\u4f46\u662f\u53ef\u80fd\u7531\u4e8e\u7ebf\u8def\u95ee\u9898\u5bfc\u81f4 300 \u79d2\u5185\u8fd8\u662f\u65e0\u6cd5\u987a\u5229\u7684\u5b8c\u6210\u6570\u636e\u7684\u4f20\u9001\uff0c\u90a3\u5ba2\u6237\u7aef\u7684\u8054\u673a\u5c31\u4f1a\u88ab\u6211\u4eec\u7684 vsftpd \u5f3a\u5236\u5254\u9664\uff01<\/li>\n<p>\t<\/p>\n<li>idle_session_timeout=300<br \/>\u5982\u679c\u4f7f\u7528\u8005\u5728 300 \u79d2\u5185\u90fd\u6ca1\u6709\u547d\u4ee4\u52a8\u4f5c\uff0c\u5f3a\u5236\u8131\u673a\uff01\u907f\u514d\u5360\u7740\u8305\u5751\u4e0d\u62c9\u5c4e\uff5e<\/li>\n<p>\t<\/p>\n<li>max_clients=0<br \/>\u5982\u679c vsftpd \u662f\u4ee5 stand alone \u65b9\u5f0f\u542f\u52a8\u7684\uff0c\u90a3\u4e48\u8fd9\u4e2a\u8bbe\u5b9a\u9879\u76ee\u53ef\u4ee5\u8bbe\u5b9a\u540c\u4e00\u65f6\u95f4\uff0c\u6700\u591a\u6709\u591a\u5c11 client \u53ef\u4ee5\u540c\u65f6\u8fde\u4e0a vsftpd \u54e9\uff01\u9650\u5236\u4f7f\u7528 FTP \u7684\u7528\u91cf\uff01<\/li>\n<p>\t<\/p>\n<li>max_per_ip=0<br \/>\u4e0e\u4e0a\u9762 max_clients \u7c7b\u4f3c\uff0c\u8fd9\u91cc\u662f\u540c\u4e00\u4e2a IP \u540c\u4e00\u65f6\u95f4\u53ef\u5141\u8bb8\u591a\u5c11\u8054\u673a\uff1f<\/li>\n<p>\t<\/p>\n<li>pasv_min_port=0, pasv_max_port=0<br \/>\u4e0a\u9762\u4e24\u4e2a\u662f\u4e0e passive mode \u4f7f\u7528\u7684 port number \u6709\u5173\uff0c\u5982\u679c\u4f60\u60f3\u8981\u4f7f\u7528 65400 \u5230 65410 \u8fd9 11 \u4e2a port \u6765\u8fdb\u884c\u88ab\u52a8\u5f0f\u8054\u673a\u6a21\u5f0f\u7684\u8fde\u63a5\uff0c\u53ef\u4ee5\u8fd9\u6837\u8bbe\u5b9a pasv_max_port=65410 \u4ee5\u53ca pasv_min_port=65400\u3002 \u5982\u679c\u662f 0 \u7684\u8bdd\uff0c\u8868\u793a\u968f\u673a\u53d6\u7528\u800c\u4e0d\u9650\u5236\u3002<\/li>\n<p>\t<\/p>\n<li>ftpd_banner=\u4e00\u4e9b\u6587\u5b57\u8bf4\u660e<br \/>\u5f53\u4f7f\u7528\u8005\u8054\u673a\u8fdb\u5165\u5230 vsftpd \u65f6\uff0c\u5728 FTP \u5ba2\u6237\u7aef\u8f6f\u4ef6\u4e0a\u5934\u4f1a\u663e\u793a\u7684\u8bf4\u660e\u6587\u5b57\u3002\u4e0d\u8fc7\uff0c\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u6570\u636e\u6bd4\u8f83\u5c11\u5566\uff01 \u5efa\u8bae\u4f60\u53ef\u4ee5\u4f7f\u7528\u5e95\u4e0b\u7684 banner_file \u8bbe\u5b9a\u503c\u6765\u53d6\u4ee3\u8fd9\u4e2a\u9879\u76ee\uff1b<\/li>\n<p>\t<\/p>\n<li>banner_file=\/path\/file<br \/>\u8fd9\u4e2a\u9879\u76ee\u53ef\u4ee5\u6307\u5b9a\u67d0\u4e2a\u7eaf\u6587\u672c\u6863\u4f5c\u4e3a\u4f7f\u7528\u8005\u767b\u5165 vsftpd \u670d\u52a1\u5668\u65f6\u6240\u663e\u793a\u7684\u6b22\u8fce\u5b57\u773c\u3002\u540c\u65f6\uff0c\u4e5f\u80fd\u591f\u653e\u7f6e\u4e00\u4e9b\u8ba9\u4f7f\u7528\u8005\u77e5\u9053\u672c FTP \u670d\u52a1\u5668\u7684\u76ee\u5f55\u67b6\u6784\uff01<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u4e0e\u5b9e\u4f53\u7528\u6237\u8f83\u76f8\u5173\u7684\u8bbe\u5b9a\u503c<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>guest_enable=YES (NO)<br \/>\u82e5\u8fd9\u4e2a\u503c\u8bbe\u5b9a\u4e3a YES \u65f6\uff0c\u90a3\u4e48\u4efb\u4f55\u5b9e\u4f53\u8d26\u53f7\uff0c\u5747\u4f1a\u88ab\u5047\u8bbe\u6210\u4e3a guest \u5594 (\u6240\u4ee5\u9884\u8bbe\u662f\u4e0d\u5f00\u653e\u7684)\uff01 \u81f3\u4e8e\u8bbf\u5ba2\u5728 vsftpd \u5f53\u4e2d\uff0c\u9884\u8bbe\u4f1a\u53d6\u5f97 ftp \u8fd9\u4e2a\u4f7f\u7528\u8005\u7684\u76f8\u5173\u6743\u9650\u3002\u4f46\u53ef\u4ee5\u900f\u8fc7 guest_username \u6765\u4fee\u6539\u3002<\/li>\n<p>\t<\/p>\n<li>guest_username=ftp<br \/>\u5728 guest_enable=YES \u65f6\u624d\u4f1a\u751f\u6548\uff0c\u6307\u5b9a\u8bbf\u5ba2\u7684\u8eab\u4efd\u800c\u5df2\u3002<\/li>\n<p>\t<\/p>\n<li>local_enable=YES (NO)<br \/>\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u5fc5\u987b\u8981\u4e3a YES \u65f6\uff0c\u5728 \/etc\/passwd \u5185\u7684\u8d26\u53f7\u624d\u80fd\u4ee5\u5b9e\u4f53\u7528\u6237\u7684\u65b9\u5f0f\u767b\u5165\u6211\u4eec\u7684 vsftpd \u670d\u52a1\u5668\u5594\uff01<\/li>\n<p>\t<\/p>\n<li>local_max_rate=0<br \/>\u5b9e\u4f53\u7528\u6237\u7684\u4f20\u8f93\u901f\u5ea6\u9650\u5236\uff0c\u5355\u4f4d\u4e3a bytes\/second\uff0c 0 \u4e3a\u4e0d\u9650\u5236\u3002<\/li>\n<p>\t<\/p>\n<li>chroot_local_user=YES (NO)<br \/>\u5728\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b\uff0c\u662f\u5426\u8981\u5c06\u4f7f\u7528\u8005\u9650\u5236\u5728\u81ea\u5df1\u7684\u5bb6\u76ee\u5f55\u4e4b\u5185(chroot)\uff1f\u5982\u679c\u662f YES \u4ee3\u8868\u7528\u6237\u9ed8\u8ba4\u5c31\u4f1a\u88ab chroot\uff0c\u5982\u679c\u662f NO\uff0c \u5219\u9884\u8bbe\u662f\u6ca1\u6709 chroot\u3002\u4e0d\u8fc7\uff0c\u5b9e\u9645\u8fd8\u662f\u9700\u8981\u5e95\u4e0b\u7684\u4e24\u4e2a\u53c2\u6570\u4e92\u76f8\u53c2\u8003\u624d\u884c\u3002\u4e3a\u4e86\u5b89\u5168\u6027\uff0c\u8fd9\u91cc\u5e94\u8be5\u8981\u8bbe\u5b9a\u6210 YES \u624d\u597d\u3002<\/li>\n<p>\t<\/p>\n<li>chroot_list_enable=YES (NO)<br \/>\u662f\u5426\u542f\u7528 chroot \u5199\u5165\u5217\u8868\u7684\u529f\u80fd\uff1f\u4e0e\u5e95\u4e0b\u7684 chroot_list_flie \u6709\u5173\uff01\u8fd9\u4e2a\u9879\u76ee\u5f97\u8981\u5f00\u542f\uff0c\u5426\u5219\u5e95\u4e0b\u7684\u5217\u8868\u6863\u6848\u4f1a\u65e0\u6548\u3002<\/li>\n<p>\t<\/p>\n<li>chroot_list_file=\/etc\/vsftpd.chroot_list<br \/>\u5982\u679c chroot_list_enable=YES \u90a3\u4e48\u5c31\u53ef\u4ee5\u8bbe\u5b9a\u8fd9\u4e2a\u9879\u76ee\u4e86\uff01\u8fd9\u4e2a\u9879\u76ee\u4e0e chroot_local_user \u6709\u5173\uff0c\u8be6\u7ec6\u7684\u8bbe\u5b9a\u72b6\u6001\u8bf7\u53c2\u8003 <a href=\"#server_real_chroot2\">2.6 chroot<\/a> \u7684\u8bf4\u660e\u3002<\/li>\n<p>\t<\/p>\n<li>userlist_enable=YES (NO)<br \/>\u662f\u5426\u85c9\u52a9 vsftpd \u7684\u62b5\u6321\u673a\u5236\u6765\u5904\u7406\u67d0\u4e9b\u4e0d\u53d7\u6b22\u8fce\u7684\u8d26\u53f7\uff0c\u4e0e\u5e95\u4e0b\u7684\u53c2\u6570\u8bbe\u5b9a\u6709\u5173\uff1b<\/li>\n<p>\t<\/p>\n<li>userlist_deny=YES (NO)<br \/>\u5f53 userlist_enable=YES \u65f6\u624d\u4f1a\u751f\u6548\u7684\u8bbe\u5b9a\uff0c\u82e5\u6b64\u8bbe\u5b9a\u503c\u4e3a YES \u65f6\uff0c\u5219\u5f53\u4f7f\u7528\u8005\u8d26\u53f7\u88ab\u5217\u5165\u5230\u67d0\u4e2a\u6863\u6848\u65f6\uff0c \u5728\u8be5\u6863\u6848\u5185\u7684\u4f7f\u7528\u8005\u5c06\u65e0\u6cd5\u767b\u5165 vsftpd \u670d\u52a1\u5668\uff01\u8be5\u6863\u6848\u6587\u4ef6\u540d\u4e0e\u4e0b\u5217\u8bbe\u5b9a\u9879\u76ee\u6709\u5173\u3002<\/li>\n<p>\t<\/p>\n<li>userlist_file=\/etc\/vsftpd\/user_list<br \/>\u82e5\u4e0a\u9762 userlist_deny=YES \u65f6\uff0c\u5219\u8fd9\u4e2a\u6863\u6848\u5c31\u6709\u7528\u5904\u4e86\uff01\u5728\u8fd9\u4e2a\u6863\u6848\u5185\u7684\u8d26\u53f7\u90fd\u65e0\u6cd5\u4f7f\u7528 vsftpd \u5594\uff01<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u533f\u540d\u8005\u767b\u5165\u7684\u8bbe\u5b9a\u503c<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>anonymous_enable=YES (NO)<br \/>\u8bbe\u5b9a\u4e3a\u5141\u8bb8 anonymous \u767b\u5165\u6211\u4eec\u7684 vsftpd \u4e3b\u673a\uff01\u9884\u8bbe\u662f YES \uff0c\u5e95\u4e0b\u7684\u6240\u6709\u76f8\u5173\u8bbe\u5b9a\u90fd\u9700\u8981\u5c06\u8fd9\u4e2a\u8bbe\u5b9a\u4e3a anonymous_enable=YES \u4e4b\u540e\u624d\u4f1a\u751f\u6548\uff01<\/li>\n<p>\t<\/p>\n<li>anon_world_readable_only=YES (NO)<br \/>\u4ec5\u5141\u8bb8 anonymous \u5177\u6709\u4e0b\u8f7d\u53ef\u8bfb\u6863\u6848\u7684\u6743\u9650\uff0c\u9884\u8bbe\u662f YES\u3002<\/li>\n<p>\t<\/p>\n<li>anon_other_write_enable=YES (NO)<br \/>\u662f\u5426\u5141\u8bb8 anonymous \u5177\u6709\u9664\u4e86\u5199\u5165\u4e4b\u5916\u7684\u6743\u9650\uff1f\u5305\u62ec\u5220\u9664\u4e0e\u6539\u5199\u670d\u52a1\u5668\u4e0a\u7684\u6863\u6848\u53ca\u6863\u540d\u7b49\u6743\u9650\u3002\u9884\u8bbe\u5f53\u7136\u662f NO\uff01\u5982\u679c\u8981\u8bbe\u5b9a\u4e3a YES\uff0c\u90a3\u4e48\u5f00\u653e\u7ed9 anonymous \u5199\u5165\u7684\u76ee\u5f55\u4ea6\u9700\u8981\u8c03\u6574\u6743\u9650\uff0c\u8ba9 vsftpd \u7684 PID \u62e5\u6709\u8005\u53ef\u4ee5\u5199\u5165\u624d\u884c\uff01<\/li>\n<p>\t<\/p>\n<li>anon_mkdir_write_enable=YES (NO)<br \/>\u662f\u5426\u8ba9 anonymous \u5177\u6709\u5efa\u7acb\u76ee\u5f55\u7684\u6743\u9650\uff1f\u9ed8\u8ba4\u503c\u662f NO\uff01\u5982\u679c\u8981\u8bbe\u5b9a\u4e3a YES\uff0c \u90a3\u4e48 anony_other_write_enable \u5fc5\u987b\u8bbe\u5b9a\u4e3a YES \uff01<\/li>\n<p>\t<\/p>\n<li>anon_upload_enable=YES (NO)<br \/>\u662f\u5426\u8ba9 anonymous \u5177\u6709\u4e0a\u4f20\u6570\u636e\u7684\u529f\u80fd\uff0c\u9ed8\u8ba4\u662f NO\uff0c\u5982\u679c\u8981\u8bbe\u5b9a\u4e3a YES \uff0c\u5219 anon_other_write_enable=YES \u5fc5\u987b\u8bbe\u5b9a\u3002<\/li>\n<p>\t<\/p>\n<li>deny_email_enable=YES (NO)<br \/>\u5c06\u67d0\u4e9b\u7279\u6b8a\u7684 email address \u62b5\u6321\u4f4f\uff0c\u4e0d\u8ba9\u90a3\u4e9b anonymous \u767b\u5165\uff01\u5982\u679c\u4ee5 anonymous \u767b\u5165\u670d\u52a1\u5668\u65f6\uff0c\u4e0d\u662f\u4f1a\u8981\u6c42\u8f93\u5165\u5bc6\u7801\u5417\uff1f\u5bc6\u7801\u4e0d\u662f\u8981\u4f60\u8f93\u5165\u4f60\u7684 email address \u5417\uff1f\u5982\u679c\u4f60\u5f88\u8ba8\u538c\u67d0\u4e9b email address\uff0c \u5c31\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u8bbe\u5b9a\u6765\u5c06\u4ed6\u53d6\u6d88\u767b\u5165\u7684\u6743\u9650\uff01\u9700\u4e0e\u4e0b\u4e2a\u8bbe\u5b9a\u9879\u76ee\u914d\u5408\uff1a<\/li>\n<p>\t<\/p>\n<li>banned_email_file=\/etc\/vsftpd\/banned_emails<br \/>\u5982\u679c deny_email_enable=YES \u65f6\uff0c\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u8bbe\u5b9a\u9879\u76ee\u6765\u89c4\u5b9a\u54ea\u4e2a email address \u4e0d\u53ef\u767b\u5165\u6211\u4eec\u7684 vsftpd \u5594\uff01\u5728\u4e0a\u9762\u8bbe\u5b9a\u7684\u6863\u6848\u5185\uff0c\u4e00\u884c\u8f93\u5165\u4e00\u4e2a email address \u5373\u53ef\uff01<\/li>\n<p>\t<\/p>\n<li>no_anon_password=YES (NO)<br \/>\u5f53\u8bbe\u5b9a\u4e3a YES \u65f6\uff0c\u8868\u793a anonymous \u5c06\u4f1a\u7565\u8fc7\u5bc6\u7801\u68c0\u9a8c\u6b65\u9aa4\uff0c\u800c\u76f4\u63a5\u8fdb\u5165 vsftpd \u670d\u52a1\u5668\u5185\u5594\uff01\u6240\u4ee5\u4e00\u822c\u9884\u8bbe\u90fd\u662f NO \u7684\uff01(\u767b\u5165\u65f6\u4f1a\u68c0\u67e5\u8f93\u5165\u7684 emai)<\/li>\n<p>\t<\/p>\n<li>anon_max_rate=0<br \/>\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u540e\u9762\u63a5\u7684\u6570\u503c\u5355\u4f4d\u4e3a bytes\/\u79d2 \uff0c\u9650\u5236 anonymous \u7684\u4f20\u8f93\u901f\u5ea6\uff0c\u5982\u679c\u662f 0 \u5219\u4e0d\u9650\u5236(\u7531\u6700\u5927\u5e26\u5bbd\u6240\u9650\u5236)\uff0c\u5982\u679c\u4f60\u60f3\u8ba9 anonymous \u4ec5\u6709 30 KB\/s \u7684\u901f\u5ea6\uff0c\u53ef\u4ee5\u8bbe\u5b9a\u300eanon_max_rate=30000\u300f<\/li>\n<p>\t<\/p>\n<li>anon_umask=077<br \/>\u9650\u5236 anonymous \u4e0a\u4f20\u6863\u6848\u7684\u6743\u9650\uff01\u5982\u679c\u662f 077 \u5219 anonymous \u4f20\u9001\u8fc7\u6765\u7684\u6863\u6848\u6743\u9650\u4f1a\u662f -rw&#8212;&#8212;- \u5594\uff01<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5173\u4e8e\u7cfb\u7edf\u5b89\u5168\u65b9\u9762\u7684\u4e00\u4e9b\u8bbe\u5b9a\u503c<\/li>\n<p><\/ul>\n<p><\/p>\n<ul>\t<\/p>\n<li>ascii_download_enable=YES (NO)<br \/>\u5982\u679c\u8bbe\u5b9a\u4e3a YES \uff0c\u90a3\u4e48 client \u5c31\u4f18\u5148 (\u9884\u8bbe) \u4f7f\u7528 ASCII \u683c\u5f0f\u4e0b\u8f7d\u6587\u4ef6\u3002<\/li>\n<p>\t<\/p>\n<li>ascii_upload_enable=YES (NO)<br \/>\u4e0e\u4e0a\u4e00\u4e2a\u8bbe\u5b9a\u7c7b\u4f3c\u7684\uff0c\u53ea\u662f\u8fd9\u4e2a\u8bbe\u5b9a\u9488\u5bf9\u4e0a\u4f20\u800c\u8a00\uff01\u9884\u8bbe\u662f NO<\/li>\n<p>\t<\/p>\n<li>one_process_model=YES (NO)<br \/>\u8fd9\u4e2a\u8bbe\u5b9a\u9879\u76ee\u6bd4\u8f83\u5371\u9669\u4e00\u70b9\uff5e\u5f53\u8bbe\u5b9a\u4e3a YES \u65f6\uff0c\u8868\u793a\u6bcf\u4e2a\u5efa\u7acb\u7684\u8054\u673a\u90fd\u4f1a\u62e5\u6709\u4e00\u652f process \u5728\u8d1f\u8d23\uff0c\u53ef\u4ee5\u589e\u52a0 vsftpd \u7684\u6548\u80fd\u3002\u4e0d\u8fc7\uff0c \u9664\u975e\u4f60\u7684\u7cfb\u7edf\u6bd4\u8f83\u5b89\u5168\uff0c\u800c\u4e14\u786c\u4ef6\u914d\u5907\u6bd4\u8f83\u9ad8\uff0c\u5426\u5219\u5bb9\u6613\u8017\u5c3d\u7cfb\u7edf\u8d44\u6e90\u5594\uff01\u4e00\u822c\u5efa\u8bae\u8bbe\u5b9a\u4e3a NO \u7684\u5566\uff01<\/li>\n<p>\t<\/p>\n<li>tcp_wrappers=YES (NO)<br \/>\u5f53\u7136\u6211\u4eec\u90fd\u4e60\u60ef\u652f\u6301 <a href=\"http:\/\/linux.vbird.org\/linux_server\/0250simple_firewall.php#tcp_wrappers\">TCP Wrappers<\/a> \u7684\u5566\uff01\u6240\u4ee5\u8bbe\u5b9a\u4e3a YES \u5427\uff01<\/li>\n<p>\t<\/p>\n<li>xferlog_enable=YES (NO)<br \/>\u5f53\u8bbe\u5b9a\u4e3a YES \u65f6\uff0c\u4f7f\u7528\u8005\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\u6587\u4ef6\u90fd\u4f1a\u88ab\u7eaa\u5f55\u8d77\u6765\u3002\u8bb0\u5f55\u7684\u6863\u6848\u4e0e\u4e0b\u4e00\u4e2a\u8bbe\u5b9a\u9879\u76ee\u6709\u5173\uff1a<\/li>\n<p>\t<\/p>\n<li>xferlog_file=\/var\/log\/xferlog<br \/>\u5982\u679c\u4e0a\u4e00\u4e2a xferlog_enable=YES \u7684\u8bdd\uff0c\u8fd9\u91cc\u5c31\u53ef\u4ee5\u8bbe\u5b9a\u4e86\uff01\u8fd9\u4e2a\u662f\u767b\u5f55\u6863\u7684\u6863\u540d\u5566\uff01<\/li>\n<p>\t<\/p>\n<li>xferlog_std_format=YES (NO)<br \/>\u662f\u5426\u8bbe\u5b9a\u4e3a wu ftp \u76f8\u540c\u7684\u767b\u5f55\u6863\u683c\u5f0f\uff1f\u9884\u8bbe\u4e3a NO \uff0c\u56e0\u4e3a\u767b\u5f55\u6863\u4f1a\u6bd4\u8f83\u5bb9\u6613\u8bfb\uff01 \u4e0d\u8fc7\uff0c\u5982\u679c\u4f60\u6709\u4f7f\u7528 wu ftp \u767b\u5f55\u6587\u4ef6\u7684\u5206\u6790\u8f6f\u4ef6\uff0c\u8fd9\u91cc\u624d\u9700\u8981\u8bbe\u5b9a\u4e3a YES<\/li>\n<p>\t<\/p>\n<li>dual_log_enable=YES, vsftpd_log_file=\/var\/log\/vsftpd.log<br \/>\u9664\u4e86 \/var\/log\/xferlog \u7684 wu-ftp \u683c\u5f0f\u767b\u5f55\u6863\u4e4b\u5916\uff0c\u8fd8\u53ef\u4ee5\u5177\u6709 vsftpd \u7684\u72ec\u7279\u767b\u5f55\u6863\u683c\u5f0f\u5594\uff01\u5982\u679c\u4f60\u7684 FTP \u670d\u52a1\u5668\u5e76\u4e0d\u662f\u5f88\u5fd9\u788c\uff0c \u6216\u8bb8\u8ba2\u51fa\u4e24\u4e2a\u767b\u5f55\u6863\u7684\u64b0\u5199 (\/var\/log\/{vsftpd.log,xferlog) \u662f\u4e0d\u9519\u7684\u3002<\/li>\n<p>\t<\/p>\n<li>nopriv_user=nobody<br \/>\u6211\u4eec\u7684 vsftpd \u9884\u8bbe\u4ee5 nobody \u4f5c\u4e3a\u6b64\u4e00\u670d\u52a1\u6267\u884c\u8005\u7684\u6743\u9650\u3002\u56e0\u4e3a nobody \u7684\u6743\u9650\u76f8\u5f53\u7684\u4f4e\uff0c\u56e0\u6b64\u5373\u4f7f\u88ab\u5165\u4fb5\uff0c\u5165\u4fb5\u8005\u4ec5\u80fd\u53d6\u5f97 nobody \u7684\u6743\u9650\u5594\uff01<\/li>\n<p>\t<\/p>\n<li>pam_service_name=vsftpd<br \/>\u8fd9\u4e2a\u662f pam \u6a21\u5757\u7684\u540d\u79f0\uff0c\u6211\u4eec\u653e\u7f6e\u5728 \/etc\/pam.d\/vsftpd \u5373\u662f\u8fd9\u4e2a\u549a\u549a\uff01<\/li>\n<p><\/ul>\n<p>\u4e0a\u9762\u8fd9\u4e9b\u662f\u5e38\u89c1\u7684 vsftpd \u7684\u8bbe\u5b9a\u53c2\u6570\uff0c\u8fd8\u6709\u5f88\u591a\u53c2\u6570\u6211\u6ca1\u6709\u5217\u51fa\u6765\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 man 5 vsftpd.conf \u67e5\u9605\u5594\uff01\u4e0d\u8fc7\uff0c\u57fa\u672c\u4e0a\u4e0a\u9762\u8fd9\u4e9b\u53c2\u6570\u5df2\u7ecf\u591f\u6211\u4eec\u8bbe\u5b9a vsftpd \u5570\u3002<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"server_start\"><\/a>2.4 vsftpd \u542f\u52a8\u7684\u6a21\u5f0f<\/p>\n<div>\n<p>vsftpd \u53ef\u4ee5\u4f7f\u7528 stand alone \u6216 super daemon \u7684\u65b9\u5f0f\u6765\u542f\u52a8\uff0c\u6211\u4eec CentOS \u9884\u8bbe\u662f\u4ee5 stand alone \u6765\u542f\u52a8\u7684\u3002 \u90a3\u4ec0\u4e48\u65f6\u5019\u5e94\u8be5\u9009\u62e9 stand alone \u6216\u8005\u662f super daemon \u5462\uff1f\u5982\u679c\u4f60\u7684 ftp \u670d\u52a1\u5668\u662f\u63d0\u4f9b\u7ed9\u6574\u4e2a\u56e0\u7279\u7f51\u6765\u8fdb\u884c\u5927\u91cf\u4e0b\u8f7d\u7684\u4efb\u52a1\uff0c\u4f8b\u5982\u5404\u5927\u4e13\u9662\u6821\u7684 FTP \u670d\u52a1\u5668\uff0c\u90a3\u5efa\u8bae\u4f60\u4f7f\u7528 stand alone \u7684\u65b9\u5f0f\uff0c \u670d\u52a1\u7684\u901f\u5ea6\u4e0a\u4f1a\u6bd4\u8f83\u597d\u3002\u5982\u679c\u4ec5\u662f\u63d0\u4f9b\u7ed9\u5185\u90e8\u4eba\u5458\u4f7f\u7528\u7684 FTP \u670d\u52a1\u5668\uff0c\u90a3\u4f7f\u7528 super daemon \u6765\u7ba1\u7406\u5373\u53ef\u554a\u3002<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5229\u7528 CentOS \u63d0\u4f9b\u7684 script \u6765\u542f\u52a8 vsftpd (stand alone)<\/li>\n<p><\/ul>\n<p>\u5176\u5b9e CentOS \u4e0d\u7528\u4f5c\u4efb\u4f55\u8bbe\u5b9a\u5c31\u80fd\u591f\u542f\u52a8 vsftpd \u5570\uff01\u662f\u8fd9\u6837\u542f\u52a8\u7684\u5566\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# \/etc\/init.d\/vsftpd start<br>[root@www ~]# netstat -tulnp| grep 21<br>tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   11689\/vsftpd<br># \u770b\u5230\u5570\uff0c\u662f\u7531 vsftpd \u6240\u542f\u52a8\u7684\u5462\uff01<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u81ea\u884c\u8bbe\u5b9a\u4ee5 super daemon \u6765\u542f\u52a8 (\u6709\u5fc5\u8981\u518d\u8fdb\u884c\uff0c\u4e0d\u7528\u5b9e\u4f5c)<\/li>\n<p><\/ul>\n<p>\u5982\u679c\u4f60\u7684 FTP \u662f\u5f88\u5c11\u88ab\u4f7f\u7528\u7684\uff0c\u90a3\u4e48\u5229\u7528 super daemon \u6765\u7ba1\u7406\u4e0d\u5931\u4e3a\u4e00\u4e2a\u597d\u4e3b\u610f\u3002 \u4e0d\u8fc7\u82e5\u4f60\u60f3\u8981\u4f7f\u7528 super daemon \u7ba1\u7406\u7684\u8bdd\uff0c\u90a3\u5c31\u5f97\u8981\u81ea\u884c\u4fee\u6539\u4e00\u4e0b\u914d\u7f6e\u6587\u4ef6\u4e86\u3002\u5176\u5b9e\u4e5f\u4e0d\u96be\u5566\uff0c\u4f60\u5e94\u8be5\u8981\u8fd9\u6837\u5904\u7406\u7684\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u627e\u5230 listen=YES \u8fd9\u4e00\u884c\uff1a\u5927\u7ea6\u5728 109 \u884c\u5de6\u53f3\u5566\uff0c\u5e76\u5c06\u5b83\u6539\u6210\uff1a<br>listen=NO<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u63a5\u4e0b\u6765\u4fee\u6539\u4e00\u4e0b super daemon \u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u5e95\u4e0b\u8fd9\u4e2a\u6863\u6848\u4f60\u5fc5\u987b\u8981\u81ea\u884c\u5efa\u7acb\u7684\uff0c\u539f\u672c\u662f\u4e0d\u5b58\u5728\u7684\u5594\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# yum install xinetd   &lt;==\u5047\u8bbe xinetd \u6ca1\u6709\u5b89\u88c5\u65f6<br>[root@www ~]# vim \/etc\/xinetd.d\/vsftpd<br>service ftp<br>{<br>        socket_type             = stream<br>        wait                    = no<br>        user                    = root<br>        server                  = \/usr\/sbin\/vsftpd<br>        log_on_success          += DURATION USERID<br>        log_on_failure          += USERID<br>        nice                    = 10<br>        disable                 = no<br>}<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u7136\u540e\u5c1d\u8bd5\u542f\u52a8\u770b\u770b\u5462\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# \/etc\/init.d\/vsftpd stop<br>[root@www ~]# \/etc\/init.d\/xinetd restart<br>[root@www ~]# netstat -tulnp| grep 21<br>tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   32274\/xinetd<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u6709\u8da3\u5427\uff01\u4e24\u8005\u542f\u52a8\u7684\u65b9\u5f0f\u53ef\u4e0d\u4e00\u6837\u554a\uff01\u7ba1\u7406\u7684\u65b9\u5f0f\u5c31\u4f1a\u5dee\u5f88\u591a\u7684\u5466\uff01\u4e0d\u7ba1\u4f60\u8981\u4f7f\u7528\u54ea\u79cd\u542f\u52a8\u7684\u65b9\u5f0f\uff0c\u5207\u8bb0\u4e0d\u8981\u4e24\u8005\u540c\u65f6\u542f\u52a8\uff0c\u5426\u5219\u4f1a\u53d1\u751f\u9519\u8bef\u7684\uff01\u4f60\u5e94\u8be5\u4f7f\u7528 chkconfig &#8211;list \u68c0\u67e5\u4e00\u4e0b\u8fd9\u4e24\u79cd\u542f\u52a8\u7684\u65b9\u5f0f\uff0c\u7136\u540e\u4f9d\u636e\u4f60\u7684\u9700\u6c42\u6765\u51b3\u5b9a\u7528\u54ea\u4e00\u79cd\u65b9\u5f0f\u542f\u52a8\u3002\u9e1f\u54e5\u5e95\u4e0b\u7684\u8bbe\u5b9a\u90fd\u4f1a\u4ee5 stand alone \u8fd9\u4e2a CentOS \u9ed8\u8ba4\u7684\u542f\u52a8\u6a21\u5f0f\u6765\u5904\u7406\uff0c\u6240\u4ee5\u8d76\u7d27\u5c06\u521a\u521a\u7684\u52a8\u4f5c\u7ed9\u4ed6\u6539\u56de\u6765\u5594\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"server_basic\"><\/a>2.5 CentOS \u7684 vsftpd \u9ed8\u8ba4\u503c<\/p>\n<div>\n<p>\u5728 CentOS \u7684\u9ed8\u8ba4\u503c\u5f53\u4e2d\uff0cvsftpd \u662f\u540c\u65f6\u5f00\u653e\u5b9e\u4f53\u7528\u6237\u4e0e\u533f\u540d\u7528\u6237\u7684\uff0cCentOS \u7684\u9ed8\u8ba4\u503c\u5982\u4e0b\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># 1. \u4e0e\u533f\u540d\u8005\u6709\u5173\u7684\u4fe1\u606f\uff1a<br>anonymous_enable=YES        &lt;==\u652f\u6301\u533f\u540d\u8005\u7684\u767b\u5165\u4f7f\u7528 FTP \u529f\u80fd<br><br># 2. \u4e0e\u5b9e\u4f53\u7528\u6237\u6709\u5173\u7684\u8bbe\u5b9a<br>local_enable=YES            &lt;==\u652f\u6301\u672c\u5730\u7aef\u7684\u5b9e\u4f53\u7528\u6237\u767b\u5165<br>write_enable=YES            &lt;==\u5141\u8bb8\u7528\u6237\u4e0a\u4f20\u6570\u636e (\u5305\u62ec\u6863\u6848\u4e0e\u76ee\u5f55)<br>local_umask=022             &lt;==\u5efa\u7acb\u65b0\u76ee\u5f55 (755) \u4e0e\u6863\u6848 (644) \u7684\u6743\u9650<br><br># 3. \u4e0e\u670d\u52a1\u5668\u73af\u5883\u6709\u5173\u7684\u8bbe\u5b9a<br>dirmessage_enable=YES       &lt;==\u82e5\u76ee\u5f55\u4e0b\u6709 .message \u5219\u4f1a\u663e\u793a\u8be5\u6863\u6848\u7684\u5185\u5bb9<br>xferlog_enable=YES          &lt;==\u542f\u52a8\u767b\u5f55\u6587\u4ef6\u8bb0\u5f55\uff0c\u8bb0\u5f55\u4e8e \/var\/log\/xferlog<br>connect_from_port_20=YES    &lt;==\u652f\u6301\u4e3b\u52a8\u5f0f\u8054\u673a\u529f\u80fd<br>xferlog_std_format=YES      &lt;==\u652f\u6301 WuFTP \u7684\u767b\u5f55\u6863\u683c\u5f0f<br>listen=YES                  &lt;==\u4f7f\u7528 stand alone \u65b9\u5f0f\u542f\u52a8 vsftpd<br>pam_service_name=vsftpd     &lt;==\u652f\u6301 PAM \u6a21\u5757\u7684\u7ba1\u7406<br>userlist_enable=YES         &lt;==\u652f\u6301 \/etc\/vsftpd\/user_list \u6863\u6848\u5185\u7684\u8d26\u53f7\u767b\u5165\u7ba1\u63a7\uff01<br>tcp_wrappers=YES            &lt;==\u652f\u6301 TCP Wrappers \u7684\u9632\u706b\u5899\u673a\u5236<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u4e0a\u9762\u5404\u9879\u8bbe\u5b9a\u503c\u8bf7\u81ea\u884c\u53c2\u8003 <a href=\"#server_vsftpd.conf\">2.3<\/a> \u7684\u8be6\u7ec6\u8bf4\u660e\u5427\u3002\u800c\u901a\u8fc7\u8fd9\u6837\u7684\u8bbe\u5b9a\u503c\u54b1\u4eec\u7684 vsftpd \u53ef\u4ee5\u8fbe\u5230\u5982\u4e0b\u7684\u529f\u80fd\uff1a<\/p>\n<p><a name=\"use_local_time\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\u4f60\u53ef\u4ee5\u4f7f\u7528 anonymous \u8fd9\u4e2a\u533f\u540d\u8d26\u53f7\u6216\u5176\u4ed6\u5b9e\u4f53\u8d26\u53f7 (\/etc\/passwd) \u767b\u5165\uff1b<\/li>\n<p>\t<\/p>\n<li>anonymous \u7684\u5bb6\u76ee\u5f55\u5728 \/var\/ftp \uff0c\u4e14\u65e0\u4e0a\u4f20\u6743\u9650\uff0c\u4ea6\u5df2\u7ecf\u88ab chroot \u4e86\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5b9e\u4f53\u7528\u6237\u7684\u5bb6\u76ee\u5f55\u53c2\u8003 \/etc\/passwd\uff0c\u5e76\u6ca1\u6709\u88ab chroot\uff0c\u53ef\u524d\u5f80\u4efb\u4f55\u6709\u6743\u9650\u53ef\u8fdb\u5165\u7684\u76ee\u5f55\u4e2d\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4efb\u4f55\u4e8e \/etc\/vsftpd\/ftpusers \u5185\u5b58\u5728\u7684\u8d26\u53f7\u5747\u65e0\u6cd5\u4f7f\u7528 vsftpd (PAM)\uff1b<\/li>\n<p>\t<\/p>\n<li>\u53ef\u5229\u7528 \/etc\/hosts.{allow|deny} \u6765\u4f5c\u4e3a\u57fa\u7840\u9632\u706b\u5899\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5f53\u5ba2\u6237\u7aef\u6709\u4efb\u4f55\u4e0a\u4f20\/\u4e0b\u8f7d\u4fe1\u606f\u65f6\uff0c\u8be5\u4fe1\u606f\u4f1a\u88ab\u7eaa\u5f55\u5230 \/var\/log\/xferlog \u4e2d\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4e3b\u52a8\u5f0f\u8054\u673a\u7684\u57e0\u53e3\u4e3a port 20\uff1b<\/li>\n<p>\t<\/p>\n<li><span style=\"text-decoration: underline;\">\u4f7f\u7528\u683c\u6797\u5a01\u6cbb\u65f6\u95f4 (GMT)\u3002<\/span><\/li>\n<p><\/ul>\n<p>\u6240\u4ee5\u5f53\u4f60\u542f\u52a8 vsftpd \u540e\uff0c\u4f60\u7684\u5b9e\u4f53\u7528\u6237\u5c31\u80fd\u591f\u76f4\u63a5\u5229\u7528 vsftpd \u8fd9\u4e2a\u670d\u52a1\u6765\u4f20\u8f93\u4ed6\u81ea\u5df1\u7684\u6570\u636e\u4e86\u3002 \u4e0d\u8fc7\u6bd4\u8f83\u5927\u7684\u95ee\u9898\u662f\uff0c\u56e0\u4e3a vsftpd \u9884\u8bbe\u4f7f\u7528 GMT \u65f6\u95f4\uff0c\u56e0\u4e3a\u4f60\u5728\u5ba2\u6237\u7aef\u4f7f\u7528 ftp \u8f6f\u4ef6\u8fde\u63a5\u5230 FTP \u670d\u52a1\u5668\u65f6\uff0c\u4f1a\u53d1\u73b0\u6bcf\u4e2a\u6863\u6848\u7684\u65f6\u95f4\u90fd\u6162\u4e86\u516b\u5c0f\u65f6\u4e86\uff01\u771f\u662f\u8ba8\u538c\u554a\uff01 \u6240\u4ee5\u5efa\u8bae\u4f60\u52a0\u8bbe\u4e00\u4e2a\u53c2\u6570\u503c\uff0c\u5c31\u662f\u300e use_localtime=YES \u300f\u5570\uff01<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u5728\u8fd9\u4e2a\u6863\u6848\u5f53\u4e2d\u7684\u6700\u540e\u4e00\u884c\u52a0\u5165\u8fd9\u4e00\u53e5\u5373\u53ef<br>use_localtime=YES<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<br>[root@www ~]# chkconfig vsftpd on<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5982\u6b64\u4e00\u6765\u4f60\u7684 FTP \u670d\u52a1\u5668\u4e0d\u4f46\u53ef\u4ee5\u63d0\u4f9b\u533f\u540d\u8d26\u53f7\u6765\u4e0b\u8f7d \/var\/ftp \u7684\u6570\u636e\uff0c\u5982\u679c\u4f7f\u7528\u5b9e\u4f53\u8d26\u53f7\u6765\u767b\u5165\u7684\u8bdd\uff0c \u5c31\u80fd\u591f\u8fdb\u5165\u5230\u8be5\u7528\u6237\u7684\u5bb6\u76ee\u5f55\u5e95\u4e0b\u53bb\u4e86\uff01\u771f\u662f\u5f88\u7b80\u5355\u65b9\u4fbf\u7684\u4e00\u4e2a\u8bbe\u5b9a\u554a\uff01\u4e14\u4f7f\u7528\u672c\u5730\u7aef\u65f6\u95f4\u5462\uff01 ^_^<\/p>\n<p>\u53e6\u5916\uff0c\u5982\u679c\u4f60\u9884\u8ba1\u8981\u5c06 FTP \u5f00\u653e\u7ed9 Internet \u4f7f\u7528\u65f6\uff0c\u8bf7\u6ce8\u610f\u5f97\u8981\u5f00\u653e\u9632\u706b\u5899\u5594\uff01\u5173\u4e8e\u9632\u706b\u5899\u7684\u5efa\u7f6e\u60c5\u51b5\uff0c \u7531\u4e8e\u7275\u6d89\u5230\u6570\u636e\u6d41\u7684\u4e3b\u52a8\u3001\u88ab\u52a8\u8054\u673a\u65b9\u5f0f\uff0c\u56e0\u6b64\uff0c\u8fd8\u5f97\u8981\u52a0\u5165\u9632\u706b\u5899\u6a21\u5757\u3002\u8fd9\u90e8\u4efd\u6211\u4eec\u5728\u540e\u7eed\u7684 <a href=\"#other_iptables\">2.8 \u5c0f\u8282<\/a>\u518d\u52a0\u4ee5\u4ecb\u7ecd\uff0c\u53cd\u6b63\uff0c\u6700\u7ec8\u8bb0\u5f97\u8981\u5f00\u653e FTP \u7684\u8054\u673a\u8981\u6c42\u5c31\u5bf9\u4e86\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"server_real\"><\/a>2.6 \u9488\u5bf9\u5b9e\u4f53\u8d26\u53f7\u7684\u8bbe\u5b9a<\/p>\n<div>\n<p>\u867d\u7136\u5728 CentOS \u7684\u9ed8\u8ba4\u60c5\u51b5\u5f53\u4e2d\u5b9e\u4f53\u7528\u6237\u5df2\u7ecf\u53ef\u4ee5\u4f7f\u7528 FTP \u7684\u670d\u52a1\u4e86\uff0c\u4e0d\u8fc7\u6211\u4eec\u53ef\u80fd\u8fd8\u9700\u8981\u4e00\u4e9b\u989d\u5916\u7684\u529f\u80fd\u6765\u9650\u5236\u5b9e\u4f53\u7528\u6237\u3002 \u4e3e\u4f8b\u6765\u8bf4\uff0c\u9650\u5236\u7528\u6237\u65e0\u6cd5\u79bb\u5f00\u5bb6\u76ee\u5f55 (chroot)\u3001\u9650\u5236\u4e0b\u8f7d\u901f\u7387\u3001\u9650\u5236\u7528\u6237\u4e0a\u4f20\u6863\u6848\u65f6\u7684\u6743\u9650 (mask) \u7b49\u7b49\u3002 \u5e95\u4e0b\u6211\u4eec\u5148\u5217\u51fa\u4e00\u4e9b\u5e0c\u671b\u8fbe\u5230\u7684\u529f\u80fd\uff0c\u7136\u540e\u518d\u7ee7\u7eed\u8fdb\u884c\u989d\u5916\u529f\u80fd\u7684\u5904\u7406\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u5e0c\u671b\u4f7f\u7528\u53f0\u6e7e\u672c\u5730\u65f6\u95f4\u53d6\u4ee3 GMT \u65f6\u95f4\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7528\u6237\u767b\u5165\u65f6\u663e\u793a\u4e00\u4e9b\u6b22\u8fce\u8baf\u606f\u7684\u4fe1\u606f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7cfb\u7edf\u8d26\u53f7\u4e0d\u53ef\u767b\u5165\u4e3b\u673a (\u4ea6\u5373 UID \u5c0f\u4e8e 500 \u4ee5\u4e0b\u7684\u8d26\u53f7)\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4e00\u822c\u5b9e\u4f53\u7528\u6237\u53ef\u4ee5\u8fdb\u884c\u4e0a\u4f20\u3001\u4e0b\u8f7d\u3001\u5efa\u7acb\u76ee\u5f55\u53ca\u4fee\u6539\u6863\u6848\u7b49\u52a8\u4f5c\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7528\u6237\u65b0\u589e\u7684\u6863\u6848\u3001\u76ee\u5f55\u4e4b umask \u5e0c\u671b\u8bbe\u5b9a\u4e3a 002\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5176\u4ed6\u4e3b\u673a\u8bbe\u5b9a\u503c\u4fdd\u7559<a href=\"#server_basic\">\u9ed8\u8ba4\u503c<\/a>\u5373\u53ef\u3002<\/li>\n<p><\/ul>\n<p>\u4f60\u53ef\u4ee5\u81ea\u884c\u5904\u7406 vsftpd.conf \u8fd9\u4e2a\u6863\u6848\uff0c\u4ee5\u4e0b\u5219\u662f\u4e00\u4e2a\u8303\u4f8b\u3002\u6ce8\u610f\uff0c\u5982\u679c\u4f60\u7684 vsftpd.conf \u6ca1\u6709\u76f8\u5173\u8bbe\u5b9a\u503c\uff0c \u8bf7\u81ea\u884c\u8865\u4e0a\u5427\uff01OK\uff01\u8ba9\u6211\u4eec\u5f00\u59cb\u4e00\u6b65\u4e00\u6b65\u6765\u4f9d\u5e8f\u5904\u7406\u5148\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u5148\u5efa\u7acb\u4e3b\u914d\u7f6e\u6587\u4ef6 vsftpd.conf\uff0c\u8fd9\u4e2a\u914d\u7f6e\u6587\u4ef6\u5df2\u7ecf\u5305\u542b\u4e86\u4e3b\u8981\u8bbe\u5b9a\u503c\uff1a<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># 1. \u4e0e\u533f\u540d\u8005\u76f8\u5173\u7684\u4fe1\u606f\uff0c\u5728\u8fd9\u4e2a\u6848\u4f8b\u4e2d\u5c06\u533f\u540d\u767b\u5f55\u53d6\u6d88\uff1a<br>anonymous_enable=NO<br><br># 2. \u4e0e\u5b9e\u4f53\u7528\u6237\u76f8\u5173\u7684\u4fe1\u606f\uff1a\u53ef\u5199\u5165\uff0c\u4e14 umask \u4e3a 002 \u5594\uff01<br>local_enable=YES<br>write_enable=YES<br>local_umask=002<br>userlist_enable=YES<br>userlist_deny=YES<br>userlist_file=\/etc\/vsftpd\/user_list  &lt;==\u8fd9\u4e2a\u6863\u6848\u5fc5\u987b\u5b58\u5728\uff01\u8fd8\u597d\uff0c\u9884\u8bbe\u6709\u6b64\u6863\u6848\uff01<br><br># 3. \u4e0e\u670d\u52a1\u5668\u73af\u5883\u6709\u5173\u7684\u8bbe\u5b9a<br>use_localtime=YES<br>dirmessage_enable=YES<br>xferlog_enable=YES<br>connect_from_port_20=YES<br>xferlog_std_format=YES<br>listen=YES<br>pam_service_name=vsftpd<br>tcp_wrappers=YES<br>banner_file=\/etc\/vsftpd\/welcome.txt &lt;==<span style=\"text-decoration: underline;\">\u8fd9\u4e2a\u6863\u6848\u5fc5\u987b\u5b58\u5728\uff01\u9700\u624b\u52a8\u5efa\u7acb\uff01<\/span><br><br>[root@www ~]# \/etc\/init.d\/xinetd restart  &lt;==\u53d6\u6d88 super dameon<br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5efa\u7acb\u6b22\u8fce\u8baf\u606f\uff1a\u5f53\u6211\u4eec\u60f3\u8ba9\u767b\u5165\u8005\u53ef\u67e5\u9605\u54b1\u4eec\u7cfb\u7edf\u7ba1\u7406\u5458\u6240\u4e0b\u8fbe\u7684\u300e\u516c\u544a\u300f\u4e8b\u9879\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u8bbe\u5b9a\uff01\u90a3\u5c31\u662f banner_file=\/etc\/vsftpd\/welcome.txt \u8fd9\u4e2a\u53c2\u6570\u7684\u7528\u9014\u4e86\uff01\u6211\u4eec\u53ef\u4ee5\u7f16\u8f91\u8fd9\u4e2a\u6863\u6848\u5373\u53ef\u3002 \u597d\u4e86\uff0c\u5f00\u59cb\u6765\u5efa\u7acb\u6b22\u8fce\u753b\u9762\u5427\uff01<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/welcome.txt<br>\u6b22\u8fce\u5149\u4e34\u672c\u5c0f\u7ad9\uff0c\u672c\u7ad9\u63d0\u4f9b FTP \u7684\u76f8\u5173\u670d\u52a1\uff01<br>\u4e3b\u8981\u7684\u670d\u52a1\u662f\u9488\u5bf9\u672c\u673a\u5b9e\u4f53\u7528\u6237\u63d0\u4f9b\u7684\uff0c<br>\u82e5\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u4e0e\u9e1f\u54e5\u8054\u7edc\uff01<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5efa\u7acb\u9650\u5236\u7cfb\u7edf\u8d26\u53f7\u767b\u5165\u7684\u6863\u6848\u518d\u6765\u662f\u9488\u5bf9\u7cfb\u7edf\u8d26\u53f7\u6765\u7ed9\u4e88\u62b5\u6321\u7684\u673a\u5236\uff0c\u5176\u5b9e\u6709\u4e24\u4e2a\u6863\u6848\u5566\uff0c\u4e00\u4e2a\u662f PAM \u6a21\u5757\u7ba1\u7684\uff0c\u4e00\u4e2a\u662f vsftpd \u4e3b\u52a8\u63d0\u4f9b\u7684\uff0c \u5728\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b\u8fd9\u4e24\u4e2a\u6863\u6848\u5206\u522b\u662f\uff1a\n<ul>\t<\/p>\n<li>\/etc\/vsftpd\/ftpusers\uff1a\u5c31\u662f \/etc\/pam.d\/vsftpd \u8fd9\u4e2a\u6863\u6848\u7684\u8bbe\u5b9a\u6240\u5f71\u54cd\u7684\uff1b<\/li>\n<p>\t<\/p>\n<li>\/etc\/vsftpd\/user_list\uff1a\u7531 vsftpd.conf \u7684 userlist_file \u6240\u8bbe\u5b9a\u3002<\/li>\n<p><\/ul>\n<p>\u8fd9\u4e24\u4e2a\u6863\u6848\u7684\u5185\u5bb9\u662f\u4e00\u6837\u7684\u54e9\uff5e\u5e76\u4e14\u8fd9\u4e24\u4e2a\u6863\u6848\u5fc5\u987b\u8981\u5b58\u5728\u624d\u884c\u3002\u8bf7\u4f60\u53c2\u8003\u4f60\u7684 \/etc\/passwd \u914d\u7f6e\u6587\u4ef6\uff0c \u7136\u540e\u5c06 UID \u5c0f\u4e8e 500 \u7684\u8d26\u53f7\u540d\u79f0\u7ed9\u4ed6\u540c\u65f6\u5199\u5230\u8fd9\u4e24\u4e2a\u6863\u6848\u5185\u5427\uff01\u4e00\u884c\u4e00\u4e2a\u8d26\u53f7\uff01<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/user_list<br>root<br>bin<br>....(\u5e95\u4e0b\u7701\u7565)....<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/li>\n<p>\t<\/p>\n<li>\u6d4b\u8bd5\u7ed3\u679c\uff1a\u4f60\u53ef\u4ee5\u4f7f\u7528\u56fe\u5f62\u63a5\u53e3\u7684 FTP \u5ba2\u6237\u7aef\u8f6f\u4ef6\u6765\u5904\u7406\uff0c\u4e5f\u53ef\u4ee5\u900f\u8fc7 Linux \u672c\u8eab\u63d0\u4f9b\u7684 ftp \u5ba2\u6237\u7aef\u529f\u80fd\u54e9\uff01 \u5173\u4e8e <a href=\"http:\/\/linux.vbird.org\/linux_server\/0140networkcommand.php#ftp\">ftp \u6307\u4ee4<\/a>\u6211\u4eec\u5df2\u7ecf\u5728<a href=\"http:\/\/linux.vbird.org\/linux_server\/0140networkcommand.php\">\u7b2c\u4e94\u7ae0<\/a>\u8c08\u8fc7\u4e86\uff0c\u4f60\u53ef\u4ee5\u81ea\u884c\u524d\u5f80\u53c2\u8003\u3002\u8fd9\u91cc\u76f4\u63a5\u6d4b\u8bd5\u4e00\u4e0b\u5427\uff1a<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre># \u6d4b\u8bd5\u4f7f\u7528\u5df2\u77e5\u4f7f\u7528\u8005\u767b\u5165\uff0c\u4f8b\u5982 dmtsai \u8fd9\u4e2a\u5b9e\u4f53\u7528\u6237\uff1a<br>[root@www ~]# ftp localhost<br>Trying 127.0.0.1...<br>Connected to localhost (127.0.0.1).<br>220-\u6b22\u8fce\u5149\u4e34\u672c\u5c0f\u7ad9\uff0c\u672c\u7ad9\u63d0\u4f9b FTP \u7684\u76f8\u5173\u670d\u52a1\uff01   &lt;==\u521a\u521a\u5efa\u7acb\u7684\u6b22\u8fce\u8baf\u606f<br>220-\u4e3b\u8981\u7684\u670d\u52a1\u662f\u9488\u5bf9\u672c\u673a\u5b9e\u4f53\u7528\u6237\u63d0\u4f9b\u7684\uff0c<br>220-\u82e5\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u4e0e\u9e1f\u54e5\u8054\u7edc\uff01<br>220<br>Name (localhost:root): student<br>331 Please specify the password.<br>Password:  &lt;==\u8f93\u5165\u5bc6\u7801\u5570\u5728\u8fd9\u91cc\uff01<br><span style=\"text-decoration: underline;\">500 OOPS: cannot change directory:\/home\/student<\/span>  &lt;==\u6709\u8bb2\u767b\u5165\u5931\u8d25\u7684\u539f\u56e0\u5594\uff01<br>Login failed.<br>ftp&gt; bye<br>221 Goodbye.<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u7531\u4e8e\u9ed8\u8ba4\u4e00\u822c\u7528\u6237\u65e0\u6cd5\u767b\u5165 FTP \u7684\uff01\u56e0\u4e3a SELinux \u7684\u95ee\u9898\u5566\uff01\u8bf7\u53c2\u8003\u4e0b\u4e2a\u5c0f\u8282\u7684\u65b9\u5f0f\u6765\u5904\u7406\u3002 \u7136\u540e\u4ee5\u4e0a\u9762\u7684\u65b9\u5f0f\u6d4b\u8bd5\u5b8c\u6bd5\u540e\uff0c\u4f60\u53ef\u4ee5\u5728\u767b\u5165\u8005\u8d26\u53f7\u5904\u5206\u522b\u586b\u5199 (1)root (2)anonymous \u6765\u5c1d\u8bd5\u767b\u5165\u770b\u770b\uff01 \u5982\u679c\u4e0d\u80fd\u767b\u5165\u7684\u8bdd\uff0c\u90a3\u5c31\u662f\u8bbe\u5b9a OK \u7684\u5566\uff01(root \u4e0d\u80fd\u767b\u5165\u662f\u56e0\u4e3a PAM \u6a21\u5757\u4ee5\u53ca user_list \u8bbe\u5b9a\u503c\u7684\u5173\u7cfb\uff0c \u800c\u533f\u540d\u65e0\u6cd5\u767b\u5165\uff0c\u662f\u56e0\u4e3a\u6211\u4eec vsftpd.conf \u91cc\u5934\u5c31\u662f\u8bbe\u5b9a\u4e0d\u80fd\u7528\u533f\u540d\u767b\u5f55\u561b\uff01)<\/li>\n<p><\/ol>\n<p>\u4e0a\u9762\u662f\u6700\u7b80\u5355\u7684\u5b9e\u4f53\u8d26\u53f7\u76f8\u5173\u8bbe\u5b9a\u3002\u90a3\u5982\u679c\u4f60\u8fd8\u60f3\u8981\u9650\u5236\u7528\u6237\u5bb6\u76ee\u5f55\u7684 chroot \u6216\u5176\u4ed6\u5982\u901f\u9650\u7b49\u6570\u636e\uff0c\u5c31\u5f97\u8981\u770b\u770b\u5e95\u4e0b\u7684\u7279\u6b8a\u8bbe\u5b9a\u9879\u76ee\u5570\u3002<\/p>\n<p><a name=\"server_real_selinux\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5b9e\u4f53\u8d26\u53f7\u7684 SELinux \u8bae\u9898<\/li>\n<p><\/ul>\n<p>\u5728\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b\uff0cCentOS \u7684 FTP \u662f\u4e0d\u5141\u8bb8\u5b9e\u4f53\u8d26\u53f7\u767b\u5165\u53d6\u5f97\u5bb6\u76ee\u5f55\u6570\u636e\u7684\uff0c\u8fd9\u662f\u56e0\u4e3a SELinux \u7684\u95ee\u9898\u5566\uff01 \u5982\u679c\u4f60\u5728\u521a\u521a\u7684 ftp localhost \u6b65\u9aa4\u4e2d\uff0c\u5728 bye \u79bb\u5f00 FTP \u4e4b\u524d\u4e0b\u8fbe\u8fc7\u300e dir \u300f\u7684\u8bdd\uff0c\u90a3\u4f60\u4f1a\u53d1\u73b0\u6ca1\u6709\u4efb\u4f55\u8d44\u6599\u8dd1\u51fa\u6765\uff5e \u8fd9\u5e76\u4e0d\u662f\u4f60\u9519\u4e86\uff0c\u800c\u662f SELinux \u4e0d\u592a\u5bf9\u52b2\u7684\u7f18\u6545\u3002\u90a3\u5982\u4f55\u89e3\u51b3\u5462\uff1f\u8fd9\u6837\u5904\u7406\u5373\u53ef\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# getsebool -a | grep ftp<br>allow_ftpd_anon_write --&gt; off<br>allow_ftpd_full_access --&gt; off<br>allow_ftpd_use_cifs --&gt; off<br>allow_ftpd_use_nfs --&gt; off<br>ftp_home_dir --&gt; off            &lt;==\u5c31\u662f\u8fd9\u73a9\u610f\u513f\uff01\u8981\u8bbe\u5b9a on \u624d\u884c\uff01<br>....(\u5e95\u4e0b\u7701\u7565)....<br><br>[root@www ~]# setsebool -P ftp_home_dir=1<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u8fd9\u6837\u5c31\u641e\u5b9a\u5570\uff01\u5982\u679c\u8fd8\u6709\u5176\u4ed6\u53ef\u80fd\u53d1\u751f\u9519\u8bef\u7684\u539f\u56e0\uff0c\u5305\u62ec\u6863\u6848\u6570\u636e\u4f7f\u7528 mv \u800c\u975e\u4f7f\u7528 cp \u5bfc\u81f4 SELinux \u6587\u4ef6\u7c7b\u578b\u65e0\u6cd5\u7ee7\u627f\u539f\u6709\u76ee\u5f55\u7684\u7c7b\u578b\u65f6\uff0c\u90a3\u5c31\u8bf7\u81ea\u884c\u67e5\u9605 \/var\/log\/messages \u7684\u5185\u5bb9\u5427\uff01\u901a\u5e38 SELinux \u6ca1\u6709\u8fd9\u4e48\u96be\u5904\u7406\u7684\u5566\uff01^_^<\/p>\n<p><a name=\"server_real_chroot\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5bf9\u4f7f\u7528\u8005 (\u5305\u62ec\u672a\u6765\u65b0\u589e\u7528\u6237) \u8fdb\u884c chroot<\/li>\n<p><\/ul>\n<p>\u5728\u9e1f\u54e5\u63a5\u89e6\u7684\u4e00\u822c FTP \u4f7f\u7528\u73af\u5883\u4e2d\uff0c\u5927\u591a\u6570\u90fd\u662f\u8981\u5f00\u653e\u7ed9\u5382\u5546\u8054\u673a\u6765\u4f7f\u7528\u7684\uff0c\u7ed9\u81ea\u5df1\u4eba\u4f7f\u7528\u7684\u673a\u4f1a\u867d\u7136\u4e5f\u6709\uff0c \u4e0d\u8fc7\u4f7f\u7528\u8005\u6570\u91cf\u901a\u5e38\u6bd4\u8f83\u5c11\u4e00\u4e9b\u3002\u6240\u4ee5\u5570\uff0c\u9e1f\u54e5\u73b0\u5728\u90fd\u662f\u5efa\u8bae\u9ed8\u8ba4\u8ba9\u5b9e\u4f53\u7528\u6237\u901a\u901a\u88ab chroot\uff0c \u800c\u5141\u8bb8\u4e0d\u5fc5 chroot \u7684\u8d26\u53f7\u624d\u9700\u8981\u989d\u5916\u8bbe\u5b9a\u3002\u8fd9\u6837\u7684\u597d\u5904\u662f\uff0c\u65b0\u5efa\u7684\u8d26\u53f7\u5982\u679c\u5fd8\u8bb0\u8fdb\u884c chroot\uff0c\u53cd\u6b63\u539f\u672c\u5c31\u662f chroot\uff0c \u6bd4\u8f83\u4e0d\u7528\u62c5\u5fc3\u5982\u679c\u8be5\u8d26\u53f7\u662f\u5f00\u7ed9\u5382\u5546\u65f6\u8be5\u600e\u529e\u7684\u95ee\u9898\u3002<\/p>\n<p>\u73b0\u5728\u5047\u8bbe\u6211\u7cfb\u7edf\u91cc\u9762\u4ec5\u6709 vbird \u4e0e dmtsai \u4e24\u4e2a\u8d26\u53f7\u4e0d\u8981\u88ab chroot\uff0c\u5176\u4ed6\u5982 student, smb1&#8230; \u7b49\u8d26\u53f7\u901a\u901a\u9884\u8bbe\u662f chroot \u7684\u5566\uff0c\u5305\u62ec\u672a\u6765\u65b0\u589e\u8d26\u53f7\u4e5f\u5168\u90e8\u9884\u8bbe chroot\uff01\u90a3\u8be5\u5982\u4f55\u8bbe\u5b9a\uff1f\u5f88\u7b80\u5355\uff0c\u4e09\u4e2a\u8bbe\u5b9a\u503c\u52a0\u4e0a\u4e00\u4e2a\u989d\u5916\u914d\u7f6e\u6587\u4ef6\u5c31\u641e\u5b9a\u4e86\uff01\u6b65\u9aa4\u5982\u4e0b\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre># 1. \u4fee\u6539 vsftpd.conf \u7684\u53c2\u6570\u503c\uff1a<br>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u589e\u52a0\u662f\u5426\u8bbe\u5b9a\u9488\u5bf9\u67d0\u4e9b\u4f7f\u7528\u8005\u6765 chroot \u7684\u76f8\u5173\u8bbe\u5b9a\u5466\uff01<br>chroot_local_user=YES<br>chroot_list_enable=YES<br>chroot_list_file=\/etc\/vsftpd\/chroot_list<br><br># 2. \u5efa\u7acb\u4e0d\u88ab chroot \u7684\u4f7f\u7528\u8005\u8d26\u53f7\u5217\u8868\uff0c\u5373\u4f7f\u6ca1\u6709\u4efb\u4f55\u8d26\u53f7\uff0c\u6b64\u6863\u6848\u4e5f\u662f\u8981\u5b58\u5728\uff01<br>[root@www ~]# vim \/etc\/vsftpd\/chroot_list<br>vbird<br>dmtsai<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5982\u6b64\u4e00\u6765\uff0c\u9664\u4e86 dmtsai \u4e0e vbird \u4e4b\u5916\u7684\u5176\u4ed6\u53ef\u7528 FTP \u7684\u8d26\u53f7\u8005\uff0c\u901a\u901a\u4f1a\u88ab chroot \u5728\u4ed6\u4eec\u7684\u5bb6\u76ee\u5f55\u4e0b\uff0c \u8fd9\u6837\u5bf9\u7cfb\u7edf\u6bd4\u8f83\u597d\u5566\uff01\u63a5\u4e0b\u6765\uff0c\u8bf7\u4f60\u81ea\u5df1\u5206\u522b\u4f7f\u7528\u6709\u4e0e\u6ca1\u6709\u88ab chroot \u7684\u8d26\u53f7\u6765\u8054\u673a\u6d4b\u8bd5\u770b\u770b\u3002<\/p>\n<p><a name=\"server_real_flow\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u9650\u5236\u5b9e\u4f53\u7528\u6237\u7684\u603b\u4e0b\u8f7d\u6d41\u91cf (\u5e26\u5bbd)<\/li>\n<p><\/ul>\n<p>\u4f60\u53ef\u4e0d\u5e0c\u671b\u5e26\u5bbd\u88ab\u4f7f\u7528\u8005\u4e0a\u4f20\/\u4e0b\u8f7d\u6240\u8017\u5c3d\uff0c\u800c\u5f71\u54cd\u54b1\u4eec\u670d\u52a1\u5668\u7684\u5176\u4ed6\u6b63\u5e38\u670d\u52a1\u5427\uff1f\u6240\u4ee5\u9650\u5236\u4f7f\u7528\u8005\u7684\u4f20\u8f93\u5e26\u5bbd\u6709\u65f6\u4e5f\u662f\u9700\u8981\u7684\uff01 \u5047\u8bbe\u300e\u6211\u8981\u9650\u5236\u6240\u6709\u4f7f\u7528\u8005\u7684\u603b\u4f20\u8f93\u5e26\u5bbd\u6700\u5927\u53ef\u8fbe 1 MBytes\/\u79d2 \u300f\u65f6\uff0c\u4f60\u53ef\u4ee5\u8fd9\u6837\u505a\u5373\u53ef\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u589e\u52a0\u5e95\u4e0b\u8fd9\u4e00\u4e2a\u53c2\u6570\u5373\u53ef\uff1a<br>local_max_rate=1000000  &lt;==\u8bb0\u4f4f\u5594\uff0c\u5355\u4f4d\u662f bytes\/second<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u4e0a\u8ff0\u7684\u5355\u4f4d\u662f Bytes\/\u79d2\uff0c\u6240\u4ee5\u4f60\u53ef\u4ee5\u4f9d\u636e\u4f60\u81ea\u5df1\u7684\u7f51\u7edc\u73af\u5883\u6765\u9650\u5236\u4f60\u7684\u5e26\u5bbd\uff01\u8fd9\u6837\u5c31\u7ed9\u4ed6\u9650\u5236\u597d\u5570\uff01\u6709\u591f\u5bb9\u6613\u5427\uff01 \u90a3\u600e\u4e48\u6d4b\u8bd5\u554a\uff1f\u5f88\u7b80\u5355\uff0c\u7528\u672c\u673a\u6d4b\u8bd5\u6700\u51c6\uff01\u4f60\u53ef\u4ee5\u7528 dd \u505a\u51fa\u4e00\u4e2a 10MB \u7684\u6863\u6848\u653e\u5728 student \u7684\u5bb6\u76ee\u5f55\u4e0b\uff0c\u7136\u540e\u7528 root \u4e0b\u8fbe ftp localhost\uff0c\u5e76\u8f93\u5165 student \u7684\u5e10\u5bc6\uff0c\u63a5\u4e0b\u6765\u7ed9\u4ed6 get \u8fd9\u4e2a\u65b0\u7684\u6863\u6848\uff0c\u5c31\u80fd\u591f\u5728\u6700\u7ec8\u77e5\u9053\u4e0b\u8f7d\u7684\u901f\u5ea6\u5566\uff01<\/p>\n<p><a name=\"server_real_client\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u9650\u5236\u6700\u5927\u540c\u65f6\u4e0a\u7ebf\u4eba\u6570\u4e0e\u540c\u4e00 IP \u7684 FTP \u8054\u673a\u6570<\/li>\n<p><\/ul>\n<p>\u5982\u679c\u4f60\u6709\u9650\u5236\u6700\u5927\u4f7f\u7528\u5e26\u5bbd\u7684\u8bdd\uff0c\u90a3\u4e48\u4f60\u53ef\u80fd\u8fd8\u9700\u8981\u9650\u5236\u6700\u5927\u5728\u7ebf\u4eba\u6570\u624d\u884c\uff01\u4e3e\u4f8b\u6765\u8bf4\uff0c\u4f60\u5e0c\u671b\u6700\u591a\u53ea\u6709 10 \u4e2a\u4eba\u540c\u65f6\u4f7f\u7528\u4f60\u7684 FTP \u7684\u8bdd\uff0c\u5e76\u4e14\u6bcf\u4e2a IP \u6765\u6e90\u6700\u591a\u53ea\u80fd\u5efa\u7acb\u4e00\u6761 FTP \u7684\u8054\u673a\u65f6\uff0c\u90a3\u4f60\u53ef\u4ee5\u8fd9\u6837\u505a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u589e\u52a0\u5e95\u4e0b\u7684\u8fd9\u4e24\u4e2a\u53c2\u6570\uff1a<br>max_clients=10<br>max_per_ip=1<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u8fd9\u6837\u5c31\u641e\u5b9a\u4e86\uff01\u8ba9\u4f60\u7684 FTP \u4e0d\u4f1a\u4eba\u6ee1\u4e3a\u60a3\u5436\uff01<\/p>\n<p><a name=\"server_real_userlist\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u5efa\u7acb\u4e25\u683c\u7684\u53ef\u4f7f\u7528 FTP \u7684\u8d26\u53f7\u5217\u8868<\/li>\n<p><\/ul>\n<p>\u5728\u9884\u8bbe\u7684\u73af\u5883\u5f53\u4e2d\uff0c\u6211\u4eec\u662f\u5c06\u300e\u4e0d\u8bb8\u4f7f\u7528 FTP \u7684\u8d26\u53f7\u5199\u5165 \/etc\/vsftpd\/user_list \u6863\u6848\u300f\uff0c\u6240\u4ee5\u6ca1\u6709\u5199\u5165 \/etc\/vsftpd\/user_list \u5f53\u4e2d\u7684\u4f7f\u7528\u8005\u5c31\u80fd\u591f\u4f7f\u7528 FTP \u4e86\uff01\u5982\u6b64\u4e00\u6765\uff0c\u672a\u6765\u65b0\u589e\u7684\u4f7f\u7528\u8005\u9884\u8bbe\u90fd\u80fd\u591f\u4f7f\u7528 FTP \u7684\u670d\u52a1\u3002 \u5982\u679c\u6362\u4e2a\u89d2\u5ea6\u6765\u601d\u8003\uff0c\u82e5\u6211\u60f3\u53ea\u8ba9\u67d0\u4e9b\u4eba\u53ef\u4ee5\u4f7f\u7528 FTP \u800c\u5df2\uff0c\u4ea6\u5373\u662f\u65b0\u589e\u7684\u4f7f\u7528\u8005\u9884\u8bbe\u4e0d\u53ef\u4f7f\u7528 FTP \u8fd9\u4e2a\u670d\u52a1\u7684\u8bdd\u90a3\u4e48\u5e94\u8be5\u5982\u4f55\u4f5c\u5462\uff1f\u4f60\u9700\u8981\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u6210\u4e3a\u8fd9\u6837\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u8fd9\u51e0\u4e2a\u53c2\u6570\u5fc5\u987b\u8981\u4fee\u6539\u6210\u8fd9\u6837\uff1a<br>userlist_enable=YES<br>userlist_deny=NO<br>userlist_file=\/etc\/vsftpd\/user_list<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5219\u6b64\u65f6\u300e\u5199\u5165 \/etc\/vsftpd\/user_list \u53d8\u6210\u53ef\u4ee5\u4f7f\u7528 FTP \u7684\u8d26\u53f7\u300f\u4e86\uff01 \u6240\u4ee5\u672a\u6765\u65b0\u589e\u7684\u4f7f\u7528\u8005\u5982\u679c\u8981\u80fd\u591f\u4f7f\u7528 FTP \u7684\u8bdd\uff0c\u5c31\u5fc5\u987b\u8981\u5199\u5165 \/etc\/vsftpd\/user_list \u624d\u884c\uff01 \u4f7f\u7528\u8fd9\u4e2a\u673a\u5236\u8bf7\u7279\u522b\u5c0f\u5fc3\uff0c\u5426\u5219\u5bb9\u6613\u641e\u6df7\u6389\uff5e<\/p>\n<p>\u900f\u8fc7\u8fd9\u51e0\u4e2a\u7b80\u5355\u7684\u8bbe\u5b9a\u503c\uff0c\u76f8\u4fe1 vsftpd \u5df2\u7ecf\u53ef\u4ee5\u7b26\u5408\u5927\u90e8\u5206\u5408\u6cd5 FTP \u7f51\u7ad9\u7684\u9700\u6c42\u5570\uff01 \u66f4\u591a\u8be6\u7ec6\u7684\u7528\u6cd5\u5219\u8bf7\u53c2\u8003 man 5 vsftpd.conf \u5427\uff01<\/p>\n<table width=\"90%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\"><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td>\u4f8b\u9898\uff1a<\/p>\n<div>\u5047\u8bbe\u4f60\u56e0\u4e3a\u67d0\u4e9b\u7279\u6b8a\u9700\u6c42\uff0c\u6240\u4ee5\u5fc5\u987b\u8981\u5f00\u653e root \u4f7f\u7528 FTP \u4f20\u8f93\u6863\u6848\uff0c\u90a3\u4e48\u4f60\u5e94\u8be5\u8981\u5982\u4f55\u5904\u7406\uff1f<\/div>\n<p>\u7b54\uff1a<\/p>\n<div>\u7531\u4e8e\u7cfb\u7edf\u8d26\u53f7\u65e0\u6cd5\u4f7f\u7528 FTP \u662f\u56e0\u4e3a PAM \u6a21\u5757\u4e0e vsftpd \u7684\u5185\u5efa\u529f\u80fd\u6240\u81f4\uff0c\u4ea6\u5373\u662f \/etc\/vsftpd\/ftpusers \u53ca \/etc\/vsftpd\/user_list \u8fd9\u4e24\u4e2a\u6863\u6848\u7684\u5f71\u54cd\u3002\u6240\u4ee5\u4f60\u53ea\u8981\u8fdb\u5165\u8fd9\u4e24\u4e2a\u6863\u6848\uff0c\u5e76\u4e14\u5c06 root \u90a3\u4e00\u884c\u6279\u6ce8\u6389\uff0c\u90a3 root \u5c31\u53ef\u4ee5\u4f7f\u7528 vsftpd\u8fd9\u4e2a FTP \u670d\u52a1\u4e86\u3002 \u4e0d\u8fc7\uff0c\u4e0d\u5efa\u8bae\u5982\u6b64\u4f5c\u5594\uff01<\/div>\n<\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/div>\n<hr \/>\n<p><a name=\"server_anon\"><\/a>2.7 \u4ec5\u6709\u533f\u540d\u767b\u5f55\u7684\u76f8\u5173\u8bbe\u5b9a<\/p>\n<div>\n<p>\u867d\u7136\u4f60\u53ef\u4ee5\u540c\u65f6\u5f00\u542f\u5b9e\u4f53\u7528\u6237\u4e0e\u533f\u540d\u7528\u6237\uff0c\u4e0d\u8fc7\u5efa\u8bae\u4f60\uff0c\u670d\u52a1\u5668\u8fd8\u662f\u4f9d\u636e\u9700\u6c42\uff0c\u9488\u5bf9\u5355\u4e00\u79cd\u8eab\u4efd\u6765\u8bbe\u5b9a\u5427\uff01 \u5e95\u4e0b\u6211\u4eec\u5c06\u9488\u5bf9\u533f\u540d\u7528\u6237\u6765\u8bbe\u5b9a\uff0c\u4e14\u4e0d\u5f00\u653e\u5b9e\u4f53\u7528\u6237\u3002\u4e00\u822c\u6765\u8bf4\uff0c\u8fd9\u79cd\u8bbe\u5b9a\u662f\u7ed9\u7c7b\u4f3c\u5927\u4e13\u9662\u6821\u7684 FTP \u670d\u52a1\u5668\u6765\u4f7f\u7528\u7684\u54e9\uff01<\/p>\n<ul>\t<\/p>\n<li>\u4f7f\u7528\u53f0\u6e7e\u672c\u5730\u7684\u65f6\u95f4\uff0c\u800c\u975e GMT \u65f6\u95f4\uff1b<\/li>\n<p>\t<\/p>\n<li>\u63d0\u4f9b\u6b22\u8fce\u8baf\u606f\uff0c\u8bf4\u660e\u53ef\u63d0\u4f9b\u4e0b\u8f7d\u7684\u4fe1\u606f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4ec5\u5f00\u653e anonymous \u7684\u767b\u5165\uff0c\u4e14\u4e0d\u9700\u8981\u8f93\u5165\u5bc6\u7801\uff1b<\/li>\n<p>\t<\/p>\n<li>\u6587\u4ef6\u4f20\u8f93\u7684\u901f\u9650\u4e3a 1 Mbytes\/second\uff1b<\/li>\n<p>\t<\/p>\n<li>\u6570\u636e\u8fde\u63a5\u7684\u8fc7\u7a0b (\u4e0d\u662f\u547d\u4ee4\u901a\u9053\uff01) \u53ea\u8981\u8d85\u8fc7 60 \u79d2\u6ca1\u6709\u54cd\u5e94\uff0c\u5c31\u5f3a\u5236 Client \u65ad\u7ebf\uff01<\/li>\n<p>\t<\/p>\n<li>\u53ea\u8981 anonymous \u8d85\u8fc7\u5341\u5206\u949f\u6ca1\u6709\u52a8\u4f5c\uff0c\u5c31\u4e88\u4ee5\u65ad\u7ebf\uff1b<\/li>\n<p>\t<\/p>\n<li>\u6700\u5927\u540c\u65f6\u4e0a\u7ebf\u4eba\u6570\u9650\u5236\u4e3a 50 \u4eba\uff0c\u4e14\u540c\u4e00 IP \u6765\u6e90\u6700\u5927\u8054\u673a\u6570\u91cf\u4e3a 5 \u4eba\uff1b<\/li>\n<p><\/ul>\n<p><a name=\"anon_home\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u9884\u8bbe\u7684 FTP \u533f\u540d\u8005\u7684\u6839\u76ee\u5f55\u6240\u5728\uff1a ftp \u8d26\u53f7\u7684\u5bb6\u76ee\u5f55<\/li>\n<p><\/ul>\n<p>OK\uff01\u90a3\u5982\u4f55\u8bbe\u5b9a\u5462\uff1f\u9996\u5148\u6211\u4eec\u5fc5\u987b\u8981\u77e5\u9053\u7684\u662f\u533f\u540d\u7528\u6237\u7684\u76ee\u5f55\u5728\u54ea\u91cc\uff1f \u4e8b\u5b9e\u4e0a\u533f\u540d\u8005\u9ed8\u8ba4\u767b\u5165\u7684\u6839\u76ee\u5f55\u662f\u4ee5 ftp \u8fd9\u4e2a\u7528\u6237\u7684\u5bb6\u76ee\u5f55\u4e3a\u4e3b\uff0c\u6240\u4ee5\u4f60\u53ef\u4ee5\u4f7f\u7528\u300e finger ftp \u300f\u6765\u67e5\u9605\u3002 \u54b1\u4eec\u7684 CentOS \u9ed8\u8ba4\u7684\u533f\u540d\u8005\u6839\u76ee\u5f55\u5728 \/var\/ftp\/ \u4e2d\u3002\u4e14\u533f\u540d\u767b\u5f55\u8005\u5728\u4f7f\u7528 FTP \u670d\u52a1\u65f6\uff0c\u4ed6\u9884\u8bbe\u53ef\u4ee5\u4f7f\u7528\u300e ftp \u300f \u8fd9\u4e2a\u4f7f\u7528\u8005\u8eab\u4efd\u7684\u6743\u9650\u5594\uff0c\u53ea\u662f\u88ab chroot \u5230 \/var\/ftp\/ \u76ee\u5f55\u4e2d\u5c31\u662f\u4e86\u3002<\/p>\n<p>\u56e0\u4e3a\u533f\u540d\u8005\u53ea\u4f1a\u5728 \/var\/ftp\/ \u5f53\u4e2d\u6d4f\u89c8\uff0c\u6240\u4ee5\u4f60\u5fc5\u987b\u5c06\u8981\u63d0\u4f9b\u7ed9\u7528\u6237\u4e0b\u8f7d\u7684\u6570\u636e\u901a\u901a\u7ed9\u653e\u7f6e\u5230 \/var\/ftp\/ \u53bb\u3002 \u5047\u8bbe\u4f60\u5df2\u7ecf\u653e\u7f6e\u4e86 linux \u7684\u76f8\u5173\u76ee\u5f55\u4ee5\u53ca gnu \u7684\u76f8\u5173\u8f6f\u4ef6\u5230\u8be5\u76ee\u5f55\u4e2d\u4e86\uff0c\u90a3\u6211\u4eec\u53ef\u4ee5\u8fd9\u6837\u505a\u4e2a\u5047\u8bbe\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# mkdir \/var\/ftp\/linux<br>[root@www ~]# mkdir \/var\/ftp\/gnu<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u7136\u540e\u5c06 vsftpd.conf \u7684\u6570\u636e\u6e05\u7a7a\uff0c\u91cd\u65b0\u8fd9\u6837\u5904\u7406\u4ed6\u5427\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u5efa\u7acb vsftpd.conf \u7684\u8bbe\u5b9a\u6570\u636e<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u5c06\u8fd9\u4e2a\u6863\u6848\u7684\u5168\u90e8\u5185\u5bb9\u6539\u6210\u8fd9\u6837\uff1a<br># 1. \u4e0e\u533f\u540d\u8005\u76f8\u5173\u7684\u4fe1\u606f\uff1a<br>anonymous_enable=YES<br>no_anon_password=YES        &lt;==\u533f\u540d\u767b\u5f55\u65f6\uff0c\u7cfb\u7edf\u4e0d\u4f1a\u68c0\u9a8c\u5bc6\u7801 (\u901a\u5e38\u662femail)<br>anon_max_rate=1000000       &lt;==\u6700\u5927\u5e26\u5bbd\u4f7f\u7528\u4e3a 1MB\/s \u5de6\u53f3<br>data_connection_timeout=60  &lt;==\u6570\u636e\u6d41\u8054\u673a\u7684 timeout \u4e3a 60 \u79d2<br>idle_session_timeout=600    &lt;==\u82e5\u533f\u540d\u8005\u53d1\u5446\u8d85\u8fc7 10 \u5206\u949f\u5c31\u65ad\u7ebf<br>max_clients=50              &lt;==\u6700\u5927\u8054\u673a\u4e0e\u6bcf\u4e2a IP \u7684\u53ef\u7528\u8054\u673a<br>max_per_ip=5<br><br># 2. \u4e0e\u5b9e\u4f53\u7528\u6237\u76f8\u5173\u7684\u4fe1\u606f\uff0c\u672c\u6848\u4f8b\u4e2d\u4e3a\u5173\u95ed\u4ed6\u7684\u60c5\u51b5\uff01<br>local_enable=NO<br><br># 3. \u4e0e\u670d\u52a1\u5668\u73af\u5883\u6709\u5173\u7684\u8bbe\u5b9a<br>use_localtime=YES<br>dirmessage_enable=YES<br>xferlog_enable=YES<br>connect_from_port_20=YES<br>xferlog_std_format=YES<br>listen=YES<br>pam_service_name=vsftpd<br>tcp_wrappers=YES<br>banner_file=\/etc\/vsftpd\/anon_welcome.txt &lt;==\u6a94\u540d\u6709\u6539\u5594\uff01<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5efa\u7acb\u6b22\u8fce\u753b\u9762\u4e0e\u4e0b\u8f7d\u63d0\u793a\u8baf\u606f\u5404\u4f4d\u4eb2\u7231\u7684\u89c2\u4f17\u670b\u53cb\uff01\u8981\u6ce8\u610f\uff5e\u5728\u8fd9\u4e2a\u6848\u4f8b\u5f53\u4e2d\uff0c\u6211\u4eec\u5c06\u6b22\u8fce\u8baf\u606f\u8bbe\u5b9a\u5728 \/etc\/vsftpd\/anon_welcome.txt \u8fd9\u4e2a\u6863\u6848\u4e2d\uff0c \u81f3\u4e8e\u8fd9\u4e2a\u6863\u6848\u7684\u5185\u5bb9\u4f60\u53ef\u4ee5\u8fd9\u6837\u5199 (\u8fd9\u4e2a\u6863\u6848\u4e00\u5b9a\u8981\u5b58\u5728\uff01\u5426\u5219\u4f1a\u9020\u6210\u5ba2\u6237\u7aef\u65e0\u6cd5\u8054\u673a\u6210\u529f\u5594\uff01)\uff1a<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/anon_welcome.txt<br>\u6b22\u8fce\u5149\u4e34\u672c\u7ad9\u6240\u63d0\u4f9b\u7684 FTP \u670d\u52a1\uff01<br>\u672c\u7ad9\u4e3b\u8981\u63d0\u4f9b Linux \u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6863\u6848\u4ee5\u53ca GNU \u81ea\u7531\u8f6f\u4ef6\u5594\uff01<br>\u6709\u95ee\u9898\u8bf7\u4e0e\u7ad9\u957f\u8054\u7edc\uff01\u8c22\u8c22\u5927\u5bb6\uff01<br>\u4e3b\u8981\u7684\u76ee\u5f55\u4e3a\uff1a<br><br>linux   \u63d0\u4f9b Linux \u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u8f6f\u4ef6<br>gnu     \u63d0\u4f9b GNU \u7684\u81ea\u7531\u8f6f\u4ef6<br>uploads \u63d0\u4f9b\u533f\u540d\u7684\u60a8\u4e0a\u4f20\u6570\u636e<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u770b\u5230\u5570\uff01\u4e3b\u8981\u5199\u7684\u6570\u636e\u90fd\u662f\u9488\u5bf9\u4e00\u4e9b\u516c\u544a\u4e8b\u9879\u5c31\u662f\u4e86\uff01<\/li>\n<p>\t<\/p>\n<li>\u5ba2\u6237\u7aef\u7684\u6d4b\u8bd5\uff1a\u5bc6\u7801\u4e0e\u6b22\u8fce\u8baf\u606f\u662f\u91cd\u70b9\uff01\u540c\u6837\u7684\uff0c\u6211\u4eec\u4f7f\u7528 ftp \u8fd9\u4e2a\u8f6f\u4ef6\u6765\u7ed9\u4ed6\u6d4b\u8bd5\u4e00\u4e0b\u5427\uff01<br \/>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# ftp localhost<br>Connected to localhost (127.0.0.1).<br>220-\u6b22\u8fce\u5149\u4e34\u672c\u7ad9\u6240\u63d0\u4f9b\u7684 FTP \u670d\u52a1\uff01   &lt;==\u5e95\u4e0b\u8fd9\u51e0\u884c\u4e2d\u6587\u5c31\u662f\u6b22\u8fce\u4e0e\u63d0\u793a\u8baf\u606f\uff01<br>220-\u672c\u7ad9\u4e3b\u8981\u63d0\u4f9b Linux \u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6863\u6848\u4ee5\u53ca GNU \u81ea\u7531\u8f6f\u4ef6\u5594\uff01<br>220-\u6709\u95ee\u9898\u8bf7\u4e0e\u7ad9\u957f\u8054\u7edc\uff01\u8c22\u8c22\u5927\u5bb6\uff01<br>220-\u4e3b\u8981\u7684\u76ee\u5f55\u4e3a\uff1a<br>220-<br>220-linux   \u63d0\u4f9b Linux \u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u8f6f\u4ef6<br>220-gnu     \u63d0\u4f9b GNU \u7684\u81ea\u7531\u8f6f\u4ef6<br>220-uploads \u63d0\u4f9b\u533f\u540d\u7684\u60a8\u4e0a\u4f20\u6570\u636e<br>220<br>Name (localhost:root): anonymous  &lt;==\u533f\u540d\u8d26\u53f7\u540d\u79f0\u662f\u8981\u80cc\u7684\uff01<br>230 Login successful.               &lt;==\u6ca1\u6709\u8f93\u5165\u5bc6\u7801\u5373\u53ef\u767b\u5165\u5462\uff01<br>Remote system type is UNIX.<br>Using binary mode to transfer files.<br>ftp&gt; dir<br>227 Entering Passive Mode (127,0,0,1,196,17).<br>150 Here comes the directory listing.<br><span style=\"text-decoration: underline;\">drwxr-xr-x 2 0 0 4096 Aug 08 16:37 gnu<\/span><br>-rw-r--r--    1 0        0              17 Aug 08 14:18 index.html<br><span style=\"text-decoration: underline;\">drwxr-xr-x 2 0 0 4096 Aug 08 16:37 linux<\/span><br>drwxr-xr-x    2 0        0            4096 Jun 25 17:44 pub<br>226 Directory send OK.<br>ftp&gt; bye<br>221 Goodbye.<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u770b\u5230\u5426\uff1f\u8fd9\u6b21\u53ef\u5c31\u4e0d\u9700\u8981\u8f93\u5165\u4efb\u4f55\u5bc6\u7801\u4e86\uff0c\u56e0\u4e3a\u662f\u533f\u540d\u767b\u5f55\u561b\uff01\u800c\u4e14\uff0c\u5982\u679c\u4f60\u4ee5\u5176\u4ed6\u7684\u8d26\u53f7\u6765\u5c1d\u8bd5\u767b\u5165\u65f6\uff0c \u90a3\u4e48 vsftpd \u4f1a\u7acb\u523b\u54cd\u5e94\u4ec5\u5f00\u653e\u533f\u540d\u7684\u8baf\u606f\u5594\uff01(530 This FTP server is anonymous only.)<\/li>\n<p><\/ol>\n<p><a name=\"server_anon_upload\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u8ba9\u533f\u540d\u8005\u53ef\u4e0a\u4f20\/\u4e0b\u8f7d\u81ea\u5df1\u7684\u8d44\u6599 (\u6743\u9650\u5f00\u653e\u6700\u5927)<\/li>\n<p><\/ul>\n<p>\u5728\u4e0a\u5217\u7684\u6570\u636e\u5f53\u4e2d\uff0c\u5b9e\u9645\u4e0a\u533f\u540d\u7528\u6237\u4ec5\u53ef\u8fdb\u884c\u4e0b\u8f7d\u7684\u52a8\u4f5c\u800c\u5df2\u3002\u5982\u679c\u4f60\u8fd8\u60f3\u8ba9\u533f\u540d\u8005\u53ef\u4ee5\u4e0a\u4f20\u6863\u6848\u6216\u8005\u662f\u5efa\u7acb\u76ee\u5f55\u7684\u8bdd\uff0c \u90a3\u4f60\u8fd8\u9700\u8981\u989d\u5916\u589e\u52a0\u4e00\u4e9b\u8bbe\u5b9a\u624d\u884c\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u65b0\u589e\u5e95\u4e0b\u8fd9\u51e0\u884c\u554a\uff01<br>write_enable=YES<br>anon_other_write_enable=YES<br>anon_mkdir_write_enable=YES<br>anon_upload_enable=YES<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5982\u679c\u4f60\u8bbe\u5b9a\u4e0a\u9762\u56db\u9879\u53c2\u6570\uff0c\u5219\u4f1a\u5141\u8bb8\u533f\u540d\u8005\u62e5\u6709\u5b8c\u6574\u7684\u5efa\u7acb\u3001\u5220\u9664\u3001\u4fee\u6539\u6863\u6848\u4e0e\u76ee\u5f55\u7684\u6743\u9650\u3002 \u4e0d\u8fc7\uff0c\u5b9e\u9645\u8981\u751f\u6548\u8fd8\u9700\u8981 Linux \u7684\u6587\u4ef6\u7cfb\u7edf\u6743\u9650\u6b63\u786e\u624d\u884c\uff01 \u6211\u4eec\u77e5\u9053\u533f\u540d\u8005\u53d6\u5f97\u7684\u8eab\u4efd\u662f ftp \uff0c\u6240\u4ee5\u5982\u679c\u60f3\u8ba9\u533f\u540d\u8005\u4e0a\u4f20\u6570\u636e\u5230 \/var\/ftp\/uploads\/ \u4e2d\uff0c\u5219\u9700\u8981\u8fd9\u6837\u505a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# mkdir \/var\/ftp\/uploads<br>[root@www ~]# chown ftp \/var\/ftp\/uploads<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u7136\u540e\u4f60\u4ee5\u533f\u540d\u8005\u8eab\u4efd\u767b\u5165\u540e\uff0c\u5c31\u4f1a\u53d1\u73b0\u533f\u540d\u8005\u7684\u6839\u76ee\u5f55\u591a\u4e86\u4e00\u4e2a \/upload \u7684\u76ee\u5f55\u5b58\u5728\u4e86\uff0c\u5e76\u4e14\u4f60\u53ef\u4ee5\u5728\u8be5\u76ee\u5f55\u4e2d\u4e0a\u4f20\u6863\u6848\/\u76ee\u5f55\u5594\uff01 \u5982\u6b64\u4e00\u6765\u7cfb\u7edf\u7684\u6743\u9650\u5927\u5f00\uff01\u5f88\u8981\u547d\u5594\uff01\u6240\u4ee5\uff0c\u8bf7\u4ed4\u7ec6\u7684\u63a7\u5236\u597d\u4f60\u7684\u4e0a\u4f20\u76ee\u5f55\u624d\u884c\uff01<\/p>\n<p>\u4e0d\u8fc7\uff0c\u5728\u5b9e\u9645\u6d4b\u8bd5\u5f53\u4e2d\uff0c\u5374\u53d1\u73b0\u8fd8\u662f\u6ca1\u529e\u6cd5\u4e0a\u4f20\u5462\uff01\u600e\u4e48\u56de\u4e8b\u554a\uff1f\u5982\u679c\u4f60\u6709\u53bb\u770b\u4e00\u4e0b \/var\/log\/messages \u7684\u8bdd\uff0c\u90a3\u5c31\u4f1a\u53d1\u73b0\u5566\uff01 \u53c8\u662f SELinux \u8fd9\u5bb6\u4f19\u5462\uff01\u600e\u4e48\u529e\uff1f\u5c31\u900f\u8fc7\u300e sealert -l &#8230; \u300f\u5728 \/var\/log\/messages \u91cc\u9762\u89c2\u5bdf\u5230\u7684\u6307\u4ee4\u4e22\u8fdb\u53bb\uff0c \u7acb\u523b\u5c31\u77e5\u9053\u89e3\u51b3\u65b9\u6848\u5566\uff01\u89e3\u51b3\u65b9\u6848\u5c31\u662f\u653e\u884c SELinux \u7684\u533f\u540d FTP \u89c4\u5219\u5982\u4e0b\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# setsebool -P allow_ftpd_anon_write=1<br>[root@www ~]# setsebool -P allow_ftpd_full_access=1<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u7136\u540e\u4f60\u518d\u6d4b\u8bd5\u4e00\u4e0b\u7528 anonymous \u767b\u5165\uff0c\u5230 \/uploads \u53bb\u4e0a\u4f20\u4e2a\u6863\u6848\u5427\uff01\u5c31\u4f1a\u77e5\u9053\u80fd\u4e0d\u80fd\u6210\u529f\u54e9\uff01<\/p>\n<p><a name=\"server_anon_upload2\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u8ba9\u533f\u540d\u8005\u4ec5\u5177\u6709\u4e0a\u4f20\u6743\u9650\uff0c\u4e0d\u53ef\u4e0b\u8f7d\u533f\u540d\u8005\u4e0a\u4f20\u7684\u4e1c\u897f<\/li>\n<p><\/ul>\n<p>\u4e00\u822c\u6765\u8bf4\uff0c\u7528\u6237\u4e0a\u4f20\u7684\u6570\u636e\u5728\u7ba1\u7406\u5458\u5c1a\u672a\u67e5\u9605\u8fc7\u662f\u5426\u5408\u4e4e\u7248\u6743\u7b49\u76f8\u5173\u4e8b\u5b9c\u524d\uff0c\u662f\u4e0d\u5e94\u8be5\u8ba9\u5176\u4ed6\u4eba\u4e0b\u8f7d\u7684\uff01 \u7136\u800c\u524d\u4e00\u5c0f\u8282\u7684\u8bbe\u5b9a\u5f53\u4e2d\uff0c\u7528\u6237\u4e0a\u4f20\u7684\u8d44\u6599\u662f\u53ef\u4ee5\u88ab\u5176\u4ed6\u4eba\u6240\u6d4f\u89c8\u4e0e\u4e0b\u8f7d\u7684\uff01\u5982\u6b64\u4e00\u6765\u5b9e\u5728\u662f\u5f88\u5371\u9669\uff01\u6240\u4ee5\u5982\u679c\u4f60\u8981\u8bbe\u5b9a \/var\/ftp\/uploads\/ \u5185\u900f\u8fc7\u533f\u540d\u8005\u4e0a\u4f20\u7684\u6570\u636e\u4e2d\uff0c\u4ec5\u80fd\u4e0a\u4f20\u4e0d\u80fd\u88ab\u4e0b\u8f7d\u65f6\uff0c\u90a3\u4e48\u88ab\u4e0a\u4f20\u7684\u6570\u636e\u7684\u6743\u9650\u5c31\u5f97\u8981\u4fee\u6539\u4e00\u4e0b\u624d\u884c\uff01 \u8bf7\u5c06\u524d\u4e00\u5c0f\u8282\u6240\u8bbe\u5b9a\u7684\u56db\u4e2a\u53c2\u6570\u7b80\u5316\u6210\u4e3a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u5c06\u8fd9\u51e0\u884c\u7ed9\u4ed6\u6539\u4e00\u6539\u5148\uff01\u8bb0\u5f97\u8981\u62ff\u6389 anon_other_write_enable=YES<br>write_enable=YES<br>anon_mkdir_write_enable=YES<br>anon_upload_enable=YES<br>chown_uploads=YES        &lt;==\u65b0\u589e\u7684\u8bbe\u5b9a\u503c\u5728\u6b64\uff01<br>chown_username=daemon<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5f53\u7136\u5566\uff0c\u90a3\u4e2a \/var\/ftp\/uploads\/ \u8fd8\u662f\u9700\u8981\u53ef\u4ee5\u88ab ftp \u8fd9\u4e2a\u4f7f\u7528\u8005\u5199\u5165\u624d\u884c\uff01\u5982\u6b64\u4e00\u6765\u88ab\u4e0a\u4f20\u7684\u6863\u6848\u5c06\u4f1a\u88ab\u4fee\u6539\u6863\u6848\u62e5\u6709\u8005\u6210\u4e3a daemon \u8fd9\u4e2a\u4f7f\u7528\u8005\uff0c\u800c ftp (\u533f\u540d\u8005\u53d6\u5f97\u7684\u8eab\u4efd) \u662f\u65e0\u6cd5\u8bfb\u53d6 daemon \u7684\u6570\u636e\u7684\uff0c\u6240\u4ee5\u4e5f\u5c31\u65e0\u6cd5\u88ab\u4e0b\u8f7d\u5570\uff01 ^_^<\/p>\n<table width=\"90%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\"><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td>\u4f8b\u9898\uff1a<\/p>\n<div>\u5728\u4e0a\u8ff0\u7684\u8bbe\u5b9a\u540e\uff0c\u6211\u5c1d\u8bd5\u4ee5 anonymous \u767b\u5165\u5e76\u4e14\u4e0a\u4f20\u4e00\u4e2a\u5927\u6863\u6848\u5230 \/uploads\/ \u76ee\u5f55\u4e0b\u3002\u7531\u4e8e\u7f51\u7edc\u7684\u95ee\u9898\uff0c\u8fd9\u4e2a\u6863\u6848\u4f20\u5230\u4e00\u534a\u5c31\u65ad\u7ebf\u3002 \u4e0b\u5728\u6211\u91cd\u65b0\u4e0a\u4f20\u65f6\uff0c\u5374\u544a\u77e5\u8fd9\u4e2a\u6863\u6848\u65e0\u6cd5\u8986\u5199\uff01\u8be5\u5982\u4f55\u662f\u597d\uff1f<\/div>\n<p>\u7b54\uff1a<\/p>\n<div>\u4e3a\u4ec0\u4e48\u4f1a\u65e0\u6cd5\u8986\u5199\u5462\uff1f\u56e0\u4e3a\u8fd9\u4e2a\u6863\u6848\u5728\u4f60\u8131\u673a\u540e\uff0c\u6863\u6848\u7684\u62e5\u6709\u8005\u5c31\u88ab\u6539\u4e3a daemon \u4e86\uff01\u56e0\u4e3a\u8fd9\u4e2a\u6863\u6848\u4e0d\u5c5e\u4e8e ftp \u8fd9\u4e2a\u7528\u6237\u4e86\uff0c \u56e0\u6b64\u6211\u4eec\u65e0\u6cd5\u8fdb\u884c\u8986\u5199\u6216\u5220\u9664\u7684\u52a8\u4f5c\u3002\u6b64\u65f6\uff0c\u4f60\u53ea\u80fd\u66f4\u6539\u672c\u5730\u7aef\u6863\u6848\u7684\u6863\u540d\u518d\u6b21\u7684\u4e0a\u4f20\uff0c\u91cd\u65b0\u4ece\u5934\u4e00\u76f4\u4e0a\u4f20\u5570\uff01<\/div>\n<\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><a name=\"server_anon_pasv\"><\/a><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>\u88ab\u52a8\u5f0f\u8054\u673a\u57e0\u53e3\u7684\u9650\u5236<\/li>\n<p><\/ul>\n<p>FTP \u7684\u8054\u673a\u5206\u4e3a\u4e3b\u52a8\u5f0f\u4e0e\u88ab\u52a8\u5f0f\uff0c\u4e3b\u52a8\u5f0f\u8054\u673a\u6bd4\u8f83\u597d\u5904\u7406\uff0c\u56e0\u4e3a\u90fd\u662f\u900f\u8fc7\u670d\u52a1\u5668\u7684 port 20 \u5bf9\u5916\u4e3b\u52a8\u8054\u673a\uff0c \u6240\u4ee5\u9632\u706b\u5899\u7684\u5904\u7406\u6bd4\u8f83\u7b80\u5355\u3002\u88ab\u52a8\u5f0f\u8054\u673a\u5c31\u6bd4\u8f83\u9ebb\u70e6\uff5e\u56e0\u4e3a\u9884\u8bbe FTP \u670d\u52a1\u5668\u4f1a\u968f\u673a\u53d6\u51e0\u4e2a\u6ca1\u6709\u5728\u4f7f\u7528\u5f53\u4e2d\u7684\u57e0\u53e3\u6765\u5efa\u7acb\u88ab\u52a8\u5f0f\u8054\u673a\uff0c\u90a3\u9632\u706b\u5899\u7684\u8bbe\u5b9a\u5c31\u9ebb\u70e6\u5566\uff01<\/p>\n<p>\u6ca1\u5173\u7cfb\uff0c\u6211\u4eec\u53ef\u4ee5\u900f\u8fc7\u6307\u5b9a\u51e0\u4e2a\u56fa\u5b9a\u8303\u56f4\u5185\u7684\u57e0\u53e3\u6765\u4f5c\u4e3a FTP \u7684\u88ab\u52a8\u5f0f\u6570\u636e\u8fde\u63a5\u4e4b\u7528\u5373\u53ef\uff0c \u8fd9\u6837\u6211\u4eec\u5c31\u80fd\u591f\u9884\u5148\u77e5\u9053 FTP \u6570\u636e\u94fe\u8def\u7684\u57e0\u53e3\u5566\uff01\u4e3e\u4f8b\u6765\u8bf4\uff0c\u6211\u4eec\u5047\u8bbe\u88ab\u52a8\u5f0f\u8fde\u63a5\u7684\u57e0\u53e3\u4e3a 65400 \u5230 65410 \u8fd9\u51e0\u4e2a\u57e0\u53e3\u65f6\uff0c\u53ef\u4ee5\u8fd9\u6837\u8bbe\u5b9a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u589e\u52a0\u5e95\u4e0b\u8fd9\u51e0\u884c\u5373\u53ef\u554a\uff01<br>pasv_min_port=65400<br>pasv_max_port=65410<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u533f\u540d\u7528\u6237\u7684\u8bbe\u5b9a\u5927\u81f4\u4e0a\u8fd9\u6837\u5c31\u80fd\u7b26\u5408\u4f60\u7684\u9700\u6c42\u5570\uff01\u5176\u4ed6\u7684\u8bbe\u5b9a\u5c31\u81ea\u5df1\u770b\u7740\u529e\u5427\uff01 ^_^<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"other_iptables\"><\/a>2.8 \u9632\u706b\u5899\u8bbe\u5b9a<\/p>\n<div>\n<p>\u9632\u706b\u5899\u8bbe\u5b9a\u6709\u4ec0\u4e48\u96be\u7684\uff1f\u5c06<a href=\"http:\/\/linux.vbird.org\/linux_server\/0250simple_firewall.php\">\u7b2c\u4e5d\u7ae0<\/a>\u91cc\u9762\u7684 script \u62ff\u51fa\u6765\u4fee\u6539\u5373\u53ef\u554a\uff01\u4e0d\u8fc7\uff0c\u5982\u540c\u524d\u8a00\u8c08\u5230\u7684\uff0cFTP \u4f7f\u7528\u4e24\u4e2a\u57e0\u53e3\uff0c\u52a0\u4e0a\u5e38\u6709\u968f\u673a\u542f\u7528\u7684\u6570\u636e\u6d41\u57e0\u53e3\uff0c\u4ee5\u53ca\u88ab\u52a8\u5f0f\u8054\u673a\u7684\u670d\u52a1\u5668\u57e0\u53e3\u7b49\uff0c \u6240\u4ee5\uff0c\u4f60\u53ef\u80fd\u5f97\u8981\u8fdb\u884c\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u52a0\u5165 iptables \u7684 ip_nat_ftp, ip_conntrack_ftp \u4e24\u4e2a\u6a21\u5757<\/li>\n<p>\t<\/p>\n<li>\u5f00\u653e port 21 \u7ed9\u56e0\u7279\u7f51\u4f7f\u7528<\/li>\n<p>\t<\/p>\n<li>\u5f00\u653e\u524d\u4e00\u5c0f\u8282\u63d0\u5230\u7684 port 65400~65410 \u57e0\u53e3\u7ed9 Internet \u8054\u673a\u7528<\/li>\n<p><\/ul>\n<p>\u8981\u4fee\u6539\u7684\u5730\u65b9\u4e0d\u5c11\uff0c\u90a3\u5c31\u8ba9\u6211\u4eec\u6765\u4e00\u6b65\u4e00\u811a\u5370\u5427\uff01<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre># 1. \u52a0\u5165\u6a21\u5757\uff1a\u867d\u7136 iptables.rule \u5df2\u52a0\u5165\u6a21\u5757\uff0c\u4e0d\u8fc7\u7cfb\u7edf\u6863\u6848\u8fd8\u662f\u4fee\u6539\u4e00\u4e0b\u597d\u4e86\uff1a<br>[root@www ~]# vim \/etc\/sysconfig\/iptables-config<br>IPTABLES_MODULES=\"ip_nat_ftp ip_conntrack_ftp\"<br># \u52a0\u5165\u6a21\u5757\u5373\u53ef\uff01\u4e24\u4e2a\u6a21\u5757\u4e2d\u95f4\u6709\u7a7a\u683c\u952e\u9694\u5f00\uff01\u7136\u540e\u91cd\u65b0\u542f\u52a8 iptables \u670d\u52a1\u5570\uff01<br><br>[root@www ~]# \/etc\/init.d\/iptables restart<br><br># 2. \u4fee\u6539 iptables.rule \u7684\u811a\u672c\u5982\u4e0b\uff1a<br>[root@www ~]# vim \/usr\/local\/virus\/iptables\/iptables.rule<br>iptables -A INPUT -p TCP -i $EXTIF --dport  21  --sport 1024:65534 -j ACCEPT<br># \u627e\u5230\u4e0a\u9762\u8fd9\u4e00\u884c\uff0c\u5e76\u5c06\u524d\u9762\u7684\u6279\u6ce8\u62ff\u6389\u5373\u53ef\uff01\u5e76\u4e14\u65b0\u589e\u5e95\u4e0b\u8fd9\u4e00\u884c\u5594\uff01<br>iptables -A INPUT -p TCP -i $EXTIF --dport 65400:65410 --sport 1024:65534 -j ACCEPT<br><br>[root@www ~]# \/usr\/local\/virus\/iptables\/iptables.rule<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u8fd9\u6837\u5c31\u597d\u4e86\uff01\u540c\u65f6\u517c\u987e\u4e3b\u52a8\u5f0f\u4e0e\u88ab\u52a8\u5f0f\u7684\u8054\u673a\uff01\u5e76\u4e14\u52a0\u5165\u6240\u9700\u8981\u7684 FTP \u6a21\u5757\u5570\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"other_faq\"><\/a>2.9 \u5e38\u89c1\u95ee\u9898\u4e0e\u89e3\u51b3\u4e4b\u9053<\/p>\n<div>\n<p>\u5e95\u4e0b\u8bf4\u660e\u51e0\u4e2a\u5e38\u89c1\u7684\u95ee\u9898\u4e0e\u89e3\u51b3\u4e4b\u9053\u5427\uff01<\/p>\n<ul>\t<\/p>\n<li>\u5982\u679c\u5728 Client \u7aef\u4e0a\u9762\u53d1\u73b0\u65e0\u6cd5\u8054\u673a\u6210\u529f\uff0c\u8bf7\u68c0\u67e5\uff1a\n<ol>\t<\/p>\n<li>iptables \u9632\u706b\u5899\u7684\u89c4\u5219\u5f53\u4e2d\uff0c\u662f\u5426\u5f00\u653e\u4e86 client \u7aef\u7684 port 21 \u767b\u5165\uff1f<\/li>\n<p>\t<\/p>\n<li>\u5728 \/etc\/hosts.deny \u5f53\u4e2d\uff0c\u662f\u5426\u5c06 client \u7684\u767b\u5165\u6743\u9650\u6321\u4f4f\u4e86\uff1f<\/li>\n<p>\t<\/p>\n<li>\u5728 \/etc\/xinetd.d\/vsftpd \u5f53\u4e2d\uff0c\u662f\u5426\u8bbe\u5b9a\u9519\u8bef\uff0c\u5bfc\u81f4 client \u7684\u767b\u5165\u6743\u9650\u88ab\u53d6\u6d88\u4e86\uff1f<\/li>\n<p><\/ol>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5982\u679c Client \u5df2\u7ecf\u8fde\u4e0a vsftpd \u670d\u52a1\u5668\uff0c\u4f46\u662f\u5374\u663e\u793a\u300e XXX file can&#8217;t be opend \u300f\u7684\u5b57\u6837\uff0c\u8bf7\u68c0\u67e5\uff1a\n<ol>\t<\/p>\n<li>\u6700\u4e3b\u8981\u7684\u539f\u56e0\u8fd8\u662f\u5728\u4e8e\u5728 vsftpd.conf \u5f53\u4e2d\u8bbe\u5b9a\u4e86\u68c0\u67e5\u67d0\u4e2a\u6863\u6848\uff0c\u4f46\u662f\u4f60\u5374\u6ca1\u6709\u5c06\u8be5\u6863\u6848\u8bbe\u5b9a\u8d77\u6765\uff0c \u6240\u4ee5\uff0c\u8bf7\u68c0\u67e5 vsftpd.conf \u91cc\u9762\u6240\u6709\u8bbe\u5b9a\u7684\u6863\u6848\u6863\u540d\uff0c\u4f7f\u7528 touch \u8fd9\u4e2a\u6307\u4ee4\u5c06\u8be5\u6863\u6848\u5efa\u7acb\u8d77\u6765\u5373\u53ef\uff01<\/li>\n<p><\/ol>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5982\u679c Client \u5df2\u7ecf\u8fde\u4e0a vsftpd \u670d\u52a1\u5668\uff0c\u5374\u65e0\u6cd5\u4f7f\u7528\u67d0\u4e2a\u8d26\u53f7\u767b\u5165\uff0c\u8bf7\u68c0\u67e5\uff1a\n<ol>\t<\/p>\n<li>\u5728 vsftpd.conf \u91cc\u9762\u662f\u5426\u8bbe\u5b9a\u4e86\u4f7f\u7528 pam \u6a21\u5757\u6765\u68c0\u9a8c\u8d26\u53f7\uff0c\u4ee5\u53ca\u5229\u7528 userlist_file \u6765\u7ba1\u7406\u8d26\u53f7\uff1f<\/li>\n<p>\t<\/p>\n<li>\u8bf7\u68c0\u67e5 \/etc\/vsftpd\/ftpusers \u4ee5\u53ca \/etc\/vsftpd\/user_list \u6863\u6848\u5185\u662f\u5426\u5c06\u8be5\u8d26\u53f7\u5199\u5165\u4e86\uff1f<\/li>\n<p><\/ol>\n<p><\/li>\n<p>\t<\/p>\n<li>\u5982\u679c Client \u65e0\u6cd5\u4e0a\u4f20\u6863\u6848\uff0c\u8be5\u5982\u4f55\u662f\u597d\uff1f\n<ol>\t<\/p>\n<li>\u6700\u53ef\u80fd\u53d1\u751f\u7684\u539f\u56e0\u5c31\u662f\u5728 vsftpd.conf \u91cc\u9762\u5fd8\u8bb0\u52a0\u4e0a\u8fd9\u4e2a\u8bbe\u5b9a\u300ewrite_enable=YES\u300f\u8fd9\u4e2a\u8bbe\u5b9a\uff0c\u8bf7\u52a0\u5165\uff1b<\/li>\n<p>\t<\/p>\n<li>\u662f\u5426\u6240\u8981\u4e0a\u4f20\u7684\u76ee\u5f55\u300e\u6743\u9650\u300f\u4e0d\u5bf9\uff0c\u8bf7\u4ee5 chmod \u6216 chown \u6765\u4fee\u8ba2\uff1b<\/li>\n<p>\t<\/p>\n<li>\u662f\u5426 anonymous \u7684\u8bbe\u5b9a\u91cc\u9762\u5fd8\u8bb0\u52a0\u4e0a\u4e86\u5e95\u4e0b\u4e09\u4e2a\u53c2\u6570\uff1a\n<ul>\t<\/p>\n<li>anon_other_write_enable=YES<\/li>\n<p>\t<\/p>\n<li>anon_mkdir_write_enable=YES<\/li>\n<p>\t<\/p>\n<li>anon_upload_enable=YES<\/li>\n<p><\/ul>\n<p><\/li>\n<p>\t<\/p>\n<li>\u662f\u5426\u56e0\u4e3a\u8bbe\u5b9a\u4e86 email \u62b5\u6321\u673a\u5236\uff0c\u53c8\u5c06 email address \u5199\u5165\u8be5\u6863\u6848\u4e2d\u4e86\uff01\uff1f\u8bf7\u68c0\u67e5\uff01<\/li>\n<p>\t<\/p>\n<li>\u662f\u5426\u8bbe\u5b9a\u4e86\u4e0d\u8bb8 ASCII \u683c\u5f0f\u4f20\u9001\uff0c\u4f46 Client \u7aef\u5374\u4ee5 ASCII \u4f20\u9001\u5462\uff1f\u8bf7\u5728 client \u7aef\u4ee5 binary \u683c\u5f0f\u6765\u4f20\u9001\u6863\u6848\uff01<\/li>\n<p>\t<\/p>\n<li>\u68c0\u67e5\u4e00\u4e0b \/var\/log\/messages \uff0c\u662f\u5426\u88ab SELinux \u6240\u62b5\u6321\u4f4f\u4e86\u5462\uff1f<\/li>\n<p><\/ol>\n<p><\/li>\n<p><\/ul>\n<p>\u4e0a\u9762\u662f\u86ee\u5e38\u53d1\u73b0\u7684\u9519\u8bef\uff0c\u5982\u679c\u8fd8\u662f\u65e0\u6cd5\u89e3\u51b3\u4f60\u7684\u95ee\u9898\uff0c\u8bf7\u4f60\u52a1\u5fc5\u5206\u6790\u4e00\u4e0b\u8fd9\u4e24\u4e2a\u6863\u6848\uff1a\/var\/log\/vsftpd.log \u4e0e \/var\/log\/messages \uff0c\u91cc\u9762\u6709\u76f8\u5f53\u591a\u7684\u91cd\u8981\u8d44\u6599\uff0c\u53ef\u4ee5\u63d0\u4f9b\u7ed9\u4f60\u8fdb\u884c\u9664\u9519\u5594\uff01\u4e0d\u8fc7 \/var\/log\/vsftpd.log \u5374\u9884\u8bbe\u4e0d\u4f1a\u51fa\u73b0\uff01 \u53ea\u6709 \/var\/log\/xferlog \u800c\u5df2\u3002\u5982\u679c\u4f60\u60f3\u8981\u52a0\u5165 \/var\/log\/vsftpd.log \u7684\u652f\u6301\uff0c\u53ef\u4ee5\u8fd9\u6837\u505a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br>dual_log_enable=YES<br>vsftpd_log_file=\/var\/log\/vsftpd.log<br># \u52a0\u5165\u8fd9\u4e24\u4e2a\u8bbe\u5b9a\u503c\u5373\u53ef\u5466\uff01<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u8fd9\u6837\u672a\u6765\u6709\u65b0\u8054\u673a\u6216\u8005\u662f\u9519\u8bef\u65f6\uff0c\u5c31\u4f1a\u989d\u5916\u5199\u4e00\u4efd \/var\/log\/vsftpd.log \u53bb\u5594\uff01<\/p>\n<\/div>\n<p><\/div>\n<hr \/>\n<p><a name=\"client\"><\/a>93 \u5ba2\u6237\u7aef\u7684\u56fe\u5f62\u63a5\u53e3 FTP \u8054\u673a\u8f6f\u4ef6<\/p>\n<div>\n<p>\u5ba2\u6237\u7aef\u7684\u8054\u673a\u8f6f\u4ef6\u4e3b\u8981\u6709\u6587\u5b57\u63a5\u53e3\u7684 <a href=\"http:\/\/linux.vbird.org\/linux_server\/0140networkcommand.php#ftp\">ftp<\/a> \u53ca <a href=\"http:\/\/linux.vbird.org\/linux_server\/0140networkcommand.php#lftp\">lftp<\/a> \u8fd9\u4e24\u652f\u6307\u4ee4\uff0c\u8be6\u7ec6\u7684\u4f7f\u7528\u65b9\u5f0f\u8bf7\u53c2\u8003<a href=\"http:\/\/linux.vbird.org\/linux_server\/0140networkcommand.php\">\u7b2c\u4e94\u7ae0\u5e38\u7528\u7f51\u7edc\u6307\u4ee4<\/a>\u7684\u8bf4\u660e\u3002\u81f3\u4e8e Linux \u5e95\u4e0b\u7684\u56fe\u5f62\u63a5\u53e3\u8f6f\u4ef6\uff0c\u53ef\u4ee5\u53c2\u8003 gftp \u8fd9\u652f\u7a0b\u5e8f\u5594\uff01\u56fe\u5f62\u63a5\u53e3\u7684\u5566\uff01\u5f88\u7b80\u5355\u554a\uff01\u90a3 Windows \u5e95\u4e0b\u6709\u6ca1\u6709\u76f8\u5bf9\u5e94\u7684 FTP \u5ba2\u6237\u7aef\u8f6f\u4ef6\uff1f<\/p>\n<hr \/>\n<p><a name=\"client_filezilla\"><\/a>03.1 Filezilla<\/p>\n<div>\n<p>\u4e0a\u8ff0\u7684\u8f6f\u4ef6\u90fd\u662f\u81ea\u7531\u8f6f\u4ef6\u554a\uff0c\u90a3\u4e48 Windows \u64cd\u4f5c\u7cfb\u7edf\u6709\u6ca1\u6709\u81ea\u7531\u8f6f\u4ef6\u554a\uff1f\u6709\u7684\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 filezilla \u8fd9\u4e2a\u597d\u4e1c\u897f\uff01\u8fd9\u4e2a\u73a9\u610f\u513f\u7684\u8be6\u7ec6\u8bf4\u660e\u4e0e\u4e0b\u8f7d\u70b9\u53ef\u4ee5\u5728\u5e95\u4e0b\u7684\u8fde\u7ed3\u627e\u5230\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u8bf4\u660e\u7f51\u7ad9\uff1a<a href=\"http:\/\/filezilla.sourceforge.net\/\" target=\"_blank\">http:\/\/filezilla.sourceforge.net\/<\/a><\/li>\n<p>\t<\/p>\n<li>\u4e0b\u8f7d\u7f51\u7ad9\uff1a<a href=\"http:\/\/sourceforge.net\/project\/showfiles.php?group_id=21558\" target=\"_blank\">http:\/\/sourceforge.net\/project\/showfiles.php?group_id=21558<\/a><\/li>\n<p><\/ul>\n<p>\u76ee\u524d (2011\/06) \u6700\u65b0\u7684\u7a33\u5b9a\u7248\u672c\u662f 3.5.x \u7248\uff0c\u6240\u4ee5\u5e95\u4e0b\u9e1f\u54e5\u5c31\u4ee5\u8fd9\u4e2a\u7248\u672c\u6765\u8ddf\u5927\u5bb6\u8bf4\u660e\u3002\u4e3a\u4ec0\u4e48\u8981\u9009\u62e9 Filezilla \u5462\uff1f\u9664\u4e86\u4ed6\u662f\u81ea\u7531\u8f6f\u4ef6\u4e4b\u5916\uff0c\u8fd9\u5bb6\u4f19\u7adf\u7136\u53ef\u4ee5\u8fde\u7ed3\u5230 SSH \u7684 sftp \u5462\uff01\u771f\u662f\u5f88\u4e0d\u9519\u7684\u4e00\u4e2a\u5bb6\u4f19\u554a\uff01^_^\uff01\u53e6\u5916\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5e95\u4e0b\u9e1f\u54e5\u662f\u4ee5 Windows \u7248\u672c\u6765\u8bf4\u660e\u7684\uff0c\u4e0d\u8981\u62ff\u6765\u5728 X window \u4e0a\u9762\u5b89\u88c5\u5594\uff01^_^ (\u8bf7\u4e0b\u8f7d Filezilla client \u4e0d\u662f server \u5594\uff01)<\/p>\n<p>\u56e0\u4e3a\u8fd9\u4e2a\u7a0b\u5e8f\u662f\u7ed9 Windows \u5b89\u88c5\u7528\u7684\uff0c\u6240\u4ee5\u5b89\u88c5\u7684\u8fc7\u7a0b\u5c31\u662f&#8230;(\u4e0b\u4e00\u6b65)^n \u5c31\u597d\u4e86\uff01\u5e76\u4e14\u8fd9\u4e2a\u7a0b\u5e8f\u652f\u6301\u591a\u56fd\u8bed\u7cfb\uff0c \u6240\u4ee5\u4f60\u53ef\u4ee5\u9009\u62e9\u7e41\u4f53\u4e2d\u6587\u5462\uff01\u5b9e\u5728\u662f\u5f88\u68d2\uff01\u5b89\u88c5\u5b8c\u6bd5\u4e4b\u540e\uff0c\u8bf7\u4f60\u6267\u884c\u4ed6\uff0c\u5c31\u4f1a\u51fa\u73b0\u5982\u4e0b\u7684\u753b\u9762\u4e86\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_002.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"filezilla_3_002\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_002-560x403.gif\" alt=\"filezilla_3_002\" width=\"560\" height=\"403\" \/><\/a><br \/>\u56fe 3-1\u3001Filezilla \u7684\u64cd\u4f5c\u63a5\u53e3\u793a\u610f\u56fe<\/center>\u4e0a\u56fe\u7684 \u7b2c\u4e00\u3001\u4e8c\u5230\u4e94\u533a\u7684\u5185\u5bb9\u6240\u4ee3\u8868\u7684\u8d44\u6599\u662f\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u7b2c\u4e00\u533a\uff1a\u4ee3\u8868 FTP \u670d\u52a1\u5668\u7684\u8f93\u51fa\u4fe1\u606f\uff0c\u4f8b\u5982\u6b22\u8fce\u8baf\u606f\u7b49\u4fe1\u606f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7b2c\u4e8c\u533a\uff1a\u4ee3\u8868\u672c\u673a\u7684\u6587\u4ef6\u7cfb\u7edf\u76ee\u5f55\uff0c\u4e0e\u7b2c\u4e09\u533a\u6709\u5173\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7b2c\u4e09\u533a\uff1a\u4ee3\u8868\u7b2c\u4e8c\u533a\u6240\u9009\u62e9\u7684\u78c1\u76d8\u5185\u5bb9\u4e3a\u4f55\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7b2c\u56db\u533a\uff1a\u4ee3\u8868\u8fdc\u7a0b FTP \u670d\u52a1\u5668\u7684\u76ee\u5f55\u4e0e\u6863\u6848\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7b2c\u4e94\u533a\uff1a\u4ee3\u8868\u4f20\u8f93\u65f6\u7684\u961f\u5217\u4fe1\u606f (\u7b49\u5f85\u4f20\u9001\u7684\u6570\u636e)<\/li>\n<p><\/ol>\n<p>\u800c\u53e6\u5916\u56fe\u4e2d\u7684 a, b, c \u5219\u4ee3\u8868\u7684\u662f\uff1a<\/p>\n<ol type=\"a\">\t<\/p>\n<li>\u7ad9\u53f0\u7ba1\u7406\u5458\uff0c\u4f60\u53ef\u4ee5\u5c06\u4e00\u4e9b\u5e38\u7528\u7684 FTP \u670d\u52a1\u5668\u7684 IP \u4e0e\u7528\u6237\u4fe1\u606f\u8bb0\u5f55\u5728\u6b64\uff1b<\/li>\n<p>\t<\/p>\n<li>\u66f4\u65b0\uff0c\u5982\u679c\u4f60\u7684\u8d44\u6599\u6709\u66f4\u65b0\uff0c\u53ef\u4f7f\u7528\u8fd9\u4e2a\u6309\u94ae\u6765\u540c\u6b65 filezilla \u7684\u5c4f\u5e55\u663e\u793a\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4e3b\u673a\u5730\u5740\u3001\u7528\u6237\u3001\u5bc6\u7801\u4e0e\u7aef\u53e3\u8fd9\u56db\u4e2a\u73a9\u610f\u513f\u53ef\u4ee5\u5b9e\u65f6\u8054\u673a\uff0c\u4e0d\u8bb0\u5f55\u4fe1\u606f\u3002<\/li>\n<p><\/ol>\n<p>\u597d\uff0c\u63a5\u4e0b\u6765\u6211\u4eec\u8fde\u63a5\u5230 FTP \u670d\u52a1\u5668\u4e0a\u9762\u53bb\uff0c\u6240\u4ee5\u4f60\u53ef\u6309\u4e0b\u56fe 3-1 \u7684 a \u90e8\u5206\uff0c\u4f1a\u51fa\u73b0\u5982\u4e0b\u753b\u9762\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_003.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"filezilla_3_003\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_003.gif\" alt=\"filezilla_3_003\" width=\"550\" height=\"444\" \/><\/a><br \/>\u56fe 3-2\u3001Filezilla \u7684 FTP \u7ad9\u53f0\u7ba1\u7406\u5458\u4f7f\u7528\u793a\u610f\u56fe<\/center>\u4e0a\u56fe\u7684\u7bad\u5934\u4e0e\u76f8\u5173\u7684\u5185\u5bb9\u662f\u8fd9\u6837\u7684\uff1a<\/p>\n<ol>\t<\/p>\n<li>\u5148\u6309\u4e0b\u300e\u65b0\u589e\u7ad9\u53f0\u300f\u7684\u6309\u94ae\uff0c\u7136\u540e\u5728\u7bad\u5934 2 \u7684\u5730\u65b9\u5c31\u4f1a\u51fa\u73b0\u53ef\u8f93\u5165\u540d\u79f0\u7684\u65b9\u6846\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5728\u8be5\u65b9\u6846\u5f53\u4e2d\u968f\u4fbf\u586b\u5199\u4e00\u4e2a\u4f60\u5bb9\u6613\u8bb0\u5f55\u7684\u540d\u5b57\uff0c\u53ea\u8981\u4e0e\u771f\u6b63\u7684\u7f51\u7ad9\u6709\u70b9\u5173\u8fde\u5373\u53ef\uff1b<\/li>\n<p>\t<\/p>\n<li>\u63a5\u4e0b\u6765\u770b\u5230\u53f3\u8fb9\u6709\u4e00\u822c\u8bbe\u5b9a\uff0c\u5728\u4e00\u822c\u8bbe\u5b9a\u91cc\u9762\u51e0\u4e2a\u9879\u76ee\u5f88\u91cd\u8981\u7684\uff1a\n<ul>\t<\/p>\n<li>\u4e3b\u673a\uff1a\u5728\u8fd9\u4e2a\u65b9\u6846\u4e2d\u586b\u5199\u4e3b\u673a\u7684 IP\uff0c\u7aef\u53e3\u5982\u679c\u4e0d\u662f\u6807\u51c6\u7684 port 21 \u624d\u586b\u5199\u5176\u4ed6\u57e0\u53e3\u3002<\/li>\n<p>\t<\/p>\n<li>\u534f\u5b9a\uff1a\u4e3b\u8981\u6709 (1)FTP \u53ca (2)SFTP (SSHD \u6240\u63d0\u4f9b)\uff0c\u6211\u4eec\u8fd9\u91cc\u9009 FTP<\/li>\n<p>\t<\/p>\n<li>\u52a0\u5bc6\uff1a\u662f\u5426\u6709\u7f51\u7edc\u52a0\u5bc6\uff0c\u65b0\u7684\u534f\u8bae\u4e2d\uff0cFTP \u53ef\u4ee5\u52a0\u4e0a TLS \u7684 FTPS \u5594\uff01\u9884\u8bbe\u4e3a\u660e\u7801<\/li>\n<p>\t<\/p>\n<li>\u767b\u5165\u578b\u5f0f\uff1a\u56e0\u4e3a\u9700\u8981\u8d26\u53f7\u5bc6\u7801\uff0c\u9009\u62e9\u300e\u4e00\u822c\u300f\u5373\u53ef\uff0c\u7136\u540e\u5e95\u4e0b\u5c31\u662f\u8f93\u5165\u4f7f\u7528\u8005\u3001\u8d26\u53f7\u5373\u53ef\u3002<\/li>\n<p><\/ul>\n<p><\/li>\n<p><\/ol>\n<p>\u57fa\u672c\u4e0a\u8fd9\u6837\u8bbe\u5b9a\u5b8c\u5c31\u80fd\u591f\u8fde\u4e0a\u4e3b\u673a\u4e86\uff0c\u4e0d\u8fc7\uff0c\u5982\u679c\u4f60\u8fd8\u60f3\u8981\u66f4\u8be6\u7ec6\u7684\u89c4\u8303\u6570\u636e\u8fde\u63a5\u7684\u65b9\u5f0f (\u4e3b\u52a8\u5f0f\u4e0e\u88ab\u52a8\u5f0f) \u4ee5\u53ca\u5176\u4ed6\u6570\u636e\u65f6\uff0c \u53ef\u4ee5\u6309\u4e0b\u7684\u300e\u4f20\u8f93\u8bbe\u5b9a\u300f\u6309\u94ae\uff0c\u5c31\u4f1a\u51fa\u73b0\u5982\u4e0b\u753b\u9762\u4e86\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"filezilla_3\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3.gif\" alt=\"filezilla_3\" width=\"550\" height=\"443\" \/><\/a><br \/>\u56fe 3-3\u3001Filezilla \u7ad9\u53f0\u7ba1\u7406\u5458\u5185\u7684\u4f20\u8f93\u8bbe\u5b9a<\/center>\u5728\u8fd9\u4e2a\u753b\u9762\u5f53\u4e2d\u4f60\u53ef\u4ee5\u9009\u62e9\u662f\u5426\u4f7f\u7528\u88ab\u52a8\u5f0f\u4f20\u8f93\u673a\u5236\uff0c\u8fd8\u53ef\u4ee5\u8c03\u6574\u6700\u5927\u8054\u673a\u6570\u5462\uff01\u4e3a\u4ec0\u4e48\u8981\u81ea\u6211\u9650\u5236\u5462\uff1f \u56e0\u4e3a Filezilla \u4f1a\u4e3b\u52a8\u7684\u91cd\u590d\u5efa\u7acb\u591a\u6761\u8054\u673a\u6765\u5feb\u901f\u4e0b\u8f7d\uff0c\u4f46\u5982\u679c vsftpd.conf \u6709\u9650\u5236 max_per_ip \u7684\u8bdd\uff0c \u67d0\u4e9b\u4e0b\u8f7d\u4f1a\u88ab\u62d2\u7edd\u7684\uff01\u56e0\u6b64\uff0c\u8fd9\u4e2a\u65f6\u5019\u5728\u6b64\u8bbe\u5b9a\u4e3a 1 \u5c31\u663e\u7684\u5f88\u91cd\u8981\uff5e\u968f\u65f6\u53ea\u6709\u4e00\u652f\u8054\u673a\u5efa\u7acb\uff0c\u5c31\u4e0d\u4f1a\u6709\u91cd\u590d\u767b\u5165\u7684\u95ee\u9898\uff01 \u6700\u540e\u8bf7\u6309\u4e0b\u56fe 3-2 \u753b\u9762\u4e2d\u7684\u300e\u8054\u673a\u300f\u5427\uff01<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_004.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"filezilla_3_004\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/filezilla_3_004-560x387.gif\" alt=\"filezilla_3_004\" width=\"560\" height=\"387\" \/><\/a><br \/>\u56fe 3-4\u3001Filezilla \u8054\u673a\u6210\u529f\u793a\u610f\u56fe<\/center>\u66f4\u591a\u7684\u7528\u6cd5\u5c31\u8bf7\u4f60\u81ea\u884c\u7814\u7a76\u5570\uff01<\/p>\n<\/div>\n<hr \/>\n<p><a name=\"client_browser\"><\/a>3.2 \u900f\u8fc7\u6d4f\u89c8\u5668\u53d6\u5f97 FTP \u8054\u673a<\/p>\n<div>\n<p>\u6211\u4eec\u5728 <a href=\"http:\/\/linux.vbird.org\/linux_server\/0360apache.php\">\u7b2c\u4e8c\u5341\u7ae0 WWW \u670d\u52a1\u5668<\/a>\u5f53\u4e2d\u66fe\u7ecf\u8c08\u8fc7\u6d4f\u89c8\u5668\u6240\u652f\u6301\u7684\u534f\u8bae\uff0c\u5176\u4e2d\u4e00\u4e2a\u5c31\u662f ftp \u8fd9\u4e2a\u534f\u5b9a\u5570\uff01\u8fd9\u4e2a\u534f\u8bae\u7684\u5904\u7406\u65b9\u5f0f\u53ef\u4ee5\u5728\u7f51\u5740\u5217\u7684\u5730\u65b9\u8fd9\u6837\u8f93\u5165\u7684\uff1a<\/p>\n<ul>\t<\/p>\n<li>ftp:\/\/username@your_ip<\/li>\n<p><\/ul>\n<p>\u8981\u8bb0\u5f97\uff0c\u5982\u679c\u4f60\u6ca1\u6709\u8f93\u5165\u90a3\u4e2a username@ \u7684\u5b57\u6837\u65f6\uff0c\u7cfb\u7edf\u9ed8\u8ba4\u4f1a\u4ee5\u533f\u540d\u767b\u5f55\u6765\u5904\u7406\u8fd9\u6b21\u7684\u8054\u673a\u3002\u56e0\u6b64\u5982\u679c\u4f60\u60f3\u8981\u4f7f\u7528\u5b9e\u4f53\u7528\u6237\u8054\u673a\u65f6\uff0c \u5c31\u5728\u5728 IP \u6216\u4e3b\u673a\u540d\u4e4b\u524d\u586b\u5199\u4f60\u7684\u8d26\u53f7\u3002\u4e3e\u4f8b\u6765\u8bf4\uff0c\u9e1f\u54e5\u7684 FTP \u670d\u52a1\u5668 (192.168.100.254) \u82e5\u6709 dmtsai \u8fd9\u4e2a\u4f7f\u7528\u8005\uff0c \u90a3\u6211\u542f\u52a8\u6d4f\u89c8\u5668\u540e\uff0c\u53ef\u4ee5\u8fd9\u6837\u505a\uff1a<\/p>\n<ul>\t<\/p>\n<li>ftp:\/\/dmtsai@192.168.100.254<\/li>\n<p><\/ul>\n<p>\u7136\u540e\u5728\u51fa\u73b0\u7684\u5bf9\u8bdd\u7a97\u53e3\u5f53\u4e2d\u8f93\u5165 dmtsai \u7684\u5bc6\u7801\uff0c\u5c31\u80fd\u591f\u4f7f\u7528\u6d4f\u89c8\u5668\u6765\u7ba1\u7406\u6211\u5728 FTP \u670d\u52a1\u5668\u5185\u7684\u6587\u4ef6\u7cfb\u7edf\u5570\uff01\u662f\u5426\u5f88\u5bb9\u6613\u554a \u751a\u81f3\uff0c\u4f60\u8fde\u5bc6\u7801\u90fd\u60f3\u8981\u5199\u4e0a\u7f51\u5740\u5217\uff0c\u90a3\u5c31\u66f4\u5389\u5bb3\u5566\uff01<\/p>\n<ul>\t<\/p>\n<li>ftp:\/\/dmtsai:yourpassword@192.168.100.254<\/li>\n<p><\/ul>\n<p><\/div>\n<p><\/div>\n<hr \/>\n<p><a name=\"server_ssl\"><\/a>::__IHACKLOG_REMOTE_IMAGE_AUTODOWN_BLOCK__::264 \u8ba9 vsftpd \u589e\u52a0 SSL \u7684\u52a0\u5bc6\u529f\u80fd<\/p>\n<div>\n<p>\u65e2\u7136 http \u90fd\u6709 https \u4e86\uff0c\u90a3\u4e48\u4f7f\u7528\u660e\u7801\u4f20\u8f93\u7684 ftp \u6709\u6ca1\u6709\u52a0\u5bc6\u7684 ftps \u5462\uff1f\u563f\u563f\uff01\u8bf4\u7684\u597d\uff01\u6709\u7684\u5566\uff5e\u65e2\u7136\u90fd\u6709 openssl \u8fd9\u4e2a\u52a0\u5bc6\u51fd\u5f0f\u5e93\uff0c \u6211\u4eec\u5f53\u7136\u80fd\u591f\u4f7f\u7528\u7c7b\u4f3c\u7684\u673a\u5236\u6765\u5904\u7406 FTP \u5570\uff01\u4f46\u524d\u63d0\u4e4b\u4e0b\u662f\u4f60\u7684 vsftpd \u6709\u652f\u6301 SSL \u51fd\u5f0f\u5e93\u624d\u884c\uff01\u6b64\u5916\uff0c\u6211\u4eec\u4e5f\u5fc5\u987b\u8981\u5efa\u7acb SSL \u7684\u51ed\u8bc1\u6863\u7ed9 vsftpd \u4f7f\u7528\uff0c\u8fd9\u6837\u624d\u80fd\u591f\u8fdb\u884c\u52a0\u5bc6\u561b\uff01\u4e86\u89e3\u4e4e\uff01\u63a5\u4e0b\u6765\uff0c\u5c31\u8ba9\u6211\u4eec\u4e00\u6b65\u4e00\u6b65\u7684\u8fdb\u884c ftps \u7684\u670d\u52a1\u5668\u5efa\u7f6e\u5427\uff01<\/p>\n<div><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>1. \u68c0\u67e5 vsftpd \u6709\u65e0\u652f\u6301 ssl \u6a21\u5757\uff1a<\/li>\n<p><\/ul>\n<p>\u5982\u679c\u4f60\u7684 vsftpd \u5f53\u521d\u7f16\u8bd1\u7684\u65f6\u5019\u6ca1\u6709\u652f\u6301 SSL \u6a21\u5757\uff0c\u90a3\u4e48\u4f60\u5c31\u5f97\u53ea\u597d\u81ea\u5df1\u91cd\u65b0\u7f16\u8bd1\u4e00\u4e2a vsftpd \u7684\u8f6f\u4ef6\u4e86\uff01\u6211\u4eec\u7684 CentOS \u6709\u652f\u6301\u5417\uff1f \u8d76\u7d27\u6765\u77a7\u77a7\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# ldd $(which vsftpd) | grep ssl<br>        libssl.so.10 =&gt; \/usr\/lib64\/libssl.so.10 (0x00007f0587879000)<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p>\u5982\u679c\u6709\u51fa\u73b0 libssl.so \u7684\u5b57\u6837\uff0c\u5c31\u662f\u6709\u652f\u6301\uff01\u8fd9\u6837\u624d\u80fd\u591f\u7ee7\u7eed\u4e0b\u4e00\u6b65\u5466\uff01<\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>2. \u5efa\u7acb\u4e13\u95e8\u7ed9 vsftpd \u4f7f\u7528\u7684\u51ed\u8bc1\u6570\u636e\uff1a<\/li>\n<p><\/ul>\n<p>CentOS \u7ed9\u6211\u4eec\u4e00\u4e2a\u5efa\u7acb\u51ed\u8bc1\u7684\u5730\u65b9\uff0c\u90a3\u5c31\u662f \/etc\/pki\/tls\/certs\/ \u8fd9\u4e2a\u76ee\u5f55\uff01\u8be6\u7ec6\u7684\u8bf4\u660e\u6211\u4eec\u5728 <a href=\"http:\/\/linux.vbird.org\/linux_server\/0360apache.php#www_ssl_own\">20.5.2<\/a> \u91cc\u9762\u8c08\u8fc7\u54af\uff0c\u6240\u4ee5\u8fd9\u91cc\u53ea\u4ecb\u7ecd\u600e\u4e48\u505a\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# cd \/etc\/pki\/tls\/certs<br>[root@www certs]# make vsftpd.pem<br>----- ....(\u524d\u9762\u7701\u7565)....<br>Country Name (2 letter code) [XX]:TW<br>State or Province Name (full name) []:Taiwan<br>Locality Name (eg, city) [Default City]:Tainan<br>Organization Name (eg, company) [Default Company Ltd]:KSU<br>Organizational Unit Name (eg, section) []:DIC<br>Common Name (eg, your name or your server's hostname) []:www.centos.vbird<br>Email Address []:root@www.centos.vbird<br><br>[root@www certs]# cp -a vsftpd.pem \/etc\/vsftpd\/<br>[root@www certs]# ll \/etc\/vsftpd\/vsftpd.pem<br>-rw-------. 1 root root 3116 2011-08-08 16:52 \/etc\/vsftpd\/vsftpd.pem<br># \u8981\u6ce8\u610f\u4e00\u4e0b\u6743\u9650\u5594\uff01<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>3. \u4fee\u6539 vsftpd.conf \u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u5047\u5b9a\u6709\u5b9e\u4f53\u3001\u533f\u540d\u8d26\u53f7\uff1a<\/li>\n<p><\/ul>\n<p>\u5728\u524d\u9762 2 \u91cc\u9762\u5927\u591a\u662f\u5355\u7eaf\u533f\u540d\u6216\u5355\u7eaf\u5b9e\u4f53\u5e10\u6237\uff0c\u8fd9\u91cc\u6211\u4eec\u5c06\u5b9e\u4f53\u8d26\u53f7\u900f\u8fc7 SSL \u8054\u673a\uff0c\u4f46\u533f\u540d\u8005\u4f7f\u7528\u660e\u7801\u4f20\u8f93\uff01 \u4e24\u8005\u540c\u65f6\u63d0\u4f9b\u7ed9\u5ba2\u6237\u7aef\u4f7f\u7528\u5566\uff01FTP \u7684\u8bbe\u5b9a\u9879\u76ee\u4e3b\u8981\u662f\u8fd9\u6837\uff1a<\/p>\n<ul>\t<\/p>\n<li>\u63d0\u4f9b\u5b9e\u4f53\u8d26\u53f7\u767b\u5165\uff0c\u5b9e\u4f53\u8d26\u53f7\u53ef\u4e0a\u4f20\u6570\u636e\uff0c\u4e14 umask \u4e3a 002<\/li>\n<p>\t<\/p>\n<li>\u5b9e\u4f53\u8d26\u53f7\u9ed8\u8ba4\u4e3a chroot \u7684\u60c5\u51b5\uff0c\u4e14\u5168\u90e8\u5b9e\u4f53\u8d26\u53f7\u53ef\u7528\u5e26\u5bbd\u4e3a 1Mbytes\/second<\/li>\n<p>\t<\/p>\n<li>\u5b9e\u4f53\u8d26\u53f7\u7684\u767b\u5165\u4e0e\u6570\u636e\u4f20\u8f93\u5747\u9700\u900f\u8fc7 SSL \u52a0\u5bc6\u529f\u80fd\u4f20\u9001\uff1b<\/li>\n<p>\t<\/p>\n<li>\u63d0\u4f9b\u533f\u540d\u767b\u5f55\uff0c\u533f\u540d\u8005\u4ec5\u80fd\u4e0b\u8f7d\uff0c\u4e0d\u80fd\u4e0a\u4f20\uff0c\u4e14\u4f7f\u7528\u660e\u7801\u4f20\u8f93 (\u4e0d\u900f\u8fc7 SSL)<\/li>\n<p><\/ul>\n<p>\u6b64\u65f6\uff0c\u6574\u4f53\u7684\u8bbe\u5b9a\u503c\u4f1a\u6709\u70b9\u50cf\u8fd9\u6837\uff1a<\/p>\n<table><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td><\/p>\n<pre>[root@www ~]# vim \/etc\/vsftpd\/vsftpd.conf<br># \u5b9e\u4f53\u8d26\u53f7\u7684\u4e00\u822c\u8bbe\u5b9a\u9879\u76ee\uff1a<br>local_enable=YES<br>write_enable=YES<br>local_umask=002<br>chroot_local_user=YES<br>chroot_list_enable=YES<br>chroot_list_file=\/etc\/vsftpd\/chroot_list<br>local_max_rate=10000000<br><br># \u533f\u540d\u8005\u7684\u4e00\u822c\u8bbe\u5b9a\uff1a<br>anonymous_enable=YES<br>no_anon_password=YES<br>anon_max_rate=1000000<br>data_connection_timeout=60<br>idle_session_timeout=600<br><br># \u9488\u5bf9 SSL \u6240\u52a0\u5165\u7684\u7279\u522b\u53c2\u6570\uff01\u6bcf\u4e2a\u9879\u76ee\u90fd\u5f88\u91cd\u8981\uff01<br>ssl_enable=YES              &lt;==\u542f\u52a8 SSL \u7684\u652f\u6301<br>allow_anon_ssl=NO           &lt;==\u4f46\u662f\u4e0d\u5141\u8bb8\u533f\u540d\u8005\u4f7f\u7528 SSL \u5594\uff01<br>force_local_data_ssl=YES    &lt;==\u5f3a\u5236\u5b9e\u4f53\u7528\u6237\u6570\u636e\u4f20\u8f93\u52a0\u5bc6<br>force_local_logins_ssl=YES  &lt;==\u540c\u4e0a\uff0c\u4f46\u8fde\u767b\u5165\u65f6\u7684\u5e10\u5bc6\u4e5f\u52a0\u5bc6<br>ssl_tlsv1=YES               &lt;==\u652f\u6301 TLS \u65b9\u5f0f\u5373\u53ef\uff0c\u5e95\u4e0b\u4e0d\u7528\u542f\u52a8<br>ssl_sslv2=NO<br>ssl_sslv3=NO<br>rsa_cert_file=\/etc\/vsftpd\/vsftpd.pem &lt;==\u9884\u8bbe RSA \u52a0\u5bc6\u7684\u51ed\u8bc1\u6863\u6848\u6240\u5728<br><br># \u4e00\u822c\u670d\u52a1\u5668\u7cfb\u7edf\u8bbe\u5b9a\u7684\u9879\u76ee\uff1a<br>max_clients=50<br>max_per_ip=5<br>use_localtime=YES<br>dirmessage_enable=YES<br>xferlog_enable=YES<br>connect_from_port_20=YES<br>xferlog_std_format=YES<br>listen=YES<br>pam_service_name=vsftpd<br>tcp_wrappers=YES<br>banner_file=\/etc\/vsftpd\/welcome.txt<br>dual_log_enable=YES<br>vsftpd_log_file=\/var\/log\/vsftpd.log<br>pasv_min_port=65400<br>pasv_max_port=65410<br><br>[root@www ~]# \/etc\/init.d\/vsftpd restart<\/pre>\n<p><\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/p>\n<ul>\t<\/p>\n<li>\n<hr \/>\n<p>4. \u8054\u673a\u6d4b\u8bd5\u770b\u770b\uff01\u4f7f\u7528 Filezilla \u8054\u673a\u6d4b\u8bd5\uff1a<\/li>\n<p><\/ul>\n<p>\u63a5\u4e0b\u6765\u6211\u4eec\u5229\u7528 filezilla \u6765\u8bf4\u660e\u4e00\u4e0b\uff0c\u5982\u4f55\u900f\u8fc7 SSL\/TLS \u529f\u80fd\u6765\u8fdb\u884c\u8054\u673a\u52a0\u5bc6\u3002\u5f88\u7b80\u5355\uff0c\u53ea\u8981\u5728\u7ad9\u53f0\u7ba1\u7406\u5458\u7684\u5730\u65b9\u9009\u62e9\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/server_ssl_1.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"server_ssl_1\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/server_ssl_1.gif\" alt=\"server_ssl_1\" width=\"546\" height=\"439\" \/><\/a><br \/>\u56fe 4-1\u3001\u900f\u8fc7 Filezilla \u8054\u673a\u5230 SSL\/TLS \u652f\u6301\u7684 FTP \u65b9\u5f0f<\/center>\u5982\u4e0a\u56fe\u6240\u793a\uff0c\u91cd\u70b9\u5728\u7bad\u5934\u6240\u6307\u7684\u5730\u65b9\uff0c\u9700\u8981\u900f\u8fc7 TLS \u7684\u52a0\u5bc6\u65b9\u5f0f\u624d\u884c\uff01\u7136\u540e\uff0c\u9e1f\u54e5\u5c1d\u8bd5\u4f7f\u7528 student \u8fd9\u4e2a\u4e00\u822c\u8d26\u53f7\u767b\u5165\u7cfb\u7edf\uff0c \u8054\u673a\u7684\u65f6\u5019\uff0c\u5e94\u8be5\u4f1a\u51fa\u73b0\u5982\u4e0b\u7684\u56fe\u793a\u624d\u5bf9\uff1a<\/p>\n<p><center><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/server_ssl_2.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"server_ssl_2\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/server_ssl_2.gif\" alt=\"server_ssl_2\" width=\"522\" height=\"481\" \/><\/a><br \/>\u56fe 4-2\u3001\u900f\u8fc7 Filezilla \u662f\u5426\u63a5\u53d7\u51ed\u8bc1\u5462\uff1f<\/center>\u5982\u679c\u4e00\u5207\u90fd\u6ca1\u6709\u95ee\u9898\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u70b9\u9009\u4e0a\u56fe\u90a3\u4e2a\u300e\u603b\u662f\u4fe1\u4efb\u300f\u7684\u9879\u76ee\uff0c\u5982\u6b64\u4e00\u6765\uff0c\u672a\u6765\u8054\u673a\u5230\u8fd9\u4e2a\u5730\u65b9\u5c31\u4e0d\u4f1a\u518d\u6b21\u8981\u4f60\u786e\u8ba4\u51ed\u8bc1\u5566\uff01 \u5f88\u7b80\u5355\u7684\u89e3\u51b3\u4e86 FTP \u8054\u673a\u52a0\u5bc6\u7684\u95ee\u9898\u5570\uff01^_^<\/p>\n<table width=\"90%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\"><\/p>\n<tbody><\/p>\n<tr><\/p>\n<td>\u4f8b\u9898\uff1a<\/p>\n<div>\u60f3\u4e00\u60f3\uff0c\u65e2\u7136\u6709\u4e86 SFTP \u53ef\u4ee5\u8fdb\u884c\u52a0\u5bc6\u7684 FTP \u4f20\u8f93\uff0c\u90a3\u4e3a\u4f55\u9700\u8981 ftps \u5462\uff1f<\/div>\n<p>\u7b54\uff1a<\/p>\n<div>\u56e0\u4e3a\u65e2\u7136\u8981\u5f00\u653e SFTP \u7684\u8bdd\uff0c\u5c31\u5f97\u8981\u540c\u65f6\u653e\u884c sshd \u4ea6\u5373\u662f ssh \u7684\u8054\u673a\uff0c\u5982\u6b64\u4e00\u6765\uff0c\u4f60\u7684 port 22 \u5f88\u53ef\u80fd\u4f1a\u5e38\u5e38\u88ab\u4fa6\u6d4b\uff5e\u82e5\u662f openssl, openssh \u51fa\u95ee\u9898\uff0c\u6050\u6015\u4f60\u7684\u7cfb\u7edf\u5c31\u4f1a\u88ab\u7ed1\u67b6\u3002\u5982\u679c\u4f60\u7684 FTP \u771f\u7684\u6709\u5fc5\u8981\u5b58\u5728\uff0c\u90a3\u4e48\u900f\u8fc7 ftps \u4ee5\u53ca\u5229\u7528 vsftpd \u8fd9\u4e2a\u8f83\u4e3a\u5b89\u5168\u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u6765\u67b6\u8bbe\uff0c \u7406\u8bba\u4e0a\uff0c\u662f\u8981\u6bd4 sftp \u6765\u7684\u5b89\u5168\u4e9b\uff5e\u81f3\u5c11\u5bf9 Internet \u653e\u884c ftps \u8fd8\u4e0d\u4f1a\u89c9\u5f97\u5f88\u53ef\u6015&#8230;<\/div>\n<\/td>\n<p><\/tr>\n<p><\/tbody>\n<p><\/table>\n<p><\/div>\n<p><\/div>\n<hr \/>\n<p><a name=\"hint\"><\/a>::__IHACKLOG_REMOTE_IMAGE_AUTODOWN_BLOCK__::295 \u91cd\u70b9\u56de\u987e<\/p>\n<div><\/p>\n<ul>\t<\/p>\n<li>FTP \u662f\u6587\u4ef6\u4f20\u8f93\u534f\u8bae (File Transfer Protocol) \u7684\u7b80\u5199\uff0c\u4e3b\u8981\u7684\u529f\u80fd\u662f\u8fdb\u884c\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u7684\u6863\u6848\u7ba1\u7406\u3001\u4f20\u8f93\u7b49\u4e8b\u9879\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u7684\u670d\u52a1\u5668\u8f6f\u4ef6\u975e\u5e38\u591a\uff0c\u4f8b\u5982 Wu FTP, Proftpd, vsftpd \u7b49\u7b49\uff0c\u5404\u79cd FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u7684\u53d1\u5c55\u7406\u5ff5\u5e76\u4e0d\u76f8\u540c\uff0c \u6240\u4ee5\u9009\u62e9\u65f6\u8bf7\u4f9d\u7167\u4f60\u7684\u9700\u6c42\u6765\u51b3\u5b9a\u6240\u9700\u8981\u7684\u8f6f\u4ef6\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u4f7f\u7528\u7684\u662f\u660e\u7801\u4f20\u8f93\uff0c\u800c\u8fc7\u53bb\u4e00\u4e9b FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u4e5f\u66fe\u88ab\u53d1\u73b0\u5b89\u5168\u6f0f\u6d1e\uff0c\u56e0\u6b64\u8bbe\u5b9a\u524d\u8bf7\u786e\u5b9a\u8be5\u8f6f\u4ef6\u5df2\u662f\u6700\u65b0\u7248\u672c\uff0c\u907f\u514d\u5b89\u5168\u8bae\u9898\u7684\u884d\u751f\uff1b<\/li>\n<p>\t<\/p>\n<li>\u7531\u4e8e FTP \u662f\u660e\u7801\u4f20\u8f93\uff0c\u5176\u5b9e\u53ef\u4ee5\u4f7f\u7528 SSH \u63d0\u4f9b\u7684 sftp \u6765\u53d6\u4ee3 FTP \uff1b<\/li>\n<p>\t<\/p>\n<li>\u5927\u591a\u6570\u7684 FTP \u670d\u52a1\u5668\u8f6f\u4ef6\u90fd\u63d0\u4f9b chroot \u7684\u529f\u80fd\uff0c\u5c06\u5b9e\u4f53\u7528\u6237\u9650\u5236\u5728\u4ed6\u7684\u5bb6\u76ee\u5f55\u5185\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u8fd9\u4e2a daemon \u6240\u5f00\u542f\u7684\u6b63\u89c4\u57e0\u53e3\u4e3a 20 \u4e0e 21 \uff0c\u5176\u4e2d 21 \u4e3a\u547d\u4ee4\u901a\u9053\uff0c 20 \u4e3a\u4e3b\u52a8\u8054\u673a\u7684\u6570\u636e\u4f20\u8f93\u4fe1\u9053\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u7684\u6570\u636e\u4f20\u8f93\u65b9\u5f0f\u4e3b\u8981\u5206\u4e3a\u4e3b\u52a8\u4e0e\u88ab\u52a8(Passive, PASV)\uff0c\u5982\u679c\u662f\u4e3b\u52a8\u7684\u8bdd\uff0c\u5219 ftp-data \u5728\u670d\u52a1\u5668\u7aef\u4e3b\u52a8\u4ee5 port 20 \u8fde\u63a5\u5230\u5ba2\u6237\u7aef\uff0c\u5426\u5219\u9700\u5f00\u653e\u88ab\u52a8\u5f0f\u76d1\u542c\u7684\u57e0\u53e3\u7b49\u5f85\u5ba2\u6237\u7aef\u6765\u8fde\u63a5\uff1b<\/li>\n<p>\t<\/p>\n<li>\u5728 NAT \u4e3b\u673a\u5185\u7684\u5ba2\u6237\u7aef FTP \u8f6f\u4ef6\u8054\u673a\u65f6\u53ef\u80fd\u53d1\u751f\u56f0\u6270\uff0c\u8fd9\u53ef\u4ee5\u900f\u8fc7 iptables \u7684 nat \u6a21\u5757\u6216\u5229\u7528\u88ab\u52a8\u5f0f\u8054\u673a\u6765\u514b\u670d\uff1b<\/li>\n<p>\t<\/p>\n<li>\u4e00\u822c\u6765\u8bf4\uff0c FTP \u4e0a\u9762\u5171\u6709\u4e09\u4e2a\u7fa4\u7ec4\uff0c\u5206\u522b\u662f\u5b9e\u4f53\u7528\u6237\u3001\u8bbf\u5ba2\u4e0e\u533f\u540d\u767b\u5f55\u8005(real, guest, anonymous)\uff1b<\/li>\n<p>\t<\/p>\n<li>\u53ef\u4ee5\u85c9\u7531\u4fee\u6539 \/etc\/passwd \u91cc\u9762\u7684 Shell \u5b57\u6bb5\uff0c\u6765\u8ba9\u4f7f\u7528\u8005\u4ec5\u80fd\u4f7f\u7528 FTP \u800c\u65e0\u6cd5\u767b\u5165\u4e3b\u673a\uff1b<\/li>\n<p>\t<\/p>\n<li>FTP \u7684\u6307\u4ee4\u3001\u4e0e\u7528\u6237\u6d3b\u52a8\u6240\u9020\u6210\u7684\u767b\u5f55\u6863\u662f\u653e\u7f6e\u5728 \/var\/log\/xferlog \u91cc\u9762\uff1b<\/li>\n<p>\t<\/p>\n<li>vsftpd \u4e3a\u4e13\u6ce8\u5728\u5b89\u5168\u8bae\u9898\u4e0a\u800c\u53d1\u5c55\u7684\u4e00\u5957 FTP \u670d\u52a1\u5668\u8f6f\u4ef6\uff0c\u4ed6\u7684\u914d\u7f6e\u6587\u4ef6\u5728 \/etc\/vsftpd\/vsftpd.conf<\/li>\n<p><\/ul>\n<p><\/div>\n<hr \/>\n<p><a name=\"ex\"><\/a>6 \u672c\u7ae0\u4e60\u9898<\/p>\n<div><\/p>\n<ul>\t<\/p>\n<li>FTP \u5728\u5efa\u7acb\u8054\u673a\u4ee5\u53ca\u6570\u636e\u4f20\u8f93\u65f6\uff0c\u4f1a\u5efa\u7acb\u54ea\u4e9b\u8054\u673a\uff1f\n<div>\u9700\u5efa\u7acb\u4e24\u79cd\u8054\u673a\uff0c\u5206\u522b\u662f\u547d\u4ee4\u4fe1\u9053\u4e0e\u6570\u636e\u4f20\u8f93\u4fe1\u9053\u3002\u5728\u4e3b\u52a8\u5f0f\u8054\u673a\u4e0a\u4e3a port 21(ftp) \u4e0e port 20(ftp-data)\u3002<\/div>\n<\/li>\n<p>\t<\/p>\n<li>FTP \u4e3b\u52a8\u5f0f\u4e0e\u88ab\u52a8\u5f0f\u8054\u673a\u6709\u4f55\u4e0d\u540c\uff1f\n<div>\u4e3b\u52a8\u5f0f\u8054\u673a\u7684\u65f6\u5019\uff0c\u547d\u4ee4\u8054\u673a\u662f\u7531 client \u7aef\u4e3b\u52a8\u8fde\u63a5\u5230\u670d\u52a1\u5668\u7aef\uff0c\u4f46\u662f ftp-data \u5219\u662f\u7531\u670d\u52a1\u5668\u7aef\u4e3b\u52a8\u7684\u8054\u673a\u5230 client \u7aef\u3002\u81f3\u4e8e\u88ab\u52a8\u5f0f\u8054\u673a\u7684\u65f6\u5019\uff0c\u5219\u4e0d\u8bba command \u8fd8\u662f ftp-data \u7684\u8054\u673a\uff0c\u670d\u52a1\u5668\u7aef\u90fd\u662f\u76d1\u542c\u5ba2\u6237\u7aef\u7684\u8981\u6c42\u7684\uff01<\/div>\n<\/li>\n<p>\t<\/p>\n<li>\u6709\u54ea\u4e9b\u52a8\u4f5c\u53ef\u4ee5\u8ba9\u4f60\u7684 FTP \u4e3b\u673a\u66f4\u4e3a\u5b89\u5168 (secure) \uff1f\n<div><\/p>\n<ul>\t<\/p>\n<li>\u968f\u65f6\u66f4\u65b0\u670d\u52a1\u5668\u8f6f\u4ef6\u5230\u6700\u65b0\u7248\u672c\uff1b<\/li>\n<p>\t<\/p>\n<li>\u8ba9 guest \u4e0e anonymous \u7684\u5bb6\u76ee\u5f55\u9650\u5236\u5728\u56fa\u5b9a\u7684\u76ee\u5f55\u4e2d(chroot \u6216\u662f restricted)\uff1b<\/li>\n<p>\t<\/p>\n<li>\u62d2\u7edd root \u7684\u767b\u5165\u6216\u8005\u5176\u4ed6\u7cfb\u7edf\u8d26\u53f7\u7684\u767b\u5165\uff1b<\/li>\n<p>\t<\/p>\n<li>\u62d2\u7edd\u5927\u90e8\u5206\u7684 upload \u884c\u4e3a\uff01<\/li>\n<p><\/ul>\n<p><\/div>\n<\/li>\n<p>\t<\/p>\n<li>\u6211\u4eec\u77e5\u9053 ftp \u4f1a\u542f\u7528\u4e24\u4e2a ports \uff0c\u8bf7\u95ee\u8fd9\u4e24\u4e2a port \u5728\u54ea\u91cc\u89c4\u8303\u7684 (\u4ee5 vsftpd \u4e3a\u4f8b)\uff1f\u800c\u4e14\uff0c\u4e00\u822c\u6b63\u89c4\u7684 port \u662f\u51e0\u53f7\uff1f\n<div>\u82e5\u4e3a stand alone \u65f6\uff0c\u90fd\u662f\u7531 vsftpd.conf \u89c4\u8303\uff0c\u547d\u4ee4\u901a\u9053\u4e3a listen_port=21 \u89c4\u8303\uff0c\u6570\u636e\u8fde\u63a5\u4e3a connect_from_port_20=YES \u53capasv_max_port=0, pasv_max_port=0 \u6240\u89c4\u8303\u3002<br \/>\u82e5\u662f super daemon \u6240\u7ba1\u7406\u65f6\uff0c\u547d\u4ee4\u4fe1\u9053\u5219\u7531 \/etc\/services \u6240\u89c4\u8303\u4e86\u3002<\/div>\n<\/li>\n<p>\t<\/p>\n<li>\u90a3\u51e0\u4e2a\u6863\u6848\u53ef\u4ee5\u7528\u6765\u62b5\u6321\u7c7b\u4f3c root \u8fd9\u79cd\u7cfb\u7edf\u8d26\u53f7\u7684\u767b\u5165 FTP\uff1f\n<div>\/etc\/vsftpd\/ftpusers<br \/>\/etc\/vsftpd\/user_list<\/div>\n<\/li>\n<p>\t<\/p>\n<li>\u5728 FTP \u7684 server \u4e0e client \u7aef\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u65f6\uff0c\u6709\u54ea\u4e24\u79cd\u6a21\u5f0f\uff1f\u4e3a\u4f55\u8fd9\u4e24\u79cd\u6a21\u5f0f\u5f71\u54cd\u6570\u636e\u7684\u4f20\u8f93\u5f88\u91cd\u8981\uff1f\n<div>\u6570\u636e\u7684\u4f20\u8f93\u6709 ASCII \u4e0e Binary \u4e24\u79cd\u65b9\u5f0f\uff0c\u5728\u8fdb\u884c ascii \u4f20\u9001\u65b9\u5f0f\u65f6\uff0c\u88ab\u4f20\u9001\u7684\u6863\u6848\u5c06\u4f1a\u4ee5\u6587\u672c\u6a21\u5f0f\u6765\u8fdb\u884c\u4f20\u9001\u7684\u884c\u4e3a\uff0c \u56e0\u6b64\uff0c\u6863\u6848\u7684\u5c5e\u6027\u4f1a\u88ab\u4fee\u6539\u8fc7\uff0c\u53ef\u80fd\u9020\u6210\u6267\u884c\u6863\u6700\u540e\u5374\u65e0\u6cd5\u6267\u884c\u7b49\u7684\u95ee\u9898\uff01\u4e00\u822c\u6765\u8bf4\uff0cASCII \u901a\u5e38\u4ec5\u7528\u5728\u6587\u672c\u6587\u4ef6\u4e0e\u4e00\u4e9b\u539f\u59cb\u7801\u6863\u6848\u7684\u4f20\u9001\u3002<\/div>\n<\/li>\n<p>\t<\/p>\n<li>\u6211\u7684\u4e3b\u673a\u660e\u660e\u65f6\u533a\u8bbe\u5b9a\u6ca1\u6709\u95ee\u9898\uff0c\u4f46\u4e3a\u4f55\u767b\u5165 vsftpd \u8fd9\u4e2a FTP \u670d\u52a1\u65f6\uff0c\u65f6\u95f4\u5c31\u662f\u5c11\u516b\u5c0f\u65f6\uff1f\u8be5\u5982\u4f55\u89e3\u51b3\uff1f\n<div>\u80af\u5b9a\u662f\u65f6\u533a\u65b9\u9762\u51fa\u4e86\u95ee\u9898\uff0c\u5e94\u8be5\u5c31\u662f vsftpd.conf \u91cc\u9762\u5c11\u4e86\u300e use_localtime=YES \u300f\u8fd9\u4e2a\u53c2\u6570\u4e86\u3002<\/div>\n<\/li>\n<p><\/ul>\n<p><\/div>\n<hr \/>\n<p><a name=\"reference\"><\/a><a href=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"attachment-medium\" title=\"connect_active\" src=\"http:\/\/www.huzs.top\/wp-content\/uploads\/2012\/10\/connect_active.gif\" alt=\"connect_active\" width=\"289\" height=\"267\" \/><\/a>17 \u53c2\u8003\u6570\u636e\u4e0e\u5ef6\u4f38\u9605\u8bfb<\/p>\n<div><\/p>\n<ul>\t<\/p>\n<li>vsftpd \u5b98\u65b9\u7f51\u7ad9\uff1a<a href=\"http:\/\/vsftpd.beasts.org\/\" target=\"_blank\">http:\/\/vsftpd.beasts.org\/<\/a><\/li>\n<p>\t<\/p>\n<li>man 5 vsftpd.conf<\/li>\n<p>\t<\/p>\n<li>Filezilla \u5b98\u65b9\u7f51\u7ad9\uff1a<a href=\"http:\/\/filezilla.sourceforge.net\/\" target=\"_blank\">http:\/\/filezilla.sourceforge.net\/<\/a><\/li>\n<p>\t<\/p>\n<li>vsftpd + ssl \u529f\u80fd\uff1a<a href=\"http:\/\/wiki.vpslink.com\/Configuring_vsftpd_for_secure_connections_%28TLS\/SSL\/SFTP%29\" target=\"_blank\">http:\/\/wiki.vpslink.com\/Configuring_vsftpd_for_secure_connections_%28TLS\/SSL\/SFTP%29<\/a><\/li>\n<p>\t<\/p>\n<li><a href=\"http:\/\/beginlinux.com\/blog\/2009\/01\/secure-ftp-with-ssl-on-centos\/\" target=\"_blank\">http:\/\/beginlinux.com\/blog\/2009\/01\/secure-ftp-with-ssl-on-centos\/<\/a><\/li>\n<p><\/ul>\n<p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>FTP (File Transfer Protocol) \u53ef\u8bf4\u662f\u6700\u53e4\u8001\u7684\u534f\u8bae\u4e4b\u4e00\u4e86\uff0c\u4e3b\u8981\u662f\u7528\u6765\u8fdb\u884c\u6863\u6848\u7684\u4f20\u8f93\uff0c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1213","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/posts\/1213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.huzs.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1213"}],"version-history":[{"count":5,"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/posts\/1213\/revisions"}],"predecessor-version":[{"id":1233,"href":"https:\/\/www.huzs.top\/index.php?rest_route=\/wp\/v2\/posts\/1213\/revisions\/1233"}],"wp:attachment":[{"href":"https:\/\/www.huzs.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.huzs.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.huzs.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}