search

synbe / issue

0 stars 0 forks source link

Report a silent misconfiguration #15

Open JialuZhang opened 3 years ago

JialuZhang commented 3 years ago

In your file, 

idle_session_timeout=600

This setting itself is a silent misconfiguration and adding it to your system will not change any system misbehavior. Root cause: “data_connection_timeout” has the system preset default value, 300. The configuration “idle_session_timeout” has no effect if user does not set “data_connection_timeout” to less than or equal to zero.

Here is the VSFTPD source code to support this. To enable the configuration parameter "idle_session_timeout", user has to explicitly set another configuration parameter "data_connection_timeout" less than 0.

if (tunable_data_connection_timeout > 0)    # usage of data_connection_timeout
{vsf_sysutil_set_alarm(tunable_data_connection_timeout);}
else if (tunable_idle_session_timeout > 0)    # usage of idle_session_timeout
{vsf_sysutil_clear_alarm();}

树莓派使用vsftpd搭建ftp服务器

vsftpd配置

树莓派使用vsftpd搭建ftp服务器 1.安装vsftpd

sudo apt-get install vsftpd

2.修改配置 /etc/vsftpd.conf

sudo vim /etc/vsftpd.conf

替换为以下内容

若出现以下报错是,则开启一下行 vsftpd: 500 OOPS: prctl PR_SET_SECCOMP failed

seccomp_sandbox=no

listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=NO anon_mkdir_write_enable=NO dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES

chown_uploads=YES

chown_username=whoever

xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES idle_session_timeout=600 data_connection_timeout=120 async_abor_enable=YES ascii_upload_enable=YES ascii_download_enable=YES ftpd_banner=Welcome to blah FTP service.

deny_email_enable=YES

banned_email_file=/etc/vsftpd.banned_emails

userlist_enable=YES userlist_deny=NO chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list

local_root=/var/ftp

ls_recurse_enable=YES secure_chroot_dir=/var/ftp pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem

3.修改配置 /etc/vsftpd.user_list

sudo vim /etc/vsftpd.user_list

将允许访问的树莓派系统用户添加进来,这里添加了1个用户

pi

4.修改配置 /etc/vsftpd.chroot_list

chroot_list_enable=YES时,vsftpd.chroot_list中配置那些可以访问根目录的用户。我是管理员,所以这里会配置我用的帐号pi

pi

5.修改配置 /etc/ftpuser

此配置文件是安装时vsftpd自动生成的,存放帐户黑名单,这些帐户一般是比较敏感的帐户,禁止用来做ftp登录,比如root,这里都是默认的,我没改,如果发现有些帐户不能登录,要以查查这里。

  1. 新建ftp文夹

这个目录好像是匿名登录时默认显示的目录,不过我没有开启匿名登录

这个目录配置在vsftpd.conf中

sudo mkdir /var/ftp sudo chown ftp:ftp /var/ftp

注意这里一定不能添加w权限,否则client登录的时候会被拒绝,这里坑了很久

sudo chmod 555 /var/ftp

8.连接

使用客户端连接即可,这里推荐使用xftp客户端,简单好用 推荐文章

[1] http://os.51cto.com/art/201008/222036.htm 讲的很全面,要是懒的看,就只看配置解释那里吧,然后拿我的配置改改就行

Originally posted by @synbe in https://github.com/synbe/issue/issues/6#issuecomment-392219960