Users
vsftp 使用者認證問題
我將我的 ftp 使用者的主目錄配置為
/var/www並設置了密碼,但我無法使用 登錄ftp 127.0.0.1,它一直給我530 Login incorrect.這是為什麼?我確定我輸入了正確的密碼。編輯 1 我的配置
/etc/vsftpd.conf看起來像:# Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Disabled by default) anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) #local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # If enabled, vsftpd will display directory listings with the time # in your local time zone. The default is to display GMT. The # times returned by the MDTM FTP command are also affected by this # option. use_localtime=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. #chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that # the user does not have write access to the top level directory within the # chroot) chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # Customization # # Some of vsftpd's settings don't fit the filesystem layout by # default. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem # This option specifies the location of the RSA key to use for SSL # encrypted connections. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key allow_writeable_chroot=YES並且權限設置為
777:reg@regDesktopHome:~$ ls -ld /var/www/ drwxrwxrwx 11 root root 4096 Feb 19 20:42 /var/www/並且日誌文件
/var/log/vsftp.log僅顯示:Tue Feb 25 21:19:38 2014 [pid 18250] CONNECT: Client "127.0.0.1" Tue Feb 25 21:19:46 2014 [pid 18249] [ftp] FAIL LOGIN: Client "127.0.0.1"哦,syslog-ng 什麼也沒說
/var/log/messages
使本地電腦的所有作業系統使用者都可以登錄 ftp:
編輯/etc/vsftpd.conf,設置行
local_enable=YES然後重新啟動ftp
service vsftpd restart
該目錄的權限將是第一個原因。
ftp對這個目錄有寫權限嗎?$ ls -ld /var/www/ drwxr-xr-x. 4 root root 4096 Jan 27 08:38 /var/www/ $ ls -ld /var/www/* drwxr-xr-x. 2 root root 4096 Jan 27 08:38 /var/www/cgi-bin drwxr-xr-x. 2 root root 4096 Jan 27 08:38 /var/www/html我可以使用 /sbin/nologin 進行 ftp 嗎?
ftp即使 shell 設置為 ,您也應該能夠使用該帳戶登錄/sbin/nologin。$ getent passwd ftp ftp:x:14:50:FTP User:/tmp:/sbin/nologin
ftp使用帳號登錄:$ ftp localhost ... ... 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>日誌文件?
此外,我不確定您是如何配置
vsftp伺服器的,但您通常有日誌文件,所以我會在那裡檢查有關您嘗試失敗原因的任何消息。他們經常在這裡:/var/log/vsftpd/*。我還會檢查/var/log/messages和/var/log/secure日誌文件。$ grep log /etc/vsftpd/vsftpd.conf # You may override where the log file goes if you like. The default is shown #xferlog_file=/var/log/vsftpd.log我的日誌顯示了我在獲得
/var/www使用者目錄的寫訪問權限之前/之後ftp。Sat Feb 22 22:01:21 2014 [pid 27138] CONNECT: Client "127.0.0.1" Sat Feb 22 22:01:33 2014 [pid 27137] [ftp] FAIL LOGIN: Client "127.0.0.1" Sat Feb 22 22:01:36 2014 [pid 27155] CONNECT: Client "127.0.0.1" Sat Feb 22 22:01:42 2014 [pid 27154] [ftp] OK LOGIN: Client "127.0.0.1"您還會在
/var/log/messages.Feb 22 22:01:31 byers vsftpd(pam_unix)[27137]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1 user=ftp