阿里云ubuntu服务器搭建ftp服务器

服务器环境

阿里云上的云服务器，操作系统为 ubuntu20.04。

安装步骤

一.创建用户

为什么需要创建用户？
这里的用户，指的是linux系统的用户（当然，也可以设置匿名登录ftp服务器，但是这样安全性不高，不推荐！！）。

创建用户方法：

sudo useradd -d /home/ftp/uftp -m uftp   //  用户名为uftp
sudo passwd uftp    //设置密码
chomd 777 /home/ftp/uftp  -R
1
2
3

其它命令：

##限定用户test不能telnet，只能ftp
usermod -s /sbin/nologin uftp   
##用户test恢复正常
usermod -s /sbin/bash uftp 
1
2
3
4

二.安装 vsftp

sudo apt-get update
sudo apt-get install vsftpd
1
2

三 配置vsftp

1 修改 vsftpd.conf 配置文件·

sudo vi /etc/vsftpd.conf
1

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
# 是否允许匿名ftp登录
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# 是否允许本地用户登录ftp服务器
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
# 是否允许ftp用户执行写入操作
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# 设置本地用户的默认umask值。
# # umask是一个三位八进制数，用来控制新建文件或目录的访问权限。
# # 在FTP服务器中，local_umask选项用来设置本地用户上传文件或创建目录时的默认权限。
# # 默认情况下，local_umask的值为077，表示新建的文件或目录权限为只有所有者可读、可写、可执行，其他用户无权访问。
# # 如果你的用户希望默认权限为所有者可读、可写、可执行，其他用户可读、可执行，则可以将local_umask的值设置为022。
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# 设置是否允许匿名FTP用户上传文件
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
# 设置是否允许匿名FTP用户创建新目录。
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# 这段配置文件是用来设置是否启用目录消息功能。
# 如果设置为YES，则表示启用目录消息功能。当远程用户进入某个目录时，会显示该目录的消息。
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
# 设置是否启用本地时间功能。
# 启用本地时间功能后，vsftpd将会在目录列表中显示本地时间而非GMT时间
use_localtime=YES
#
# Activate logging of uploads/downloads.
# 启用上传和下载日志记录功能。
# 启用该功能后，vsftpd会记录每个用户的上传和下载操作，并将其记录到指定的日志文件中。
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# connect_from_port_20=YES
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
# 设置匿名用户上传的文件的所有者。
# 设置为YES，则表示上传的文件将会被转换为指定用户的所有权。
chown_uploads=YES
# 设置为指定的用户名。
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
# 设置vsftpd日志文件的路径。该路径必须具有可写权限，并且对于vsftpd进程来说，必须具有可访问权限。
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
# 置vsftpd日志文件的格式。设备为YES则存储为标准ftpd xferlog格式。
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
# 设置vsftpd空闲会话超时的时间（以秒为单位）。
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
# 设置vsftpd数据连接超时的时间（以秒为单位）。
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
# vsftpd建议在系统中定义一个唯一的用户，供FTP服务器使用，作为完全隔离和无特权的用户
# nopriv_user选项可以用来指定该用户的用户名。
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
# 用于启用异步ABOR请求的识别
async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
# 用于控制FTP服务器是否启用ASCII模式下的文件转换功能。
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
# vsftpd的登录横幅的设置，你可以理解为登录成功后的欢迎词。
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
# 设备是否拒绝匿名电子邮件地址
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
# 设备限制本地用户仅访问其home目录。
# 果启用，则本地用户将仅访问其home目录和其子目录，无法访问其他目录
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
# 是否允许本地用户，是否将本地用户限制在其主目录中，如果设置为YES，则不会将列在chroot_list_file中的用户限制在其主目录中。
chroot_local_user=YES
# 是否启用chroot_list_file列表，用于指定哪些用户不应该被限制在主目录中
#chroot_list_enable=YES
# (default follows)
# 指定了chroot_list_file列表的路径和名称。一行一个用户名。
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
# 是否启用SSL加密连接。
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

local_root=/home/ftp/uftp

#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES
#
#
#

allow_writeable_chroot=YES
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40010
tcp_wrappers=YES
listen_port=21
pasv_address=云服务公有ip地址
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

参考上述描述。需要特别注意的是最后几行的信息：

其他配置描述，参考说明吧。

2 配置用户
新建 /etc/vsftpd.chroot_list 文件，在里面添加登录ftp服务器的linux用户

sudo vim /etc/vsftpd.chroot_list
1

在里面添加一行内容：uftp （其中uftp为我之前创建的用户名）

3. 服务重启，配置生效

sudo /etc/init.d/vsftpd restart
1

4. 本地登录验证
   ftp服务配置完成后，可以现在本地登录验证ftp 127.0.0.1

hejj@XKUbuntu2004:~$ ftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 3.0.3)
Name (127.0.0.1:hejj): uftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> 
1
2
3
4
5
6
7
8
9
10

四.配置阿里云安全组

由于配置文件：vsftpd.conf中配置的端口为20、21、40000~40010，所以需要在阿里云安全组中打开响应的端口，才能外部访问。