熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> Oracle >> 正文

vsftpd frequently asked questions

2013-11-13 12:45:36  來源: Oracle 

  Q) Can I restrict users to their home directories?
  A) Yes You are probably after the setting:
  chroot_local_user=YES
  Q) Does vsftpd support a limit on the number of users connected?
  A) Yes indirectly vsftpd is an inetdbased service If use the popular
  xinetd as your inetd this supports perservice perIP connection limits
  There is an example of this in the EXAMPLE directory
  A) If you run vsftpd in standalone mode with the setting listen=YES then
  you can investigate the setting (eg):
  max_clients=
  Q) Help! Im getting the error message refusing to run with writable anonymous
  root
  A) vsftpd is protecting against dangerous configurations The cause of this
  message is usually dodgy ownership of the ftp home directory The home
  directory should NOT be owned by the ftp user itself Neither should it
  be writable by the ftp user A way to fix this is:
  chown root ~ftp; chmod w ~ftp
  Q) Help! Im getting the error message str_getpwnam
  A) The most likely cause of this is that the nobody user does not exist on
  your system vsftpd needs this user to run bits of itself with no privilege
  Q) Help! Local users cannot log in
  A) There are various possible problems
  A) By default vsftpd disables any logins other than anonymous logins Put
  local_enable=YES in your /etc/nf to allow local users to log in
  A) vsftpd tries to link with PAM (Run ldd vsftpd and look for libpam to
  find out whether this has happened or not) If vsftpd links with PAM then
  you will need to have a PAM file installed for the vsftpd service There is
  a sample one for RedHat systems included in the RedHat directory put it
  under /etc/pamd
  A) If vsftpd didnt link with PAM then there are various possible issues Is
  the users shell in /etc/shells? If you have shadowed passwords does your
  system have a shadowh file in the include path?
  A) If you are not using PAM then vsftpd will do its own check for a valid
  user shell in /etc/shells You may need to disable this if you use an invalid
  shell to disable logins other than FTP logins Put check_shell=NO in your
  /etc/nf
  Q) Help! Uploads or other write commands give me Unknown command
  A) By default write commands including uploads and new directories are
  disabled This is a security measure To enable writes put write_enable=YES
  in your /etc/nf
  Q) Help! What are the security implications referred to in the
  chroot_local_user option?
  A) Firstly note that other ftp daemons have the same implications It is a
  generic problem
  The problem isnt too severe but it is this: Some people have FTP user
  accounts which are not trusted to have full shell access If these
  accounts can also upload files there is a small risk A bad user now has
  control of the filesystem root which is their home directory The ftp
  daemon might cause some config file to be read eg /etc/some_file With
  chroot() this file is now under the control of the user vsftpd is
  careful in this area But the systems libc might want to open locale
  config files or other settings
  Q) Help! Uploaded files are appearing with permissions rw
  A) Depending on if this is an upload by a local user or an anonymous user
  use local_umask or anon_umask to change this For example use
  anon_umask= to give anonymously uploaded files permissions
  rwrr Note that the before the is important
  Q) Help! How do I integrate with LDAP users and logins?
  A) Use vsftpds PAM integration to do this and have PAM authenticate against
  an LDAP repository
  Q) Help! Does vsftpd do virtual hosting setups?
  A) Yes If you integrate vsftpd with xinetd you can use xinetd to bind to
  several different IP addresses For each IP address get xinetd to launch
  vsftpd with a different config file This way you can get different behaviour
  per virtual address
  A) Alternatively run as many copies as vsftpd as necessary in standalone
  mode Use listen_address=xxxx to set the virtual IP
  Q) Help! Does vsftpd support virtual users?
  A) Yes via PAM integration Set guest_enable=YES in /etc/nf This
  has the effect of mapping every nonanonymous successful login to the local
  username specified in guest_username Then use PAM and (eg) its pam_userdb
  module to provide authentication against an external (ie non/etc/passwd)
  repository of users
  Note currently there is a restriction that with guest_enable enabled local
  users also get mapped to guest_username
  There is an example of virtual users setup in the EXAMPLE directory
  Q) Help! Does vsftpd support different settings for different users?
  A) Yes in a very powerful way Look at the setting user_config_dir in the
  manual page
  Q) Help! Can I restrict vsftpd data connections to a specific range of ports?
  A) Yes See the config settings pasv_min_port and pasv_max_port
  Q) Help! Im getting the message OOPS: chdir
  A) If this is for an anonymous login check that the home directory for the
  user ftp is correct If you are using the config setting anon_root check
  that is correct too

From:http://tw.wingwit.com/Article/program/Oracle/201311/16532.html
    推薦文章
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.