ABOUT ME

-

Today
-
Yesterday
-
Total
-
  • vsftp install (source version)
    └ O.S. 2007. 5. 21. 11:00

    VSFTP 설치

    Important   귀찮아서 설명을 자제할려고 한다. (이놈의 귀차니즘..)

    1. Download

    [root@willow root]# cd /usr/local/src[root@willow src]# wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.5.tar.gz
    --13:59:19--  ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.5.tar.gz
              => `vsftpd-2.0.5.tar.gz'
    Resolving vsftpd.beasts.org... 완료.
    Connecting to vsftpd.beasts.org[212.69.37.6]:21... connected.
    anonymous로서 로그인하고 있습니다...로그인 했습니다!
    ==> SYST ... 완료.    ==> PWD ... 완료.
    ==> TYPE I ... 완료.  ==> CWD /users/cevans ... 완료.
    ==> PORT ... 완료.    ==> RETR vsftpd-2.0.5.tar.gz ... 완료.
    길이: 155,985 (unauthoritative)100%[===================================================>] 155,985       86.80K/s    ETA 00:00 13:59:24 (86.80 KB/s) - `vsftpd-2.0.5.tar.gz'가 보존되었습니다 [155985]

    [root@willow src]# tar xzvf vsftpd-2.0.5.tar.gz
    [root@willow src]# ll
    합계 164
    drwxr-xr-x    8 willow   willow       4096  7월  4  2006 vsftpd-2.0.5
    -rw-r--r--    1 root     root       155985  5월 11 13:59 vsftpd-2.0.5.tar.gz


    2. Install

    Important   매뉴얼대로 설치한다. (매뉴얼에 없는건 없다.)
    [root@willow vsftpd-2.0.5]# vi INSTALL

    Step 1) Build vsftpd.

    [root@willow vsftpd-2.0.5]# make
    gcc -c main.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -c utility.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -c prelogin.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -c ftpcmdio.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -c postlogin.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    ~
    gcc -c sysutil.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -c sysdeputil.c -O2 -Wall -W -Wshadow  -idirafter dummyinc
    gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh`

    Step 2) Satisfy vsftpd pre-requisites

    2a) vsftpd needs the user "nobody" in the default configuration

    [root@willow vsftpd-2.0.5]# grep nobody /etc/passwd
    nobody:x:99:99:Nobody:/:/sbin/nologin   < - 이미 존재함

    [root@willow vsftpd-2.0.5]# useradd -M nobody < - 없는경우 추가하기
    NOTE [useradd] -M     The  user  home directory will not be created, even
    if the system wide settings from /etc/login.defs is
    to create home dirs.

    2b) vsftpd needs the (empty) directory /usr/share/empty in the default
    configuration.

    [root@willow vsftpd-2.0.5]# mkdir /usr/share/empty/
    mkdir: `/usr/share/empty/' 디렉토리를 만들 수 없습니다: 파일이 존재합니다

    2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
    valid home directory (which is NOT owned or writable by the user "ftp").

    [root@localhost root]# mkdir /var/ftp/
    [root@localhost root]# useradd -d /var/ftp ftp
    useradd: 사용자 ftp 는 존재합니다
    [root@willow vsftpd-2.0.5]# vi /etc/passwd
    ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin(the next two are useful to run even if the user "ftp" already exists).

    [root@localhost root]# chown root.root /var/ftp
    [root@localhost root]# chmod og-w /var/ftp

       
    NOTE 디렉토리의 소유자와 그룹을 root로 변경하고 og(Other, Group)에 w(쓰기권한)을 제거합니다
    [root@willow vsftpd-2.0.5]# ls -al /var/
    drwxr-xr-x    2 root     root         4096  5월 11 14:15 ftp

    Step 3) Install vsftpd config file, executable, man page, etc.

    필요한 디렉토리를 먼저 생성해준다.

    [root@willow vsftpd-2.0.5]# ll /usr/local/sbin <- 보통 존재한다. 없다면 생성~
    [root@willow vsftpd-2.0.5]# mkdir /usr/local/man/
    [root@willow vsftpd-2.0.5]# mkdir /usr/local/man/man8
    [root@willow vsftpd-2.0.5]# mkdir /usr/local/man/man5

    make install

    [root@willow vsftpd-2.0.5]# make install
    if [ -x /usr/local/sbin ]; then \
           install -m 755 vsftpd /usr/local/sbin/vsftpd; \
    else \
           install -m 755 vsftpd /usr/sbin/vsftpd; fi
    if [ -x /usr/local/man ]; then \
           install -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
           install -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
    elif [ -x /usr/share/man ]; then \
           install -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
           install -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
    else \
           install -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
           install -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
    if [ -x /etc/xinetd.d ]; then \
           install -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
    "make install" doesn't copy the sample config file. It is recommended you
    do this:
    cp vsftpd.conf /etc

    설정파일을 /etc에 복사

    [root@willow vsftpd-2.0.5]# cp vsftpd.conf /etc

    Step 4) Smoke test (without an inetd).

    [root@willow vsftpd-2.0.5]# /usr/local/sbin/vsftpd &
    [1] 8841
    500 OOPS: vsftpd: not configured for standalone, must be started from inetd
    [root@willow vsftpd-2.0.5]#
    [1]+  Exit 1                  /usr/local/sbin/vsftpd

    헉!! 실행되지 않아~! (설정을 바꿔봅시다.)

    [root@willow vsftpd-2.0.5]# vi /etc/vsftpd.conf
    #ls_recurse_enable=YES
    listen=YES <- 추가해준다. (Standalone)
    listen_port=21 <- 포트를 지정해줄수 있다.

    다시 실행~

    [root@willow vsftpd-2.0.5]# /usr/local/sbin/vsftpd &
    [1] 8846

    그럼~ ftp 에 접속해봅시다아~


    [root@willow ftp]# ftp localhost
    Connected to localhost (127.0.0.1).
    220 (vsFTPd 2.0.5)
    Name (localhost:willow): ftp
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    227 Entering Passive Mode (127,0,0,1,252,144)
    150 Here comes the directory listing.
    -rw-r--r--    1 0        0               4 May 11 05:45 aa
    226 Directory send OK.
    ftp> exit
    221 Goodbye.


    Tip
    [root@willow vsftpd-2.0.5]# file /usr/local/sbin/vsftpd
    /usr/local/sbin/vsftpd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped

    [root@itest ~]# /etc/rc.d/init.d/vsftpd --help
    사용법: /etc/rc.d/init.d/vsftpd {start|stop|restart|condrestart|status}

    [root@willow vsftpd-2.0.5]# vi /etc/xinetd.d/vsftpd
    [root@willow vsftpd-2.0.5]# /etc/rc.d/init.d/xinetd restart
    xinetd 를 정지함:                                          [  확인  ]
    xinetd (을)를 시작합니다:                                  [  확인  ]


    3. Confing


    [root@willow home]# vi /etc/vsftpd.conf
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO <- anonymous 허용을 막자.

    # Uncomment this to allow local users to log in.
    local_enable=YES <- 로컬 사용자가 사용할 수 있도록

    # Uncomment this to enable any form of FTP write command.
    write_enable=YES

    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=022 <- 파일, 디렉토리의 생성 755 (원하는데로 수정해준다.)

    #############
    #이상하게도 아래 매뉴얼 설명과 다르게 아래와 같이 설정했을때
    #vsftpd.chroot_list 의 유저들만 상위디렉토리로 이동가능하다. ㅡㅡ
    #############

    chroot_local_user=YES
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    chroot_list_enable=YES
    # (default follows)
    chroot_list_file=/etc/vsftpd.chroot_list
    # 최대 접속 설정 (단 xinetd를 통하지 않고 standalone으로 동작할 때만 사용 가능)
    # standalone을 위해서는 listen=YES 추가하고 별도로 vsftpd를 띄워야 함
    #
    # max_clients=최대 접속자 수, max_per_ip=IP당 접속 수
    # max_clients=100
    # max_per_ip=3

    [root@willow vsftpd-2.0.5]# vi /etc/vsftpd.chroot_list
    willow
    ftp <- 추가해주어도 상위로 올라가지 않는다. (anonymous가 사용하기때문에)

    add   특정계정 FTP 접속 막기 (2006-08-14)
    ex) tech

    [root@itest vsftpd]# vi /etc/vsftpd.user_list
      # vsftpd userlist
      # If userlist_deny=NO, only allow users in this file
      # If userlist_deny=YES (default), never allow users in this file, and
      # do not even prompt for a password.
      # Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
      # for users that are denied.
      root
      bin
      daemon
      ~
      nobody
      tech

    [root@itest vsftpd]# /etc/rc.d/init.d/vsftpd restart
    vsftpd를 종료하고 있습니다:                                [  확인  ]
    vsftpd에 대한 vsftpd을 시작합니다:                         [  확인  ]

    [root@itest vsftpd]# vi /etc/vsftpd/vsftpd.conf
    userlist_enable=YES

    옵션 설명 : userlist_enable=YES 인경우 vsftpd.user_list 목록의 계정을 차단한다.
    userlist_enable
    If enabled, vsftpd will load a list of usernames, from the filename given byuserlist_file.If a user tries to log in using a name in this file, they will be deniedbefore they are asked for a password. This may be useful in preventingcleartext passwords being transmitted. See alsouserlist_deny. Default: NO


    URL
    공식사이트 http://vsftpd.beasts.org
    다운로드 ftp ftp://vsftpd.beasts.org/users/cevans/
    vsftpd.conf 옵션 설명 http://vsftpd.beasts.org/vsftpd_conf.html
    참고 URL : http://www.superuser.co.kr/home/lecture/?leccode=295



    '└ O.S.' 카테고리의 다른 글

    linux 기초 2 (directory description)  (0) 2007.09.05
    linux 기초 1  (0) 2007.09.05
    ssh 접속 포트 변경  (0) 2007.05.18

    댓글

Designed by Tistory.