kodi for emby那些坑——ubuntu18.04设置和ftp的配置（安装 vsftpd服务器）_kodi emby ftp

前言：使用kodi的emby插件需要设置绝对路径，服务器需要设置ftp路径，所以我的ubuntu系统需要安装 vsftpd服务器，查阅了很多资料，最后靠自己的摸索解决问题

参考文章：
①ubuntu下ftp的配置
②500 OOPS:cannot change directory:/root 问题
③500 OOPS: priv_sock_get_cmd------如何解决
④500 OOPS: cannot change directory:/product/ftpfile 500 OOPS: priv_sock_get_cmd 远程主机关闭连接
⑥ftp服务器的搭建

1.用户创建，设置FTP根目录子目录权限

最新的vsftpd要求对主目录不能有写的权限所以ftp为755，主目录下面的子目录再设置777权限
由于我的emby设置到了root目录，root本来就是755权限，所以只是设置了子目录权限，没有创建目录和子目录，这里注意"/"有无
（个人体验，好像都是777权限也没啥问题？）

mkdir /root/rclone_emby   //创建目录
chmod -R 755 /root/rclone_emby
chmod -R 777 /root/rclone_emby/mount_root
# 更改一下权限，不然没法进行写
# 后面的命令需要权限的话，命令前加sudo
1
2
3
4
5

• 小坑"/etc/ftpusers"这个文件里显示了用户不可以使用的目录，如果在root中创建需要删除root，否则会导致 500 OOPS:cannot change directory:/root问题（自己摸索的，网络中没有这种相关的资料）

500 OOPS:cannot change directory:/root/***

# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

daemon
bin
sys
sync
games
man
lp
mail
news
uucp
nobody
1
2
3
4
5
6
7
8
9
10
11
12
13

创建ubuntu系统用户：embyuser

sudo useradd -d /root/rclone_emby/mount_root  -s /bin/bash embyuser
sudo passwd embyuser
# 输入密码并确认
1
2
3

useradd命令介绍：
useradd [－d home] [－s shell] [－c comment] [－m [－k template]] [－f inactive] [－e expire ] [－p passwd] [－r] name
最后一个为用户名，-d后面指定家目录
主要参数
－c：加上备注文字，备注文字保存在passwd的备注栏中。　
－d：指定用户登入时的启始目录。***********
－D：变更预设值。
－e：指定账号的有效期限，缺省表示永久有效。
－f：指定在密码过期后多少天即关闭该账号。
－g：指定用户所属的群组。
－G：指定用户所属的附加群组。
－m：自动建立用户的登入目录。
－M：不要自动建立用户的登入目录。
－n：取消建立以用户名称为名的群组。
－r：建立系统账号。
－s：指定用户登入后所使用的shell。
－u：指定用户ID号。
------------如果中途出错需要删除用户的话------------
删除用户：userdel name
userdel:
功能：删除用户
相关文件：/etc/passwd /etc/shadow /home/username

userdel [-r] username
常用参数：
- r : 连同家目录一起删除

注：可能其他相关文件可通过#find / -user username 查找出逐一删除 然后执行userdel -r username 一切搞定

2.安装 vsftpd服务器

sudo apt-get update
1

sudo apt install vsftpd
1

3.ftp配置与测试

修改vsftpd.conf文件

/etc/vsftpd.conf
1

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES # 服务器监听，ftp服务器将处于独立启动模式
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO # 匿名访问允许，默认不要开启
#
# Uncomment this to allow local users to log in.
local_enable=YES # 是否允许本地用户系统用户访问
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES # 是否允许上传文件，不开启会报 550 permission denied，启用可以修改文件的 FTP 命令
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022 # FTP上本地的文件权限，默认是022，本地用户创建文件的 umask 值
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES # 匿名上传允许，默认是NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES # 匿名创建文件夹允许
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES # 进入文件夹允许，允许为目录配置显示信息,显示每个目录下面的message_file文件的内容
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES # ftp 日志记录允许，开启日记功能
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES # 启用20号端口作为数据传送的端口，使用标准的20端口来连接ftp
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES # 使用标准日志格式 
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service. # 欢迎信息
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES # 用于指定用户列表文件中的用户是否允许切换到上级目录。默认值为NO，
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_list_enable=YES # 设置是否启用chroot_list_file配置项指定的用户列表文件。默认值为NO，如果启动这项功能，则所有列在chroot_list_file之中的使用者不能更改根目录
# user_sub_token=$USER 最初加上这句使我安装不成功
local_root=/root/rclone_emby/mount_root # 设置一个本地用户登录后进入到的目录，可以定义其他目录，与刚才用户创建的目录无关，但最好放这里，注意'/'，设置一个本地用户登录后进入到的目录
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list # 格式为一行一个用户，用于指定用户列表文件，该文件用于控制哪些用户可以切换到用户家目录的上级目录。指定限制的用户文件
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd # PAM认证文件名。PAM将根据/etc/pam.d/vsftpd进行认证，需要查看文件确认，设置PAM认证服务的配置文件名称，该文件保存在“/etc/pam.d/”目录下
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES
allow_writeable_chroot=YES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

然后编辑/etc/vsftpd.chroot_list文件，将ftpuser的帐户名添加进去，保存退出。这里不截图了，就是这个文件里写上创建的用户名即可。

vim /etc/vsftpd.chroot_list # 加入创建的用户
embyuser
1
2

重新启动vsftpd且检测状态：

sudo service vsftpd restart
# 注：修改配置文件后一定要重启服务才能生效
service vsftpd status
1
2
3

4.vsftpd常用命令：

# 卸载vsftpd
sudo apt-get remove --purge vsftpd 
#(--purge 选项表示彻底删除改软件和相关文件)

#开启、停止、重启vsftpd服务的命令：
systemctl daemon-reload
service vsftpd start  
service vsftpd stop
service vsftpd restart
#删除用户名为 ”zhangxw”的用户，
userdel zhangxw
1
2
3
4
5
6
7
8
9
10
11

5.防火墙设置

由于我是guo外服务器，所以不设置防火墙进行一般教程的内网穿透了。

6.可以在windows下cmd下使用下面语句访问目录。

ftp IP号
ls # 查看文件
dir #查看文件
使用`get 文件名` 进行下载
1
2
3
4

7.常遇报错问题解决（设置后都需要重启服务）

service vsftpd restart
1

service vsftpd status
1

7.1报错：500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login f

sudo vim  /etc/vsftpd.conf
插入:
allow_writeable_chroot=YES
1
2
3

7.2报错：500 OOPS:cannot change directory:/root/***

首先确定

/etc/ftpusers
1

打开此文件看root有没有禁止访问，然后再根据网络上的方法处理selinux关闭问题
参考文章：推荐文章①中的方法二一劳永逸
①500 OOPS: cannot change directory:/product/ftpfile 500 OOPS: priv_sock_get_cmd 远程主机关闭连接
②500 OOPS:cannot change directory:/root 问题

7.3报错：500 OOPS: priv_sock_get_cmd

处理方法同上
参考文章：00 OOPS: priv_sock_get_cmd------如何解决

7.4报错：无法登录：ftp: connect: Connection refused

同时ipv4和ipv6同时运行服务器报错。
解决方案：vsftpd.conf文件里设置#listen_ipv6=NO

7.5报错：vsftpd 启动异常 (code=exited, status=2)

root@kali:~# service vsftpd status
● vsftpd.service - vsftpd FTP server
   Loaded: loaded (/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2019-10-12 10:32:27 CST; 21s ago
  Process: 2540 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2)
  Process: 2539 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
 Main PID: 2540 (code=exited, status=2)

1
2
3
4
5
6
7
8
9

主要原因：ipV4和ipV6不能同时被监听，这边需要去掉一个监听设置，常规情况下只要去掉ipV6得就可以了。同上。