[root@station12 vsftpd]# man vsftpd.conf
有问题多查查manual总是好的
chroot_list_enable
If activated, you may provide a list of local users who are placed
in a chroot() jail in their home
directory upon login. The meaning is slightly
different if chroot_local_user is set to YES. In this
case, the list becomes a list of users which are NOT to be placed
in a chroot() jail. By default, the
file containing this list
is /etc/vsftpd/chroot_list, but you
may override this with the
chroot_list_file setting.
Default: NO
chroot_local_user
If set to YES, local users will be (by default) placed in a
chroot() jail in their home
directory
after login. Warning: This option has security implications,
especially if the users have upload per-
mission, or shell access. Only enable if you know what you are
doing. Note that these security impli-
cations are not vsftpd specific.
They apply to all FTP daemons which offer to put local users
in
chroot() jails.
[root@station12 vsftpd]# useradd a
[root@station12 vsftpd]# useradd b
[root@station12 vsftpd]# passwd a
Changing password for user a.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station12 vsftpd]# passwd b
Changing password for user b.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station12 vsftpd]#
[root@localhost vsftpd]# ftp station12
Connected to station12.example.com.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (station12:root): a
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> cd /var/ftp
550 Failed to change directory.
ftp>
[root@station12 vsftpd]# service vsftpd restart
Shutting down
vsftpd:
[ OK ]
Starting vsftpd for
vsftpd:
[ OK ]
[root@station12 vsftpd]# cp vsftpd.conf vsftpd.5
[root@station12 vsftpd]# vi vsftpd.conf
[root@station12 vsftpd]# diff vsftpd.conf vsftpd.5
96c96
---
> #chroot_list_enable=YES
98c98
---
> #chroot_list_file=/etc/vsftpd/chroot_list
[root@station12 vsftpd]# service vsftpd restart
Shutting down
vsftpd:
[ OK ]
Starting vsftpd for
vsftpd:
[ OK ]
[root@station12 vsftpd]#
让chroot_local_user和
chroot_list_enable都设置成YES看看
[root@localhost vsftpd]# ftp station12
Connected to station12.example.com.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (station12:root): a
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257
"/home/a"
<=======用户a是本地用户,但在chroot_list中有定义,因此不会chroot的
ftp> cd /var/ftp
250 Directory successfully changed.
ftp> user b
500 Unknown command.
Login failed.
ftp> bye
221 Goodbye.
[root@localhost vsftpd]# ftp station12
Connected to station12.example.com.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (station12:root): b
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp>
Irish budget airline Ryanair announced plans to significantly increase its route network from Frankfurt Airport, marking a direct challenge to Lufthansa, Germany's leading carrier. ...
[详细]
京公网安备 11010802041100号