配置Vsftpd遇到的问题

目前我用的系统是archlinux,所以在配置vsftpd是不是一帆风顺的,这里将安装配置过程记录下来,也无法确保是否还有其他错误。

安装命令如下

1
sudo pacman -S vsftpd

配置

这是我现在的配置(注释已去)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
anonymous_enable=NO
local_enable=YES
write_enable=YES
xferlog_enable=YES
connect_from_port_20=YES

listen=YES

pam_service_name=vsftpd
allow_writeable_chroot=YES
local_root=/home/ftp_dir
chroot_local_user=YES
use_localtime=YES

# user_list_deny=NO
# do not allow to login ftp
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

# user free timeout
# idle_session_timeout=30
data_connection_timeout=10
accept_timeout=120

# local user transfer rate
local_max_rate=50000
max_clients=10
max_per_ip=2

pasv_enable=yes
pasv_min_port=5000
pasv_max_port=6000

seccomp_sandbox=NO

# welcome message
ftpd_banner=>>>>> Welcome to MineFTP <<<<<
dirmessage_enable=YES

VSFTP用户和文件目录设置

1
2
3
4
5
6
7
mkdir /home/ftp_dir
useradd -d /home/ftp_dir mineftp
passwd mineftp
usermod -aG mineftp whos
usermod -s /sbin/nologin mineftp
chown mineftp:mineftp /home/ftp_dir
echo mineftp >> /etc/vsftpd.user_list

问题

1. 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

chroot_local_userallow_writeable_chroot 改为 YES,或者用 wiki上的 方法

1
2
3
chroot_local_user=YES
allow_writeable_chroot=YES
systemctl restart vsftpd

2. 530 Login incorrect

修改/etc/pam.d/vsftpd
auth required pam_shells.so 修改为 auth required pam_nologin.so 即可
重启vsftpd

1
2
3
4
5
6
7
8
$ nano /etc/pam.d/vsftpd 

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_unix.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so

3. vsftpd.service: Main process exited, code=exited

一定要把 vsftpd.conf 文件所有者(owner) 改为 root,否则vsftpd无法启动

1
sudo chown root:root /etc/vsftpd.conf

错误信息:

vsftpd.service - vsftpd daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2019-07-28 18:57:07 CST; 40s ago
Process: 6607 ExecStart=/usr/bin/vsftpd (code=exited, status=2)
Main PID: 6607 (code=exited, status=2)

7月 28 18:57:07 goo systemd[1]: Started vsftpd daemon.
7月 28 18:57:07 goo systemd[1]: vsftpd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
7月 28 18:57:07 goo systemd[1]: vsftpd.service: Failed with result ‘exit-code’.

参考: