Linux611 libvirtb ;FTP vsftpd.conf部分配置文件
MX连不上虚拟机192.168.235.100
ftp
[caozx26420@code ~]$ ftp 192.168.235.20
ftp:connect:网络不可达
ftp> bye
[caozx26420@code ~]$ route-nKernel Ip routing tableDestinationGateway
[caozx26420@code ~]$ ip a:
1:lo:<LOOPBACK,UP, LOWER UP> mtu 65536 qdisc noqueue state UNkNowN group default glen 1000
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred lft forever
inet6 ::1/128 scope host
valid lft forever preferred lft forever
2:ens33:<BROADCAST,MULTICAST> mtu 1500 gdisc pfifo fast state DowN group default qlen 1000
link/ether 00:0c:29:e9: ad:ge brd ff: ff: ff: ff: ff: ff
3:virbrO: <BROADCAST,MULTICAST> mtu 1500 gdisc noqueue state DowN group default glen 1000
link/ether 52:54:00:f5:ea:28 brd ff: ff: ff: ff: ff: ff
4: virbr0-nic: <BROADCAST, MULTICAST> mtu 1500 gdisc pfifo fast master virbr0 state DowN group default qlen 1000
link/ether 52:54:00:f5:ea:28 brd ff: ff: ff: ff: ff: ff
[caozx26420@code]# ifup ens33用户不能控制这一设备,
[caozx26420@code]# sudo susudocaozx26420的密码:
23
对不起,请重试。
[sudo] caozx26420的密码:
[root@code caozx26420]#ifup ens33
精误: 连接微活失败 : No suitable device found for this comection (device virbr0 not available because profile is not compatible with device (mismatchininterface name)).
[root@code caozx26420]#or su ifup ens33bash:or:未找到命令[root@code ca0zx28420|#错误:连接激活失败 :No suitable device found for this connection (device virbr0 not available because profile is not compatiblewith device(mismatching interface name)).bash:未预期的符号'!附近有语法错误192.168.235.20
好像之前没遇见过 libvirtd服务
systemctl disable
成功
FTP
配置/etc/vsftpd/vsftpd.conf的是?
服务器还是
服务器
因为设置了一系列允许操作
考虑被动模式 连接比较方便
192.168.235.20
[root@code ~]# ftp 192.168.235.100
ftp: connect: 没有到主机的路由
ftp> bye
您在 /var/spool/mail/root 中有新邮件
[root@code ~]# ftp 192.168.235.100
Connected to 192.168.235.100 (192.168.235.100).
220 (vsFTPd 3.0.2)
Name (192.168.235.100:root): kefu
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,235,100,142,110).
150 Here comes the directory listing.
226 Directory send OK.
ftp>
OK
/etc/vsftpd/vsftpd.conf配置
grep -v ^# /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
local_root=/data/kefu
chroot_local_user=YES
allow_writeable_chroot=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YESpam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES anonymous_enableControls whether anonymous logins are permitted or not. If enabled, both the usernames ftp and anonymous are recognisedas anonymous logins.Default: YESanonymous_enable
控制是否允许匿名登录。如果启用,用户名ftp和anonymous都将被识别为匿名登录。
local_enableControls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd (or wherever yourPAM config references) may be used to log in. This must be enable for any non-anonymous login to work, including virtualusers.Default: NOlocal_enable
控制是否允许本地登录。如果启用,则可以使用/etc/passwd(或PAM配置指向的位置)中的普通用户帐户进行登录。任何非匿名登录(包括虚拟用户)都必须启用该选项才能正常工作。
local_rootThis option represents a directory which vsftpd will try to change into after a local (i.e. non-anonymous) login. Fail‐ure is silently ignored.Default: (none)local_root
此选项代表 vsftpd 在本地(即非匿名)登录后尝试切换进入的目录。
失败时会被静默忽略。
chroot_local_userIf set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning:This option has security implications, especially if the users have upload permission, or shell access. Only enable ifyou know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP dae‐mons which offer to put local users in chroot() jails.Default: NOchroot_local_user
如果设置为YES,本地用户登录后默认会被置于其家目录的chroot()监牢中。警告:
此选项具有安全风险,特别是当用户拥有上传权限或shell访问权限时。仅在你清楚自己在做什么的情况下启用。
需注意这些安全风险并非vsftpd特有,它们适用于所有为本地用户提供chroot()监牢功能的FTP守护进程。
默认值: NO
禁锢用户
allow_writeable_chrootAllow chroot()'ing a user to a directory writable by that user. Note that setting this to YES is potentially dangerous.For example, if the user creates an 'etc' directory in the new root directory, they could potentially trick the Clibrary into loading a user-created configuration file from the /etc/ directory.Default: NOallow_writeable_chroot
允许将用户 chroot() 到该用户可写的目录。注意将此设置为 YES 存在潜在危险。
例如,如果用户在新的根目录中创建了 ‘etc’ 目录,他们可能会欺骗 C 库从 /etc/ 目录加载用户创建的配置文件。
默认值:NO
解决500ops报错
=yes解决
write_enableThis controls whether any FTP commands which change the filesystem are allowed or not. These commands are: STOR, DELE,RNFR, RNTO, MKD, RMD, APPE and SITE.Default: NOwrite_enable
此选项控制是否允许任何会改变文件系统的FTP命令。这些命令包括:STOR(存储)、DELE(删除)、
RNFR(重命名来源)、RNTO(重命名目标)、MKD(创建目录)、RMD(移除目录)、APPE(追加)和SITE(站点参数)。
默认值:NO(禁止)
写总开关
chroot_list_enableIf activated, you may provide a list of local users who are placed in a chroot() jail in their home directory uponlogin. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list ofusers which are NOT to be placed in a chroot() jail. By default, the file containing this list is/etc/vsftpd/chroot_list, but you may override this with the chroot_list_file setting.Default: NOchroot_list_enable
如果启用该选项,您可以为本地用户提供一个列表,这些用户登录时将被置于其主目录的 chroot() 监牢中。若 chroot_local_user 设置为 YES,则其含义略有不同——此时该列表变为不会被置于 chroot() 监牢的用户名单。默认情况下,包含此列表的文件是 /etc/vsftpd/chroot_list,但您可以通过 chroot_list_file 设置来更改此路径。
默认值:NO
禁锢目录补充,给部分用户开启
代码
root@192.168.235.20's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to root@192.168.235.20 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last login: Mon Jun 9 21:28:56 2025 from 192.168.235.1
[root@code ~]# ftp 192.168.235.100
ftp: connect: 没有到主机的路由
ftp> bye
您在 /var/spool/mail/root 中有新邮件
[root@code ~]# ftp 192.168.235.100
Connected to 192.168.235.100 (192.168.235.100).
220 (vsFTPd 3.0.2)
Name (192.168.235.100:root): kefu
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,235,100,142,110).
150 Here comes the directory listing.
226 Directory send OK.
ftp> ftp -help
?Invalid command
ftp> help
Commands may be abbreviated. Commands are:! debug mdir sendport site
$ dir mget put size
account disconnect mkdir pwd status
append exit mls quit struct
ascii form mode quote system
bell get modtime recv sunique
binary glob mput reget tenex
bye hash newer rstatus tick
case help nmap rhelp trace
cd idle nlist rename type
cdup image ntrans reset user
chmod lcd open restart umask
close ls prompt rmdir verbose
cr macdef passive runique ?
delete mdelete proxy send
ftp> ftp help
?Invalid command
ftp> ?
Commands may be abbreviated. Commands are:! debug mdir sendport site
$ dir mget put size
account disconnect mkdir pwd status
append exit mls quit struct
ascii form mode quote system
bell get modtime recv sunique
binary glob mput reget tenex
bye hash newer rstatus tick
case help nmap rhelp trace
cd idle nlist rename type
cdup image ntrans reset user
chmod lcd open restart umask
close ls prompt rmdir verbose
cr macdef passive runique ?
delete mdelete proxy send
ftp> cd
(remote-directory)
usage: cd remote-directory
ftp> cd /
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,235,100,135,18).
150 Here comes the directory listing.
226 Directory send OK.
ftp> ls
227 Entering Passive Mode (192,168,235,100,128,103).
150 Here comes the directory listing.
226 Directory send OK.
ftp> cd /root
550 Failed to change directory.
ftp>
Network error: Connection timed out──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Session stopped- Press <return> to exit tab- Press R to restart session- Press S to save terminal output to file
code@192.168.235.100's password:
▒▒▒ʱ▒▒ܾ▒
code@192.168.235.100's password:┌────────────────────────────────────────────────────────────────────┐│ • MobaXterm 20.0 • ││ (SSH client, X-server and networking tools) ││ ││ ➤ SSH session to code@192.168.235.100 ││ • SSH compression : ✘ ││ • SSH-browser : ✔ ││ • X11-forwarding : ✔ (remote display is forwarded through SSH) ││ • DISPLAY : ✔ (automatically set on remote server) ││ ││ ➤ For more info, ctrl+click on help or visit our website │└────────────────────────────────────────────────────────────────────┘Last failed login: Wed Jun 11 22:26:02 CST 2025 from 192.168.235.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Jun 9 21:28:00 2025 from 192.168.235.1
[code@code ~]$ grep -v ^# /etc/vsftpd/vsftpd.conf
grep: /etc/vsftpd/vsftpd.conf: 权限不够
[code@code ~]$ su - caozx26
su: user caozx26 does not exist
[code@code ~]$ su - caozx26420
密码:
上一次登录:一 6月 9 21:31:44 CST 2025pts/3 上
[caozx26420@code ~]$ sudo su
[sudo] caozx26420 的密码:
[root@code caozx26420]# grep -v ^# /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
local_root=/data/kefu
chroot_local_user=YES
allow_writeable_chroot=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YESpam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
[root@code caozx26420]# cd /etc/vsftpd
[root@code vsftpd]# man 5 vsftpd.conf
[root@code vsftpd]# man 5 vsftpd.conf
[root@code vsftpd]# vim /etc/vsftpd/vsftpd.conf192.168.235.100
