Ubuntu FTP Server权限设置
Ubuntu FTP Server Permission Setup Guide (Using vsftpd)
vsftpd (Very Secure FTP Daemon) is the most commonly used FTP server software on Ubuntu due to its security and configurability. Below is a step-by-step guide to setting up FTP server permissions, covering installation, configuration, user management, and firewall setup.
1. Install vsftpd
Update your package list and install vsftpd using the following commands:
sudo apt update
sudo apt install vsftpd
2. Configure vsftpd
Edit the vsftpd configuration file (/etc/vsftpd.conf
) to customize permissions. Key settings include:
- Allow Local Users: Enable local system user logins.
local_enable=YES
- Enable Write Permissions: Allow users to upload/download files.
write_enable=YES
- Restrict Users to Home Directories: Enhance security by confining users to their home directories (chroot jail).
chroot_local_user=YES allow_writeable_chroot=YES # Required if chroot is enabled to allow writes
- Optional: Disable Anonymous Access (recommended for security):
anonymous_enable=NO
- Optional: Enable Passive Mode (needed for firewall/NAT setups):
pasv_enable=YES pasv_min_port=1024 pasv_max_port=1048
Save changes and exit the editor (Ctrl+X → Y → Enter).
3. Manage User Permissions
Create an FTP User
Use the adduser
command to create a dedicated FTP user (replace ftpuser
with your desired username):
sudo adduser ftpuser
Follow prompts to set a password and user details.
Set Home Directory Permissions
Ensure the user’s home directory has the correct ownership and permissions:
- Ownership: Assign the directory to the user (e.g.,
/home/ftpuser
).sudo chown ftpuser:ftpuser /home/ftpuser
- Permissions: Grant read/execute access to others (755) for directory listing, or 775 if the user needs to upload files to their home directory.
sudo chmod 755 /home/ftpuser # Basic access (read/list) # OR for upload capabilities: sudo chmod 775 /home/ftpuser
Optional: Use a User List for Fine-Grained Control
Restrict access to specific users by enabling the user list feature:
- Edit
/etc/vsftpd.conf
:userlist_enable=YES userlist_file=/etc/vsftpd.user_list userlist_deny=NO # Set to "YES" to deny listed users (reverse logic)
- Add allowed usernames to
/etc/vsftpd.user_list
(one per line):echo "ftpuser" | sudo tee -a /etc/vsftpd.user_list
4. Restart vsftpd
Apply configuration changes by restarting the vsftpd service:
sudo systemctl restart vsftpd
Check the service status to ensure it’s running:
sudo systemctl status vsftpd
5. Configure Firewall
If you’re using UFW (Uncomplicated Firewall), allow FTP traffic (ports 21 for control, 20 for data, and passive mode ports):
sudo ufw allow 21/tcp
sudo ufw allow 20/tcp
sudo ufw allow 1024:1048/tcp # Passive mode range (adjust if different)
sudo ufw reload
6. Test the Connection
Use an FTP client (e.g., FileZilla) to connect to your server:
- Host: Your server’s IP address.
- Username/Password: The FTP user credentials created earlier.
- Port: 21 (default).
Verify that you can:
- List directory contents (read permission).
- Upload/download files (write permission).
- Access only the user’s home directory (chroot works).
Advanced Tips
- Virtual Users: For better isolation, use virtual users (not system users) with
vsftpd
’s virtual user support. - FTP Groups: Create groups (e.g.,
ftpgroup
) and assign permissions to groups instead of individual users. - Security: Disable FTP entirely and use SFTP (SSH File Transfer Protocol) for encrypted transfers—just enable SSH (
sudo systemctl enable ssh
) and use an SFTP client.
By following these steps, you can configure secure and functional FTP server permissions on Ubuntu using vsftpd. Always refer to the official vsftpd documentation for advanced configurations.
声明:本文内容由网友自发贡献,本站不承担相应法律责任。对本内容有异议或投诉,请联系2913721942#qq.com核实处理,我们将尽快回复您,谢谢合作!
若转载请注明出处: Ubuntu FTP Server权限设置
本文地址: https://pptw.com/jishu/734152.html