#1、切换root用户模式 (已在root模式下的请忽略)
sudo -i
#然后提示你输入当前用户密码,输入密码后回车后如果密码正确控制台就变成root@***:/# 了。
#2、更新软件源
apt-get update
#3、安装 vsftpd
apt-get install vsftpd
 
#4.0、为了操作方便管理,我们给FTP创建自定义FTP目录和用户组
#4.1、创建FTP目录  /home/ftp 当然你也可以创建到其它目录
mkdir /home/ftp
#4.2、创建FTP用户组 ftp-g  这个你们也可以用其它组名
groupadd ftp-g
#4.3、设置FTP目录读写权限(注:用户登陆的根目录如果权限设置的太大会导致无法登陆,根目录下的子目录可以给很大的权限)
chmod 755 /home/ftp(一般服务器都是采用755权限)
#4.4、设置文件夹归属 root 以及 我们新建的 FTP用户组
chown root:ftp-g /home/ftp
到此,ftp的根目录就已经创建完成了
 
#5.0、设置FTP用户目录以及添加FTP用户
#5.1、为用户ftp_pub 创建目录 pub并设置权限
mkdir /home/ftp/pub
chmod 755 /home/ftp/pub
#5.2、添加用户 ftp_pub 并设置归属用户组为 ftp-g 以及设置缺省目录(FTP登陆目录) -s /sbin/nologin 禁止用户登陆控制台
useradd -g ftp-g -d /home/ftp/pub -s /sbin/nologin ftp_pub
#5.3、给新用户 ftp_pub 设置密码(无密码不能登陆)
passwd ftp_pub
#然后按照提示输入两遍密码 比如我们设置为 123456798
#5.4、更改目录归属
chown ftp_pub:ftp-g /home/ftp/pub
此时,ftp下新建的这个目录只有ftp_pub才能够被更改
#5.5、增加上传目录不可删除功能
在配置文件中增加user_config_dir=/etc/vsftpd_user_ctrl,同时在vsftpd_user_ctrl文件夹中增加对应的账户名字的文件,目的就是对指定的账户进行操作限制,比如:
增加的指令:
cmds_denied=DELE,就是防止删除操作,同样的指令操作还有很多,可以到网络上面自行百度。
到此,就实现了普通用户的操作限制,比如限制指定用户删除操作
 
#6、给FTP开放外网端口(默认:tcp端口 21)
ufw allow 21/tcp
#7、启动FTP服务
/etc/init.d/vsftpd start
 
#8、普通用户还是比较好搭建服务器,关键是管理员权限不好控制,看来是需要更加复杂的控制才行,需要通过单独的文件进行控制,比如用vsftp的用户控制或者用用户的权限控制,比如登陆以后给与某个用户超级,最后还是解决了超级管理员的问题,在星期四晚上的最后一刻,还是解决了超级管理员的问题,就是设置root可以登录,同时登陆root账户,那么所有的文件权限也都有了。
 
下图是vsftpd的配置文件配置对照表,严格按照下图对配置文件进行修改
 
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
chown_uploads=YES
chown_username=root
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES
user_config_dir=/etc/vsftpd_user_ctrl

Ubuntu下搭建多用户多权限ftp的更多相关文章

  1. 在Ubuntu下搭建FTP服务器的方法

    由于整个学校相当于一个大型局域网,相互之间传送数据非常快,比如要共享个电影,传点资料什么的. 所以我们可以选择搭建一个FTP服务器来共享文件. 那么问题来了,有的同学会问,我们既然在一个局域网内,直接 ...

  2. Ubuntu下搭建FTP服务器

    Ubuntu下搭建FTP服务器 我装的服务器系统是Ubuntu 12.04 LTS,FTP软件当然是选择大名鼎鼎的vsftpd(very secure FTP daemon), 用系统自带的FTP还好 ...

  3. 如何在Ubuntu下搭建tftp服务器

    远程桌面连接工具   今天开始调试arm的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次t ...

  4. 在Ubuntu下搭建ASP.NET 5开发环境

    在Ubuntu下搭建ASP.NET 5开发环境 0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要做成 ...

  5. Ubuntu下搭建ASP.NET 5

    在Ubuntu下搭建ASP.NET 5开发环境   0x00 写在前面的废话 年底这段时间实在太忙了,各种事情都凑在这个时候,没时间去学习自己感兴趣的东西,所以博客也好就没写了.最近工作上有个小功能要 ...

  6. Linux之旅-ubuntu下搭建nodejs环境

    .NET Core也开源了,并且可移植到Linux下,而ubuntu作为linux发行版的翘楚,极大的方便了初学者的入门,搭建完ASP.NET Core运行环境后,作为半前半后的开发人员,就继续着搭建 ...

  7. Ubuntu下搭建tftp服务器最简单方法

    今天开始调试ARM的板子,要通过tftp下载到板子上,所以又要配置tftp服务器,真的烦死了… (本人酷爱装系统,所以经常都要搞配置) 因为之前已经在Ubuntu下搭建过很多次tftp服务器了,但是一 ...

  8. ubuntu下搭建node server的几个坑

    [ubuntu下搭建node server的几个坑] 1.环境变量 process.env.PORT需要使用 export PORT=80设置 windows下是set PORT=80 2.命令连结 ...

  9. Ubuntu下搭建Hyperledger Fabric v1.0环境

      多次尝试才正常启动了Fabric,如遇到各种莫名错误,请参考如下一步步严格安装,特别用户权限需要注意. 一.安装Ubuntu16 虚拟机或双系统,虚拟机有VirtualBox或者VMware,Ub ...

随机推荐

  1. IBM WebSphere MQ

    相关链接: http://kakajw.iteye.com/category/269774 http://www.ibm.com/support/knowledgecenter/zh/SSFKSJ_7 ...

  2. Net Core构建Angular4应用程序

    在Visual Studio 2017中使用Asp.Net Core构建Angular4应用程序   前言 Visual Studio 2017已经发布了很久了.做为集成了Asp.Net Core 1 ...

  3. 转 SecureCRT 遇到一个致命的错误且必须关闭——解决

    http://blog.csdn.net/lisheng19870305/article/details/45537759 问题描述: 1.以前安装过SecureCRT,现在出现问题,手工卸载不完全, ...

  4. Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)

    Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...

  5. Hadoop实战项目:小文件合并

    项目背景 在实际项目中,输入数据往往是由许多小文件组成,这里的小文件是指小于HDFS系统Block大小的文件(默认128M),早期的版本所定义的小文件是64M,这里的hadoop-2.2.0所定义的小 ...

  6. nginx的配置文件server_name的意义 location意义

    配置不同的域名      不同域名都可以有首地址 location   同一域名下   分发到不同的路径   或者项目

  7. 不同ORM新的理解

    对于ORM你怎么理解?你用过的ORM有什么区别?这是面试的时候基本上会问的问题. 问题很简单,本文不在阐述.本文主要讨论Dapper 和 EF Core First的区别. 从直观上来看两个都是ORM ...

  8. Redis的数据类型(Strings、 hashes)

    字符串(Strings)类型及操作 字符串是Redis值的最基础的类型,一个key对应一个value,Redis字符串是二进制安全的,这意味着一个Redis字符串可以包含任何种类的数据,例如一个JPE ...

  9. ApexSQL Log中的Redo Script跟原始SQL不一致问题

    最近遇到一个误更新数据的问题,使用ApexSQL Log做挖掘事务日志的时候,发现ApexSQL Log生成的Redo Script跟原始SQL是有区别的.它们并不是完全一致的.只是逻辑上等价而已.如 ...

  10. 扒一扒IT大佬高考:马云数学1分考北大 李彦宏是状元

    http://news.cnblogs.com/n/522622/ 高考今天正式拉开序幕,而像李彦宏.马云等 IT 大佬之前也都参加过高考,他们成绩又都是怎样的呢? 马化腾:放弃天文梦选择计算机 20 ...