问题描述
我正在尝试在 Amazon Cloud Server 上设置 FTP,但没有成功.我在网上搜索,没有具体的步骤怎么做.
I am trying to set up FTP on Amazon Cloud Server, but without luck.I search over net and there is no concrete steps how to do it.
我发现这些命令可以运行:
I found those commands to run:
$ yum install vsftpd
$ ec2-authorize default -p 20-21
$ ec2-authorize default -p 1024-1048
$ vi /etc/vsftpd/vsftpd.conf
#<em>---Add following lines at the end of file---</em>
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<Public IP of your instance>
$ /etc/init.d/vsftpd restart
但我不知道在哪里写.
推荐答案
Jaminto 在回答问题方面做得很好,但我最近自己经历了这个过程,并想扩展 Jaminto 的答案.
Jaminto did a great job of answering the question, but I recently went through the process myself and wanted to expand on Jaminto's answer.
我假设您已经创建了一个 EC2 实例,并且已将一个弹性 IP 地址与其关联.
I'm assuming that you already have an EC2 instance created and have associated an Elastic IP Address to it.
SSH 到您的 EC2 服务器.类型:
SSH to your EC2 server. Type:
> sudo yum install vsftpd
这应该安装 vsftpd.
This should install vsftpd.
接下来,您需要打开 EC2 服务器上的 FTP 端口.登录 AWS EC2 管理控制台,在左侧导航树中选择安全组.选择分配给您的 EC2 实例的安全组.然后选择入站选项卡,然后单击
Next, you'll need to open up the FTP ports on your EC2 server. Log in to the AWS EC2 Management Console and select Security Groups from the navigation tree on the left. Select the security group assigned to your EC2 instance. Then select the Inbound tab, then click
添加两个自定义 TCP 规则,端口范围为 20-21 和 1024-1048.对于来源,您可以选择任何地方".如果您决定将 Source 设置为您自己的 IP 地址,请注意,如果您的 IP 地址是通过 DHCP 分配的,则它可能会更改.
Add two Custom TCP Rules with port ranges 20-21 and 1024-1048. For Source, you can select 'Anywhere'. If you decide to set Source to your own IP address, be aware that your IP address might change if it is being assigned via DHCP.
输入以下内容编辑您的 vsftpd conf 文件:
Edit your vsftpd conf file by typing:
> sudo vi /etc/vsftpd/vsftpd.conf
通过更改此行禁用匿名 FTP:
Disable anonymous FTP by changing this line:
anonymous_enable=YES
到
anonymous_enable=NO
然后将以下行添加到 vsftpd.conf 文件的底部:
Then add the following lines to the bottom of the vsftpd.conf file:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<Public IP of your instance>
您的 vsftpd.conf 文件应该类似于以下内容 - 除了确保将 pasv_address 替换为您面向公众的 IP 地址:
Your vsftpd.conf file should look something like the following - except make sure to replace the pasv_address with your public facing IP address:
要保存更改,请按 Esc,然后键入 :wq
,然后按 Enter.
To save changes, press escape, then type :wq
, then hit enter.
键入以下内容重新启动 vsftpd:
Restart vsftpd by typing:
> sudo /etc/init.d/vsftpd restart
您应该会看到如下所示的消息:
You should see a message that looks like:
如果这不起作用,请尝试:
If this doesn't work, try:
> sudo /sbin/service vsftpd restart
如果您看一下/etc/vsftpd/user_list,您将看到以下内容:
If you take a peek at /etc/vsftpd/user_list, you'll see the following:
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
这基本上是说,不允许这些用户进行 FTP 访问."vsftpd 将允许任何不在此列表中的用户进行 FTP 访问.
This is basically saying, "Don't allow these users FTP access." vsftpd will allow FTP access to any user not on this list.
因此,为了创建一个新的 FTP 帐户,您可能需要在您的服务器上创建一个新用户.(或者,如果您已有一个未在/etc/vsftpd/user_list 中列出的用户帐户,则可以跳到下一步.)
So, in order to create a new FTP account, you may need to create a new user on your server. (Or, if you already have a user account that's not listed in /etc/vsftpd/user_list, you can skip to the next step.)
在 EC2 实例上创建新用户非常简单.例如,要创建用户bret",请键入:
Creating a new user on an EC2 instance is pretty simple. For example, to create the user 'bret', type:
> sudo adduser bret
> sudo passwd bret
这是它的样子:
此时,您的 FTP 用户不受限于他们的主目录.这不是很安全,但我们可以很容易地修复它.
At this point, your FTP users are not restricted to their home directories. That's not very secure, but we can fix it pretty easily.
输入以下内容再次编辑您的 vsftpd conf 文件:
Edit your vsftpd conf file again by typing:
> sudo vi /etc/vsftpd/vsftpd.conf
取消注释该行:
chroot_local_user=YES
完成后应该是这样的:
像这样再次重启 vsftpd 服务器:
Restart the vsftpd server again like so:
> sudo /etc/init.d/vsftpd restart
大功告成!
vsftpd 在您的服务器启动时不会自动启动.如果你像我一样,那就意味着在重启你的 EC2 实例后,你会感到一阵恐惧,当 FTP 似乎被破坏了——但实际上,它只是没有运行!.这里有一个方便的方法来解决这个问题:
vsftpd doesn't automatically start when your server boots. If you're like me, that means that after rebooting your EC2 instance, you'll feel a moment of terror when FTP seems to be broken - but in reality, it's just not running!. Here's a handy way to fix that:
> sudo chkconfig --level 345 vsftpd on
或者,如果您使用的是 redhat,另一种管理服务的方法是使用这个漂亮的图形用户界面来控制哪些服务应该自动启动:
Alternatively, if you are using redhat, another way to manage your services is by using this nifty graphic user interface to control which services should automatically start:
> sudo ntsysv
现在 vsftpd 将在您的服务器启动时自动启动.
Now vsftpd will automatically start up when your server boots up.
* 注意:Iman Sedighi 发布了一个更优雅的解决方案,用于限制用户访问特定目录.请参考他作为答案发布的优秀解决方案*
您可能希望创建一个用户并将其 FTP 访问权限限制在特定文件夹,例如/var/www.为此,您需要更改用户的默认主目录:
You might want to create a user and restrict their FTP access to a specific folder, such as /var/www. In order to do this, you'll need to change the user's default home directory:
> sudo usermod -d /var/www/ username
在此特定示例中,通常会授予用户对www"组的权限,该组通常与/var/www 文件夹相关联:
In this specific example, it's typical to give the user permissions to the 'www' group, which is often associated with the /var/www folder:
> sudo usermod -a -G www username
这篇关于在亚马逊云服务器上设置 FTP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!