thokern
10.01.07, 17:11
Ich habe soeeben ein neues Debian 3r4 Linux auf einer 2GHz/1GB Ram i386 Maschine installiert. Leider möchte der FTP-Daemon vsftpd nicht so wie ich möchte:
*vsftpd wird über xinetd gestertet und läuft.
*Ich habe einen neuen Benutzer ftpusr und eine neue Gruppe ftpusr angelegt
*die /etc/vsftpd.conf Datei nach meinen (hoffentlich richtigen) Wünschen angepasst.
*Beim verbinden mittels Smart FTP bekomme ich nur einen leeren Ordner angezeigt und kann weder Dateien als anonymer Benutzer saugen noch schubsen.
Mein Ziel: Anonyme Benutzer sollen alles auf dem FTP-Server dürfen. Also Auch umbenennen und löschen. Allerdings nur in dem Verzeichnis /srv/ftp/pub. Ich würde das System gerne so einstellen, dass sowohl die Rechte des Benutzers ftpusr und die Konfiguration von vsftpd die ermöglichen.
Für jeden hilfreichen Tip wäre ich dankbar und nun die Logs und Konfiguration von Smart FTP, vsftpd.conf und die Dateien aus /home/ftpusr:
[17:55:06] SmartFTP v2.0.1000.1
[17:55:06] Resolving host name "ftp"
[17:55:06] Connecting to 10.0.69.11 Port: 21
[17:55:06] Connected to ftp.
[17:55:06] 220 "Wilkommen auf dem Com4voice GmbH FTP-Server"
[17:55:06] USER anonymous
[17:55:06] 331 Please specify the password.
[17:55:06] PASS (hidden)
[17:55:06] 230 Login successful.
[17:55:06] SYST
[17:55:06] 215 UNIX Type: L8
[17:55:06] Detected Server Type: UNIX
[17:55:06] FEAT
[17:55:06] 211-Features:
[17:55:06] EPRT
[17:55:06] EPSV
[17:55:06] MDTM
[17:55:06] PASV
[17:55:06] REST STREAM
[17:55:06] SIZE
[17:55:06] TVFS
[17:55:06] 211 End
[17:55:06] PWD
[17:55:06] 257 "/"
[17:55:06] TYPE A
[17:55:06] 200 Switching to ASCII mode.
[17:55:06] PASV
[17:55:06] 227 Entering Passive Mode (10,0,69,11,239,219)
[17:55:06] Opening data connection to 10.0.69.11 Port: 61403
[17:55:06] LIST -aL
[17:55:06] 150 Here comes the directory listing.
[17:55:06] 119 bytes transferred. (586 Byte/s) (203 ms)
[17:55:06] 226 Directory send OK.
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# If you do not change anything here you will have a minimum setup for an
# anonymus FTP server.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# General Settings
#
# Uncomment this to enable any form of FTP write command.
#
write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
#
dirmessage_enable=YES
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#
nopriv_user=ftpusr
#
# You may fully customise the login banner string:
#
ftpd_banner="Wilkommen auf dem Com4voice GmbH FTP-Server"
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#
#ls_recurse_enable=YES
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#
#deny_email_enable=NO
#
# (default follows)
#
#banned_email_file=/etc/vsftpd.banned_emails
#
# If enabled, all user and group information in
# directory listings will be displayed as "ftp".
#
#hide_ids=YES
# Local FTP user Settings
#
# Uncomment this to allow local users to log in.
#
#local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
#local_umask=777
#
# Uncomment to put local users in a chroot() jail in their home directory
# after login.
#
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#
#chroot_list_enable=YES
#
# (default follows)
#
#chroot_list_file=/etc/vsftpd.chroot_list
#
# The maximum data transfer rate permitted, in bytes per second, for
# local authenticated users. The default is 0 (unlimited).
#
#local_max_rate=7200
# Anonymus FTP user Settings
#
# Allow anonymous FTP?
#
anonymous_enable=YES
#
# Anonymous users will only be allowed to download files which are
# world readable.
#
anon_world_readable_only=NO
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#
anon_upload_enable=YES
#
# Default umask for anonymus users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
anon_umask=077
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#
anon_mkdir_write_enable=YES
#
# Uncomment this to enable anonymus FTP users to perform other write operations
# like deletion and renaming.
#
anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#
#chown_uploads=YES
#chown_username=ftpusr
#
# The maximum data transfer rate permitted, in bytes per second, for anonymous
# authenticated users. The default is 0 (unlimited).
#
anon_max_rate=12000
# Log Settings
#
# Log to the syslog daemon instead of using an logfile.
#
syslog_enable=YES
#
# Uncomment this to log all FTP requests and responses.
#
#log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
#
#xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#vsftpd_log_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note: This disables the normal logging unless you enable dual_log_enable below.
#
#xferlog_std_format=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#xferlog_file=/var/log/xferlog
#
# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
#
#dual_log_enable=YES
#
# Uncomment this to enable session status information in the system process listing.
#
#setproctitle_enable=YES
# Transfer Settings
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#
#connect_from_port_20=YES
#
# You may change the default value for timing out an idle session.
#
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#
#data_connection_timeout=120
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# Set to NO if you want to disallow the PASV method of obtaining a data
# connection.
#
pasv_enable=YES
# PAM setting. Do NOT change this unless you know what you do!
#
pam_service_name=vsftpd
# Set listen=YES if you want vsftpd to run standalone
#
listen=NO
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
export HISTCONTROL=ignoredups
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color)
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
;;
*)
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
;;
esac
# Comment in the above and uncomment this below for a color prompt
#PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
#if [ -f ~/.bash_aliases ]; then
# . ~/.bash_aliases
#fi
# enable color support of ls and also add handy aliases
if [ "$TERM" != "dumb" ]; then
eval "`dircolors -b`"
alias ls='ls --color=auto'
#alias dir='ls --color=auto --format=vertical'
#alias vdir='ls --color=auto --format=long'
fi
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
# ~/.bash_profile: executed by bash(1) for login shells.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/login.defs
#umask 022
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# set PATH so it includes user's private bin if it exists
if [ -d ~/bin ] ; then
PATH=~/bin:"${PATH}"
fi
*vsftpd wird über xinetd gestertet und läuft.
*Ich habe einen neuen Benutzer ftpusr und eine neue Gruppe ftpusr angelegt
*die /etc/vsftpd.conf Datei nach meinen (hoffentlich richtigen) Wünschen angepasst.
*Beim verbinden mittels Smart FTP bekomme ich nur einen leeren Ordner angezeigt und kann weder Dateien als anonymer Benutzer saugen noch schubsen.
Mein Ziel: Anonyme Benutzer sollen alles auf dem FTP-Server dürfen. Also Auch umbenennen und löschen. Allerdings nur in dem Verzeichnis /srv/ftp/pub. Ich würde das System gerne so einstellen, dass sowohl die Rechte des Benutzers ftpusr und die Konfiguration von vsftpd die ermöglichen.
Für jeden hilfreichen Tip wäre ich dankbar und nun die Logs und Konfiguration von Smart FTP, vsftpd.conf und die Dateien aus /home/ftpusr:
[17:55:06] SmartFTP v2.0.1000.1
[17:55:06] Resolving host name "ftp"
[17:55:06] Connecting to 10.0.69.11 Port: 21
[17:55:06] Connected to ftp.
[17:55:06] 220 "Wilkommen auf dem Com4voice GmbH FTP-Server"
[17:55:06] USER anonymous
[17:55:06] 331 Please specify the password.
[17:55:06] PASS (hidden)
[17:55:06] 230 Login successful.
[17:55:06] SYST
[17:55:06] 215 UNIX Type: L8
[17:55:06] Detected Server Type: UNIX
[17:55:06] FEAT
[17:55:06] 211-Features:
[17:55:06] EPRT
[17:55:06] EPSV
[17:55:06] MDTM
[17:55:06] PASV
[17:55:06] REST STREAM
[17:55:06] SIZE
[17:55:06] TVFS
[17:55:06] 211 End
[17:55:06] PWD
[17:55:06] 257 "/"
[17:55:06] TYPE A
[17:55:06] 200 Switching to ASCII mode.
[17:55:06] PASV
[17:55:06] 227 Entering Passive Mode (10,0,69,11,239,219)
[17:55:06] Opening data connection to 10.0.69.11 Port: 61403
[17:55:06] LIST -aL
[17:55:06] 150 Here comes the directory listing.
[17:55:06] 119 bytes transferred. (586 Byte/s) (203 ms)
[17:55:06] 226 Directory send OK.
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# If you do not change anything here you will have a minimum setup for an
# anonymus FTP server.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# General Settings
#
# Uncomment this to enable any form of FTP write command.
#
write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
#
dirmessage_enable=YES
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#
nopriv_user=ftpusr
#
# You may fully customise the login banner string:
#
ftpd_banner="Wilkommen auf dem Com4voice GmbH FTP-Server"
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#
#ls_recurse_enable=YES
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#
#deny_email_enable=NO
#
# (default follows)
#
#banned_email_file=/etc/vsftpd.banned_emails
#
# If enabled, all user and group information in
# directory listings will be displayed as "ftp".
#
#hide_ids=YES
# Local FTP user Settings
#
# Uncomment this to allow local users to log in.
#
#local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
#local_umask=777
#
# Uncomment to put local users in a chroot() jail in their home directory
# after login.
#
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#
#chroot_list_enable=YES
#
# (default follows)
#
#chroot_list_file=/etc/vsftpd.chroot_list
#
# The maximum data transfer rate permitted, in bytes per second, for
# local authenticated users. The default is 0 (unlimited).
#
#local_max_rate=7200
# Anonymus FTP user Settings
#
# Allow anonymous FTP?
#
anonymous_enable=YES
#
# Anonymous users will only be allowed to download files which are
# world readable.
#
anon_world_readable_only=NO
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#
anon_upload_enable=YES
#
# Default umask for anonymus users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
anon_umask=077
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#
anon_mkdir_write_enable=YES
#
# Uncomment this to enable anonymus FTP users to perform other write operations
# like deletion and renaming.
#
anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#
#chown_uploads=YES
#chown_username=ftpusr
#
# The maximum data transfer rate permitted, in bytes per second, for anonymous
# authenticated users. The default is 0 (unlimited).
#
anon_max_rate=12000
# Log Settings
#
# Log to the syslog daemon instead of using an logfile.
#
syslog_enable=YES
#
# Uncomment this to log all FTP requests and responses.
#
#log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
#
#xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#vsftpd_log_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note: This disables the normal logging unless you enable dual_log_enable below.
#
#xferlog_std_format=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#xferlog_file=/var/log/xferlog
#
# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
#
#dual_log_enable=YES
#
# Uncomment this to enable session status information in the system process listing.
#
#setproctitle_enable=YES
# Transfer Settings
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#
#connect_from_port_20=YES
#
# You may change the default value for timing out an idle session.
#
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#
#data_connection_timeout=120
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# Set to NO if you want to disallow the PASV method of obtaining a data
# connection.
#
pasv_enable=YES
# PAM setting. Do NOT change this unless you know what you do!
#
pam_service_name=vsftpd
# Set listen=YES if you want vsftpd to run standalone
#
listen=NO
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
export HISTCONTROL=ignoredups
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color)
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
;;
*)
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
;;
esac
# Comment in the above and uncomment this below for a color prompt
#PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
#if [ -f ~/.bash_aliases ]; then
# . ~/.bash_aliases
#fi
# enable color support of ls and also add handy aliases
if [ "$TERM" != "dumb" ]; then
eval "`dircolors -b`"
alias ls='ls --color=auto'
#alias dir='ls --color=auto --format=vertical'
#alias vdir='ls --color=auto --format=long'
fi
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
# ~/.bash_profile: executed by bash(1) for login shells.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/login.defs
#umask 022
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# set PATH so it includes user's private bin if it exists
if [ -d ~/bin ] ; then
PATH=~/bin:"${PATH}"
fi