ubuntu ftpserver目录结构

Ubuntu FTP Server Directory Structure Overview
The directory structure of an Ubuntu FTP server is primarily determined by the FTP software (commonly vsftpd) and its configuration. Below are key directories, their purposes, and permission guidelines for typical setups.

1. Anonymous User Directory (Default: /var/ftp)

Anonymous users (accessed via ftp://server-ip) are restricted to this root directory by default. It is owned by the ftp system user/group (created during vsftpd installation) to prevent unauthorized modifications.

• Subdirectory: /var/ftp/pub (commonly used for public file downloads/uploads).
• Permissions:
  • Directory: drwxr-xr-x (755) – Allows read/execute for all, write only for the owner (ftp).
  • Files: -rw-r--r-- (644) – Prevents accidental deletion/modification by anonymous users.
• Configuration: Set via anon_root=/var/ftp in /etc/vsftpd.conf.
• Note: If you modify the anonymous root (e.g., to /srv/ftp), ensure the new directory has the same ownership/permissions.

2. Local User Home Directories (Default: /home/username)

Local system users (authenticated via username/password) are chrooted to their home directories by default (for security). This prevents them from accessing other users’ files or system directories.

• Ownership: Each user’s home directory is owned by that user (e.g., /home/alice → alice:alice).
• Permissions: drwxr-xr-x (755) – Allows the user full access, others can only read/execute.
• Configuration: Controlled by chroot_local_user=YES (restricts to home) and local_root=/home/%u (%u = username) in /etc/vsftpd.conf.
• Writable Subdirectory: To allow users to upload files, create a subdirectory (e.g., /home/alice/upload) with drwxrwxr-x (775) permissions and ownership alice:ftp (so the user can write, but the group ftp retains access).

3. System-wide FTP Configuration Directory (/etc/vsftpd.conf)

This is the primary configuration file for vsftpd. It defines directory behavior, user access, and security settings (e.g., anonymous_enable=YES, local_enable=YES). Key directives include:

• anon_root: Sets the anonymous root directory.
• local_root: Defines the local user root directory.
• chroot_local_user: Enables/disables chrooting.
• allow_writeable_chroot: Allows writable chroot directories (required if users need to upload to their home).

4. Log and Temporary Directories

• Log Directory: /var/log/vsftpd.log (stores FTP connection/activity logs).
• Temporary Directory: /var/run/vsftpd/empty (used by vsftpd for secure chroot environments).
• Permissions: Logs are owned by root:root (readable by admin), temporary directory is owned by root:root with drwxr-xr-x (755) permissions.

5. Custom Directories (Optional)

You can create additional directories for specific purposes (e.g., /srv/ftp/public for shared files, /srv/ftp/private for restricted access).

• Example:

  sudo mkdir -p /srv/ftp/{public,private} sudo chown ftp:ftp /srv/ftp/public # Allow ftp group access sudo chmod 775 /srv/ftp/public # Read/write for owner/group, read for others sudo chmod 750 /srv/ftp/private # Restrict to owner only 

• Configuration: Update local_root in /etc/vsftpd.conf to point to the custom directory (e.g., local_root=/srv/ftp/public).

Key Permission Rules

• FTP User (ftp): Must own anonymous directories (e.g., /var/ftp) to prevent permission errors.
• Local Users: Home directories must not be world-writable (chmod 777 is unsafe). Use chmod 755 for directories and chmod 644 for files.
• Writable Directories: For user uploads, create subdirectories (e.g., /home/user/upload) with chmod 775 and ownership user:ftp.

By following these conventions, you can maintain a secure and organized FTP directory structure on Ubuntu. Always test configurations (e.g., ftp localhost) after making changes to ensure accessibility and functionality.