Permissions 获得;“拒绝许可”;在Centos中使用PROFTPD SFTP
我想用CentOS 6配置一个SFTP服务器。但当我在Filezila客户端上使用“put”时,我有这样一条消息:Permissions 获得;“拒绝许可”;在Centos中使用PROFTPD SFTP,permissions,centos,sftp,proftpd,Permissions,Centos,Sftp,Proftpd,我想用CentOS 6配置一个SFTP服务器。但当我在Filezila客户端上使用“put”时,我有这样一条消息: open for write: permission denied 在我的日志sftp中,当我使用“put”时,我有以下内容: ... unsupported 'simply@putty.projects.tartarus.org' channel requested, ignoring 'subsystem' channel request for 'sftp' subsyst
open for write: permission denied
在我的日志sftp中,当我使用“put”时,我有以下内容:
...
unsupported 'simply@putty.projects.tartarus.org' channel requested, ignoring
'subsystem' channel request for 'sftp' subsystem
..
error checking 'namefile' for REALPATH : Aucun fichier ou dossier de ce type
error opening 'filename'; Permission non accordée
我不明白,因为在Debian上它工作得很好
安装Proftpd:
sudo rpm –Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
sudo yum install proftpd
为了进行测试,我封锁了防火墙:
service iptables stop
我在ssh配置文件“sshd\u config”中注释了行“Subsystem”
我在proftpd配置文件“proftpd.conf”中添加以下行:
我可以连接到SFTP(日志文件填充),但我不能使用“put”。。当我在服务器中创建一个文件“test”时,在filezila中,该文件被重命名为“avril2812:45test”
文件/主页的权限为777
这是proftpd.conf:
# This is the ProFTPD configuration file
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
VRootEngine on
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
PersistentPasswd off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Set the user and group that the server runs as
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile on
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
BanControlsACLs all allow user ftpadm
</IfDefine>
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite on
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
## SFTP
....
#这是ProFTPD配置文件
ServerName“ProFTPD服务器”
“FTP服务器就绪”上的服务器标识
服务器管理员root@localhost
默认服务器打开
沃登金安酒店
VRootAlias/etc/security/pam_env.conf etc/security/pam_env.conf
#使用pam进行身份验证(默认)并具有权威性
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c*mod_auth_unix.c
#如果使用NIS/YP/LDAP,则可能需要禁用PersistentPasswd
持续传球
#不执行反向DNS查找(因DNS问题而挂起)
用户关闭
#设置服务器作为其运行的用户和组
用户无人
无人小组
#默认情况下禁用sendfile,因为它会中断以显示下载速度
#ftptop和ftpwho
在上使用发送文件
#定义日志格式
日志格式默认值“%h%l%u%t\%r\%s%b”
日志格式验证“%v[%P]%h%t\%r\%s”
加载模块模块模块c
LoadModule mod_sftp_pam.c
#动态禁令清单(http://www.proftpd.org/docs/contrib/mod_ban.html)
#使用/etc/sysconfig/PROFTPD中的PROFTPD_OPTIONS=-DDYNAMIC_BAN_列表启用此功能
加载模块mod_ban.c
班尼因酒店
BanLog/var/log/proftpd/ban.log
BanTable/var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttents 2/00:10:00 01:00:00
BanControlsACLs全部允许用户ftpadm
#Umask 022是一个很好的标准Umask,可以防止出现新的dir和文件
#从组和世界可写
乌马斯克022
#允许用户覆盖文件和更改权限
允许覆盖
异壁
##SFTP
....
找到了解决方案!CentOS的安全服务限制对某些目录的访问。所以只需禁用即可
nano /etc/selinux/config
SELINUX=disabled
#reboot system
默认情况下,SElinux保护您的服务器并禁止访问目录 您可以通过使用chcon创建规则来允许访问 网站示例:
- 右键测试selinux:ls-dZ/home/myusergrp/myuser/ftp
- 允许访问权限:chcon-R-t httpd\u sys\u content\u t/home/myusergrp/myuser/ftp
Mike我尝试使用虚拟用户,但仍然无法使用..-1禁用SElinux使服务器不安全。首选转到/etc/SElinux/config并配置SElinux=permissive,而不是SElinux=exforcing
groupadd upload
adduser --home /etc/sftp/home nom_utilisateur
# On associe le nouvel utilisateur à un des groupes (upload ou download)
usermod –g nom_groupe nom_utilisateur
# This is the ProFTPD configuration file
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
VRootEngine on
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
PersistentPasswd off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Set the user and group that the server runs as
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile on
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
BanControlsACLs all allow user ftpadm
</IfDefine>
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite on
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
## SFTP
....
nano /etc/selinux/config
SELINUX=disabled
#reboot system