我的vsftpd为什么只能匿名登录，而本地用户却不能登录？

yingsuifeng

我的 vsftpd.conf 如下：

1. 
   
2. # Example config file /etc/vsftpd.conf
   
3. #
   
4. # The default compiled in settings are very paranoid. This sample file
   
5. # loosens things up a bit, to make the ftp daemon more usable.
   
6. #
   
7. # Allow anonymous FTP?
   
8. anonymous_enable=YES
   
9. #
   
10. # Uncomment this to allow local users to log in.
    
11. local_enable=YES
    
12. #
    
13. # Uncomment this to enable any form of FTP write command.
    
14. write_enable=YES
    
15. #
    
16. # Default umask for local users is 077. You may wish to change this to 022,
    
17. # if your users expect that (022 is used by most other ftpd's)
    
18. local_umask=022
    
19. #
    
20. # Uncomment this to allow the anonymous FTP user to upload files. This only
    
21. # has an effect if the above global write enable is activated. Also, you will
    
22. # obviously need to create a directory writable by the FTP user.
    
23. #anon_upload_enable=YES
    
24. #
    
25. # Uncomment this if you want the anonymous FTP user to be able to create
    
26. # new directories.
    
27. #anon_mkdir_write_enable=YES
    
28. #
    
29. # Activate directory messages - messages given to remote users when they
    
30. # go into a certain directory.
    
31. dirmessage_enable=YES
    
32. #
    
33. # Activate logging of uploads/downloads.
    
34. xferlog_enable=YES
    
35. #
    
36. # Make sure PORT transfer connections originate from port 20 (ftp-data).
    
37. connect_from_port_20=YES
    
38. #
    
39. # If you want, you can arrange for uploaded anonymous files to be owned by
    
40. # a different user. Note! Using "root" for uploaded files is not
    
41. # recommended!
    
42. #chown_uploads=YES
    
43. #chown_username=whoever
    
44. #
    
45. # You may override where the log file goes if you like. The default is shown
    
46. # below.
    
47. #xferlog_file=/var/log/vsftpd.log
    
48. #
    
49. # If you want, you can have your log file in standard ftpd xferlog format
    
50. xferlog_std_format=YES
    
51. #
    
52. # You may change the default value for timing out an idle session.
    
53. #idle_session_timeout=600
    
54. #
    
55. # You may change the default value for timing out a data connection.
    
56. #data_connection_timeout=120
    
57. #
    
58. # It is recommended that you define on your system a unique user which the
    
59. # ftp server can use as a totally isolated and unprivileged user.
    
60. #nopriv_user=ftpsecure
    
61. #
    
62. # Enable this and the server will recognise asynchronous ABOR requests. Not
    
63. # recommended for security (the code is non-trivial). Not enabling it,
    
64. # however, may confuse older FTP clients.
    
65. #async_abor_enable=YES
    
66. #
    
67. # By default the server will pretend to allow ASCII mode but in fact ignore
    
68. # the request. Turn on the below options to have the server actually do ASCII
    
69. # mangling on files when in ASCII mode.
    
70. # Beware that turning on ascii_download_enable enables malicious remote parties
    
71. # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    
72. # ASCII mode.
    
73. # These ASCII options are split into upload and download because you may wish
    
74. # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    
75. # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    
76. # on the client anyway..
    
77. #ascii_upload_enable=YES
    
78. #ascii_download_enable=YES
    
79. #
    
80. # You may fully customise the login banner string:
    
81. #ftpd_banner=Welcome to blah FTP service.
    
82. #
    
83. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    
84. # useful for combatting certain DoS attacks.
    
85. #deny_email_enable=YES
    
86. # (default follows)
    
87. #banned_email_file=/etc/vsftpd.banned_emails
    
88. #
    
89. # You may specify an explicit list of local users to chroot() to their home
    
90. # directory. If chroot_local_user is YES, then this list becomes a list of
    
91. # users to NOT chroot().
    
92. #chroot_local_user=NO
    
93. #chroot_list_enable=YES
    
94. # (default follows)
    
95. #chroot_list_file=/etc/vsftpd.chroot_list
    
96. #
    
97. # You may activate the "-R" option to the builtin ls. This is disabled by
    
98. # default to avoid remote users being able to cause excessive I/O on large
    
99. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    
100. # the presence of the "-R" option, so there is a strong case for enabling it.
     
101. #ls_recurse_enable=YES
     
102. 
     
103. pam_service_name=vsftpd
     
104. userlist_enable=YES
     
105. #enable for standalone mode
     
106. listen=YES
     
107. tcp_wrappers=YES
     

复制代码

而 tail -f /var/log/messages 里有这样的 信息

1. 
   
2. Oct 28 00:12:43 echo-yang last message repeated 2 times
   
3. Oct 28 00:12:52 echo-yang vsftpd: warning: can't get client address: Bad file descriptor
   
4. Oct 28 00:14:09 echo-yang modprobe: modprobe: Can't locate module sound-slot-1
   
5. Oct 28 00:14:09 echo-yang modprobe: modprobe: Can't locate module sound-service-1-0
   
6. Oct 28 00:14:09 echo-yang modprobe: modprobe: Can't locate module sound-slot-1
   
7. Oct 28 00:14:09 echo-yang modprobe: modprobe: Can't locate module sound-service-1-0
   
8. Oct 28 00:14:52 echo-yang 10月 28 00:14:52 vsftpd: vsftpd 关闭 succeeded
   
9. Oct 28 00:14:52 echo-yang 10月 28 00:14:52 vsftpd: true 启动 succeeded
   
10. Oct 28 00:14:52 echo-yang last message repeated 2 times
    
11. Oct 28 00:15:04 echo-yang vsftpd: warning: can't get client address: Bad file descriptor
    

复制代码

BigMonkey

#接受匿名用户
anonymous_enable=YES
#匿名用户login时不询问口令
no_anon_password=YES
#接受本地用户
local_enable=YES

wolfg

检查你用的系统用户是不是在/etc/vsftpd.user_list和/etc/vsftpd.users这两个文件中（文件名可能不准确，没记住）

yingsuifeng

解决了,是因为我修改了 /etc/pam.d/vsftpd 的原因.

wolfg

能否说说怎么改的，又怎么改好的

hongfengyue

希望每个人问的问题如果解决了都告知前因后果。方便后面每个阅读帖子的人。谢谢！！（一点建议）

yingsuifeng

之前我在弄虚拟用户时，在/etc/pam.d/vsftpd 加入了下面的两行，就一直登录不了，后来删掉它们就行了。

1. 
   
2. auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
   
3. account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
   

复制代码

wolfg

的确是这样的，虚拟用户和系统用户是不能同时使用的