#1、切换root用户模式 (已在root模式下的请忽略)
sudo -i
#然后提示你输入当前用户密码,输入密码后回车后如果密码正确控制台就变成root@***:/# 了。
#2、更新软件源
apt-get update
#3、安装 vsftpd
apt-get install vsftpd
 
#4.0、为了操作方便管理,我们给FTP创建自定义FTP目录和用户组
#4.1、创建FTP目录  /home/ftp 当然你也可以创建到其它目录
mkdir /home/ftp
#4.2、创建FTP用户组 ftp-g  这个你们也可以用其它组名
groupadd ftp-g
#4.3、设置FTP目录读写权限(注:用户登陆的根目录如果权限设置的太大会导致无法登陆,根目录下的子目录可以给很大的权限)
chmod 755 /home/ftp(一般服务器都是采用755权限)
#4.4、设置文件夹归属 root 以及 我们新建的 FTP用户组
chown root:ftp-g /home/ftp
到此,ftp的根目录就已经创建完成了
 
#5.0、设置FTP用户目录以及添加FTP用户
#5.1、为用户ftp_pub 创建目录 pub并设置权限
mkdir /home/ftp/pub
chmod 755 /home/ftp/pub
#5.2、添加用户 ftp_pub 并设置归属用户组为 ftp-g 以及设置缺省目录(FTP登陆目录) -s /sbin/nologin 禁止用户登陆控制台
useradd -g ftp-g -d /home/ftp/pub -s /sbin/nologin ftp_pub
#5.3、给新用户 ftp_pub 设置密码(无密码不能登陆)
passwd ftp_pub
#然后按照提示输入两遍密码 比如我们设置为 123456798
#5.4、更改目录归属
chown ftp_pub:ftp-g /home/ftp/pub
此时,ftp下新建的这个目录只有ftp_pub才能够被更改
#5.5、增加上传目录不可删除功能
在配置文件中增加user_config_dir=/etc/vsftpd_user_ctrl,同时在vsftpd_user_ctrl文件夹中增加对应的账户名字的文件,目的就是对指定的账户进行操作限制,比如:
增加的指令:
cmds_denied=DELE,就是防止删除操作,同样的指令操作还有很多,可以到网络上面自行百度。
到此,就实现了普通用户的操作限制,比如限制指定用户删除操作
 
#6、给FTP开放外网端口(默认:tcp端口 21)
ufw allow 21/tcp
#7、启动FTP服务
/etc/init.d/vsftpd start
 
#8、普通用户还是比较好搭建服务器,关键是管理员权限不好控制,看来是需要更加复杂的控制才行,需要通过单独的文件进行控制,比如用vsftp的用户控制或者用用户的权限控制,比如登陆以后给与某个用户超级,最后还是解决了超级管理员的问题,在星期四晚上的最后一刻,还是解决了超级管理员的问题,就是设置root可以登录,同时登陆root账户,那么所有的文件权限也都有了。
 
下图是vsftpd的配置文件配置对照表,严格按照下图对配置文件进行修改
 
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES
user_config_dir=/etc/vsftpd_user_ctrl

Ubuntu下搭建多用户多权限ftp的更多相关文章

  1. 在Ubuntu下搭建FTP服务器的方法

    由于整个学校相当于一个大型局域网,相互之间传送数据非常快,比如要共享个电影,传点资料什么的. 所以我们可以选择搭建一个FTP服务器来共享文件. 那么问题来了,有的同学会问,我们既然在一个局域网内,直接 ...

  2. Ubuntu下搭建FTP服务器

    Ubuntu下搭建FTP服务器 我装的服务器系统是Ubuntu 12.04 LTS,FTP软件当然是选择大名鼎鼎的vsftpd(very secure FTP daemon), 用系统自带的FTP还好 ...

  3. 如何在Ubuntu下搭建tftp服务器

    远程桌面连接工具   今天开始调试arm的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次t ...

  4. 在Ubuntu下搭建ASP.NET 5开发环境

    在Ubuntu下搭建ASP.NET 5开发环境 0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要做成 ...

  5. Ubuntu下搭建ASP.NET 5

    在Ubuntu下搭建ASP.NET 5开发环境   0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要 ...

  6. Linux之旅-ubuntu下搭建nodejs环境

    .NET Core也开源了,并且可移植到Linux下,而ubuntu作为linux发行版的翘楚,极大的方便了初学者的入门,搭建完ASP.NET Core运行环境后,作为半前半后的开发人员,就继续着搭建 ...

  7. Ubuntu下搭建tftp服务器最简单方法

    今天开始调试ARM的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次tftp服务器了,但是一 ...

  8. ubuntu下搭建node server的几个坑

    [ubuntu下搭建node server的几个坑] 1.环境变量 process.env.PORT需要使用 export PORT=80设置 windows下是set PORT=80 2.命令连结 ...

  9. Ubuntu下搭建Hyperledger Fabric v1.0环境

      多次尝试才正常启动了Fabric,如遇到各种莫名错误,请参考如下一步步严格安装,特别用户权限需要注意. 一.安装Ubuntu16 虚拟机或双系统,虚拟机有VirtualBox或者VMware,Ub ...

随机推荐

  1. easyui---tabs(选项卡)

    配置好easyui环境 1.笔记: tabs(选项卡) class:class="easyui-tabs" //<div class="easyui-tabs&qu ...

  2. 51nod1222最小公倍数计数

    51nod1222 http://210.33.19.103/contest/1113/problem/2 同学的神仙做法: 首先考虑先去掉X<=Y的限制,也就是先计算满足要求的任意有序pair ...

  3. Hdu1015&&寒假作业第二组I题

    题意是A-Z对应1-26,然后给个目标数字和字符串,看看字符串里的某5个字符的组合能不能使v - w^2 + x^3 - y^4 + z^5 = target等式成立,其实多写几个循环也可以达到目的, ...

  4. C++ 11 Lambda表达式!!!!!!!!!!!

    C++11的一大亮点就是引入了Lambda表达式.利用Lambda表达式,可以方便的定义和创建匿名函数.对于C++这门语言来说来说,“Lambda表达式”或“匿名函数”这些概念听起来好像很深奥,但很多 ...

  5. 《深入理解java虚拟机》笔记(5)垃圾回收算法及垃圾收集器

    一.标记-清除算法 算法:分为标记和清除两个阶段,首先标记出所有需要回收的对象,再对标记对象进行回收. 不足之处:效率不高,会产生大量不连续内存碎片,导致下次分配较大内存时,若内存不足不得不触发垃圾回 ...

  6. Unbuntu 自动重启MySQL

    上个月,通过Unbuntu搭建了WordPress,一切运行良好. UBUNTU搭建WORDPRESS-MYSQL-APACHE 但是,最近几天,不知道啥情况,MySQL偶尔会出现Stop:影响了bl ...

  7. Centos7.2内网环境安装MySQL5.7.24

    1.配置本地yum源 内网环境,首先需要配置本地yum源,以解决MySQL的依赖安装,具体参考该文:点击打开 2.查看服务器环境 uname -a 3.去官网下载MySQL安装包 MySQL官网网址: ...

  8. 第12届D2前端技术论坛

    第12届D2前端技术论坛 最近参加了阿里的D2前端技术论坛,听了一天的报告,收获良多,下面对几场报告做一个记录. 自己选择听的主线也是从: 实践应用 -> 管理 -> 性能 -> 新 ...

  9. 一步步实现自己的ORM(二)

    在第一篇<一步步实现自己的ORM(一)>里,我们用反射获取类名.属性和值,我们用这些信息开发了简单的INSERT方法,在上一篇文章里我们提到主键为什么没有设置成自增长类型,单单从属性里我们 ...

  10. 超图supermap sdx数据库用sql实现空间查询

    在此介绍用sql对超图的空间数据库(sdx)进行空间查询,优点如下: 1.超图推荐的方式是用iobject,此方法要引入iobject 2.超图另一个推荐的方式是用iserver的REST接口,但we ...