vsftpdfrequentlyaskedquestions(轉)
vsftpdfrequentlyaskedquestions(轉)[@more@] Q) Can I restrict users to their home directories? A) Yes. You are probably after the setting: chroot_local_user=YES Q) Does vsftpd support a limit on the number of users connected? A1) Yes, indirectly. vsftpd is an inetd-based service. If use the popular "xinetd" as your inetd, this supports per-service per-IP connection limits. There is an example of this in the "EXAMPLE" directory. A2) If you run vsftpd in "standalone" mode with the setting listen=YES, then you can investigate the setting (e.g.): max_clients=10 Q) Help! I'm getting the error message "refusing to run with writable anonymous root". A) vsftpd is protecting against dangerous configurations. The cause of this message is usually dodgy ownership of the ftp home directory. The home directory should NOT be owned by the ftp user itself. Neither should it be writable by the ftp user. A way to fix this is: chown root ~ftp; chmod -w ~ftp Q) Help! I'm getting the error message "str_getpwnam". A) The most likely cause of this is that the "nobody" user does not exist on your system. vsftpd needs this user to run bits of itself with no privilege. Q) Help! Local users cannot log in. A) There are various possible problems. A1) By default, vsftpd disables any logins other than anonymous logins. Put local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is a sample one for RedHat systems included in the "RedHat" directory - put it under /etc/pam.d A3) If vsftpd didn't link with PAM, then there are various possible issues. Is the user's shell in /etc/shells? If you have shadowed passwords, does your system have a "shadow.h" file in the include path? A4) If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your /etc/vsftpd.conf. Q) Help! Uploads or other write commands give me "500 Unknown command.". A) By default, write commands, including uploads and new directories, are disabled. This is a security measure. To enable writes, put write_enable=YES in your /etc/vsftpd.conf. Q) Help! What are the security implications referred to in the "chroot_local_user" option? A) Firstly note that other ftp daemons have the same implications. It is a generic problem. The problem isn't too severe, but it is this: Some people have FTP user accounts which are not trusted to have full shell access. If these accounts can also upload files, there is a small risk. A bad user now has control of the filesystem root, which is their home directory. The ftp daemon might cause some config file to be read - e.g. /etc/some_file. With chroot(), this file is now under the control of the user. vsftpd is careful in this area. But, the system's libc might want to open locale config files or other settings... Q) Help! Uploaded files are appearing with permissions -rw-------. A) Depending on if this is an upload by a local user or an anonymous user, use "local_umask" or "anon_umask" to change this. For example, use "anon_umask=022" to give anonymously uploaded files permissions -rw-r--r--. Note that the "0" before the "22" is important. Q) Help! How do I integrate with LDAP users and logins? A) Use vsftpd's PAM integration to do this, and have PAM authenticate against an LDAP repository. Q) Help! Does vsftpd do virtual hosting setups? A1) Yes. If you integrate vsftpd with xinetd, you can use xinetd to bind to several different IP addresses. For each IP address, get xinetd to launch vsftpd with a different config file. This way, you can get different behaviour per virtual address. A2) Alternatively, run as many copies as vsftpd as necessary, in standalone mode. Use "listen_address=x.x.x.x" to set the virtual IP. Q) Help! Does vsftpd support virtual users? A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This has the effect of mapping every non-anonymous successful login to the local username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb module to provide authentication against an external (i.e. non-/etc/passwd) repository of users. Note - currently there is a restriction that with guest_enable enabled, local users also get mapped to guest_username. There is an example of virtual users setup in the "EXAMPLE" directory. Q) Help! Does vsftpd support different settings for different users? A) Yes - in a very powerful way. Look at the setting "user_config_dir" in the manual page. Q) Help! Can I restrict vsftpd data connections to a specific range of ports? A) Yes. See the config settings "pasv_min_port" and "pasv_max_port". Q) Help! I'm getting the message "OOPS: chdir". A) If this is for an anonymous login, check that the home directory for the user "ftp" is correct. If you are using the config setting "anon_root", check that is correct too
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/8225414/viewspace-957028/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- IsPostBack深入探討(轉轉轉轉轉)
- 玩轉SSH埠轉發
- 彼得反轉原理(轉載)
- java 跳轉語句(轉)Java
- JDom 常用轉換方法 (轉)
- 行列轉換 交叉表 (轉)
- Excel轉PDF怎麼轉?Excel轉PDF方法有哪些Excel
- 語音轉文字工具,語音轉文字怎樣轉?
- 什麼是SSH埠轉發(本地轉發、遠端轉發、動態轉發)?
- SQL 行轉列,列轉行SQL
- (轉)OC專案轉Swift指南Swift
- pdf轉word如何線上轉換?
- 轉轉OLAP自助分析實踐
- JS轉換HTML轉義符JSHTML
- (轉)SqlServer裡DateTime轉字串SQLServer字串
- Mysql - 行轉列、列轉行MySql
- js跳轉頁面方法(轉)JS
- oracle行列轉換-行轉列Oracle
- oracle行列轉換-列轉行Oracle
- 內碼轉換技術 (轉)
- 金額大寫轉換(轉)
- | / - 的旋轉效果實現(轉)
- 【轉】ckEditor使用方法 轉帖
- 從C轉入C++ (轉)C++
- svg 至 flash的轉化 (轉)SVG
- 玩轉Windows桌面圖示 (轉)Windows
- 大寫金額轉換 (轉)
- 用Javascript轉換原始碼 (轉)JavaScript原始碼
- 玩轉網頁捲軸(轉)網頁
- 熊與猴的轉換(轉)
- 轉入OO思維模式 (轉)模式
- ppt轉pdf怎麼轉?試試這個轉換技巧!
- heic格式轉換jpg工具——轉易俠heic轉換器
- java型別轉換與強制型別轉換(轉)Java型別
- PDF轉PPT怎麼轉?好用的PDF轉換方法有哪些?
- 如何將圖片轉word?圖文轉換選轉易俠
- heic格式轉換jpg免費怎麼轉?轉易俠可以
- Oracle實驗(02):轉換 & 轉譯Oracle