#1、切换root用户模式 (已在root模式下的请忽略)
sudo -i
#然后提示你输入当前用户密码,输入密码后回车后如果密码正确控制台就变成root@***:/# 了。
#2、更新软件源
apt-get update
#3、安装 vsftpd
apt-get install vsftpd
 
#4.0、为了操作方便管理,我们给FTP创建自定义FTP目录和用户组
#4.1、创建FTP目录  /home/ftp 当然你也可以创建到其它目录
mkdir /home/ftp
#4.2、创建FTP用户组 ftp-g  这个你们也可以用其它组名
groupadd ftp-g
#4.3、设置FTP目录读写权限(注:用户登陆的根目录如果权限设置的太大会导致无法登陆,根目录下的子目录可以给很大的权限)
chmod 755 /home/ftp(一般服务器都是采用755权限)
#4.4、设置文件夹归属 root 以及 我们新建的 FTP用户组
chown root:ftp-g /home/ftp
到此,ftp的根目录就已经创建完成了
 
#5.0、设置FTP用户目录以及添加FTP用户
#5.1、为用户ftp_pub 创建目录 pub并设置权限
mkdir /home/ftp/pub
chmod 755 /home/ftp/pub
#5.2、添加用户 ftp_pub 并设置归属用户组为 ftp-g 以及设置缺省目录(FTP登陆目录) -s /sbin/nologin 禁止用户登陆控制台
useradd -g ftp-g -d /home/ftp/pub -s /sbin/nologin ftp_pub
#5.3、给新用户 ftp_pub 设置密码(无密码不能登陆)
passwd ftp_pub
#然后按照提示输入两遍密码 比如我们设置为 123456798
#5.4、更改目录归属
chown ftp_pub:ftp-g /home/ftp/pub
此时,ftp下新建的这个目录只有ftp_pub才能够被更改
#5.5、增加上传目录不可删除功能
在配置文件中增加user_config_dir=/etc/vsftpd_user_ctrl,同时在vsftpd_user_ctrl文件夹中增加对应的账户名字的文件,目的就是对指定的账户进行操作限制,比如:
增加的指令:
cmds_denied=DELE,就是防止删除操作,同样的指令操作还有很多,可以到网络上面自行百度。
到此,就实现了普通用户的操作限制,比如限制指定用户删除操作
 
#6、给FTP开放外网端口(默认:tcp端口 21)
ufw allow 21/tcp
#7、启动FTP服务
/etc/init.d/vsftpd start
 
#8、普通用户还是比较好搭建服务器,关键是管理员权限不好控制,看来是需要更加复杂的控制才行,需要通过单独的文件进行控制,比如用vsftp的用户控制或者用用户的权限控制,比如登陆以后给与某个用户超级,最后还是解决了超级管理员的问题,在星期四晚上的最后一刻,还是解决了超级管理员的问题,就是设置root可以登录,同时登陆root账户,那么所有的文件权限也都有了。
 
下图是vsftpd的配置文件配置对照表,严格按照下图对配置文件进行修改
 
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES
user_config_dir=/etc/vsftpd_user_ctrl

Ubuntu下搭建多用户多权限ftp的更多相关文章

  1. 在Ubuntu下搭建FTP服务器的方法

    由于整个学校相当于一个大型局域网,相互之间传送数据非常快,比如要共享个电影,传点资料什么的. 所以我们可以选择搭建一个FTP服务器来共享文件. 那么问题来了,有的同学会问,我们既然在一个局域网内,直接 ...

  2. Ubuntu下搭建FTP服务器

    Ubuntu下搭建FTP服务器 我装的服务器系统是Ubuntu 12.04 LTS,FTP软件当然是选择大名鼎鼎的vsftpd(very secure FTP daemon), 用系统自带的FTP还好 ...

  3. 如何在Ubuntu下搭建tftp服务器

    远程桌面连接工具   今天开始调试arm的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次t ...

  4. 在Ubuntu下搭建ASP.NET 5开发环境

    在Ubuntu下搭建ASP.NET 5开发环境 0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要做成 ...

  5. Ubuntu下搭建ASP.NET 5

    在Ubuntu下搭建ASP.NET 5开发环境   0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要 ...

  6. Linux之旅-ubuntu下搭建nodejs环境

    .NET Core也开源了,并且可移植到Linux下,而ubuntu作为linux发行版的翘楚,极大的方便了初学者的入门,搭建完ASP.NET Core运行环境后,作为半前半后的开发人员,就继续着搭建 ...

  7. Ubuntu下搭建tftp服务器最简单方法

    今天开始调试ARM的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次tftp服务器了,但是一 ...

  8. ubuntu下搭建node server的几个坑

    [ubuntu下搭建node server的几个坑] 1.环境变量 process.env.PORT需要使用 export PORT=80设置 windows下是set PORT=80 2.命令连结 ...

  9. Ubuntu下搭建Hyperledger Fabric v1.0环境

      多次尝试才正常启动了Fabric,如遇到各种莫名错误,请参考如下一步步严格安装,特别用户权限需要注意. 一.安装Ubuntu16 虚拟机或双系统,虚拟机有VirtualBox或者VMware,Ub ...

随机推荐

  1. easyui datagrid编辑时编辑框自动获取焦点

    onDblClickCell:function(rowIndex, field, val){//双击单元格监听器 $(this).datagrid('beginEdit',rowIndex);//开启 ...

  2. 爬虫(正则)——爬neihan8

    工具:python3 步骤: 1)定义spider类,将具体功能封装成方法 2)观察html页面,写好正确的正则表达式来找到符合规则的文字 3)写一个方法测试一下,保证每写好一个都是对的 4)加入提示 ...

  3. jQuery 数字滚动插件

    这几天闲来没事写的,有不对的地方还请多多指点 CSS: ; padding:0 2px;} .digital-beating i {;; background:url(../images/icon_0 ...

  4. ES6:string.raw浅析

    当前正学习ES6 ,遇到string.raw费心思,现将试验后的结果整理如下: 网上得来的试验: 语法 String.raw`templateStr`; String.raw(obj, ...subs ...

  5. IO扩展芯片

    PCF8574:一个I2C接口+INT中断引脚口扩展出一个可输出输出的并口P0~P7,INT可以用于中断响应

  6. java程序员应该知道的20个有用的库

    https://blog.csdn.net/weixin_43923408/article/details/87885668

  7. 【转载】Ubuntu16.04安装最新版nodejs

    安装最新版nodejs 更新ubuntu软件源 sudo apt-get update sudo apt-get install -y python-software-properties softw ...

  8. HBuilder配置sass

    参考: https://www.cnblogs.com/padding1015/p/7133811.html 如果期间报错,参考步骤7,然后再重新安装配置 预编译配置--no-cache %FileN ...

  9. idea远程debug:tomcat

    在tomcat的bin/startup.sh中添加: 27780debug的端口 declare -x CATALINA_OPTS="-server -Xdebug -Xnoagent -D ...

  10. 前端js优化方案(二)持续更新

    由于上篇篇幅过长,导致编辑出了问题,另开一篇文章继续: (4)减少迭代次数,最广为人知的一种限制循环迭代次数的模式被称为“达夫设备(Duff`s Device)” Duff`s Device的理念是: ...