1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Server FTP</title>
<link rel="stylesheet" type="text/css" href="it.css">
<script type="text/javascript" src="jquery.js"></script><script type="text/javascript" src="jquery.syntax.js"></script><script type="text/javascript" src="yelp.js"></script><link rel="stylesheet" type="text/css" href="main.css">
<link rel="stylesheet" type="text/css" href="custom.css">
<script type="text/javascript" src="http://ubuntu-it.org/sites/all/themes/light-drupal-theme/js/cookies.js"></script><script type="text/javascript" src="http://ubuntu-it.org/sites/all/themes/light-drupal-theme/js/accessibility.js"></script>
</head>
<body>
<script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-8147493-2");
pageTracker._trackPageview();
} catch(err) {}
</script><div id="fixed-header">
<div id="header" class="shadowed curved-bottom"><div class="container">
<ul class="links">
<li><a href="http://help.ubuntu-it.org">Documentazione ufficiale</a></li>
<li><a href="http://wiki.ubuntu-it.org/Documentazione/Indice">Guide della comunità</a></li>
<li class="active"><a href="http://help.ubuntu-it.org/12.04/server/serverguide/it/index.html">12.04 LTS</a></li>
</ul>
<div id="logo">
<div id="ubuntu-it-sites">
<a href="http://www.ubuntu-it.org">web </a><a href="http://wiki.ubuntu-it.org">wiki </a><a href="http://forum.ubuntu-it.org">forum </a><a href="http://planet.ubuntu-it.org">planet </a>
</div>
<a href="http://help.ubuntu-it.org" title="Ubuntu - Documentazione ufficiale"><span>help.</span>ubuntu-it
</a><span>comunità italiana</span>
</div>
<div class="buttons"><div id="accessibility" title="Maggiore focus ai contenuti" onclick="accessibility_toggle();"></div></div>
</div></div>
<div id="subheader"><div class="container"><div class="container-inside"><ul class="links secondary-links">
<li><a href="http://help.ubuntu-it.org/12.04/desktop/index.html" title="Guida utente di Ubuntu 12.04 LTS">Desktop</a></li>
<li class="active"><a href="http://help.ubuntu-it.org/12.04/server/serverguide/it/index.html" title="Guida utente di Ubuntu server 12.04 LTS">Server</a></li>
<li><a href="http://help.ubuntu-it.org/12.04/search.php" title="Ricerna della documentazione di Ubuntu 12.04 LTS">Ricerca</a></li>
</ul></div></div></div>
</div>
<div id="content">
<div id="content-top"></div>
<div class="container">
<div id="tmp-note">Questa guida non è stata ancora completamente tradotta. Se vuoi contribuire alla sua traduzione contatta il <a href="http://wiki.ubuntu-it.org/GruppoTraduzione/" title="Gruppo Traduzione">Gruppo Traduzione</a> di Ubuntu-it.</div>
<div id="search-box"><form action="http://help.ubuntu-it.org/12.04/search.php" id="cse-search-box"><div><input type="text" name="s" value="Cerca ..." onfocus="if(this.value == 'Cerca ...') { this.value = ''; }" onblur="if (this.value == '') {this.value = 'Cerca ...';}"></div></form></div>
<div class="trails"><div class="trail">
<a class="trail" href="index.html" title="Guida a Ubuntu Server">Guida a Ubuntu Server</a> » <a class="trail" href="file-servers.html" title="Server di file">Server di file</a> » </div></div>
<div id="cwt-content"><div id="page">
<div id="content">
<div class="links nextlinks">
<a class="nextlinks-prev" href="file-servers.html" title="Server di file">Indietro</a> | <a class="nextlinks-next" href="network-file-system.html" title="NFS (Network File System)">Avanti</a>
</div>
<div class="hgroup"><h1 class="title">Server FTP</h1></div>
<div class="region">
<div class="contents">
<p class="para">
File Transfer Protocol (FTP) is a TCP protocol for
downloading files between computers. In the past, it has
also been used for uploading but, as that method does not
use encryption, user credentials as well as data transferred
in the clear and are easily intercepted. So if you are here
looking for a way to upload and download files securely, see
the section on <span class="app application">OpenSSH</span> in <a class="xref" href="remote-administration.html" title="Amministrazione remota">Amministrazione remota</a> instead.
</p>
<p class="para">
FTP works on a client/server model. The server component is
called an <span class="em emphasis">FTP daemon</span>. It continuously
listens for FTP requests from remote clients. When a request
is received, it manages the login and sets up the
connection. For the duration of the session it executes any
of commands sent by the FTP client.
</p>
<p class="para">L'accesso a un server FTP può essere gestito in due modi:</p>
<div class="list itemizedlist"><ul class="list itemizedlist compact">
<li class="list itemizedlist">
<p class="para">Anonimo</p>
</li>
<li class="list itemizedlist">
<p class="para">Con autenticazione</p>
</li>
</ul></div>
<p class="para">
In the Anonymous mode, remote clients can access the FTP
server by using the default user account called
"anonymous" or "ftp" and sending an
email address as the password. In the Authenticated mode a
user must have an account and a password. This latter
choice is very insecure and should not be used except in
special circumstances. If you are looking to transfer files
securely see SFTP in the section on OpenSSH-Server. User
access to the FTP server directories and files is dependent
on the permissions defined for the account used at login. As
a general rule, the FTP daemon will hide the root directory
of the FTP server and change it to the FTP Home
directory. This hides the rest of the file system from
remote sessions.
</p>
</div>
<div class="links sectionlinks"><ul>
<li class="links"><a class="xref" href="ftp-server.html#vsftpd-ftp-server-installation" title="vsftpd - Installazione del server FTP">vsftpd - Installazione del server FTP</a></li>
<li class="links"><a class="xref" href="ftp-server.html#vsftpd-anonymous-configuration" title="Configurazione anonima di FTP">Configurazione anonima di FTP</a></li>
<li class="links"><a class="xref" href="ftp-server.html#vsftpd-userauth-configuration" title="Configurazione FTP per utenti autenticati">Configurazione FTP per utenti autenticati</a></li>
<li class="links"><a class="xref" href="ftp-server.html#vsftpd-security" title="FTP sicuro">FTP sicuro</a></li>
<li class="links"><a class="xref" href="ftp-server.html#vsftpd-references" title="Riferimenti">Riferimenti</a></li>
</ul></div>
<div class="sect2 sect" id="vsftpd-ftp-server-installation"><div class="inner">
<div class="hgroup"><h2 class="title">vsftpd - Installazione del server FTP</h2></div>
<div class="region"><div class="contents">
<p class="para">
<span class="app application">vsftpd</span> is an FTP daemon
available in Ubuntu. It is easy to install, set up, and
maintain. To install <span class="app application">vsftpd</span>
you can run the following command:
</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo apt-get install vsftpd</span>
</pre></div>
</div></div>
</div></div>
<div class="sect2 sect" id="vsftpd-anonymous-configuration"><div class="inner">
<div class="hgroup"><h2 class="title">Configurazione anonima di FTP</h2></div>
<div class="region"><div class="contents">
<p class="para">
By default <span class="app application">vsftpd</span> is <span class="em emphasis">not</span> configured to allow anonymous download.
If you wish to enable anonymous download edit <span class="file filename">/etc/vsftpd.conf</span> by changing:
</p>
<div class="code"><pre class="contents ">anonymous_enable=Yes
</pre></div>
<p class="para">
During installation a <span class="em emphasis">ftp</span> user is created with a home directory
of <span class="file filename">/srv/ftp</span>. This is the default FTP directory.
</p>
<p class="para">
If you wish to change this location, to <span class="file filename">/srv/files/ftp</span>
for example, simply create a directory in another location and
change the <span class="em emphasis">ftp</span> user's home directory:
</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo mkdir /srv/files/ftp</span>
<span class="cmd command">sudo usermod -d /srv/files/ftp ftp</span>
</pre></div>
<p class="para">Applicate le modifiche, riavviare <span class="app application">vsftpd</span>:</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo restart vsftpd</span>
</pre></div>
<p class="para">
Finally, copy any files and directories you would like to make available
through anonymous FTP to <span class="file filename">/srv/files/ftp</span>, or <span class="file filename">/srv/ftp</span> if you wish to
use the default.
</p>
</div></div>
</div></div>
<div class="sect2 sect" id="vsftpd-userauth-configuration"><div class="inner">
<div class="hgroup"><h2 class="title">Configurazione FTP per utenti autenticati</h2></div>
<div class="region"><div class="contents">
<p class="para">
By default <span class="app application">vsftpd</span> is configured to authenticate
system users and allow them to download files. If you want users to be able to upload files, edit
<span class="file filename">/etc/vsftpd.conf</span>:
</p>
<div class="code"><pre class="contents ">write_enable=YES
</pre></div>
<p class="para">Riavviare <span class="app application">vsftpd</span>:</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo restart vsftpd</span>
</pre></div>
<p class="para">Ora, quando gli utenti accedono via FTP, il loro punto di partenza sarà la propria directory <span class="em emphasis">home</span>, dove potranno scaricare e caricare file e creare directory.</p>
<p class="para">
Similarly, by default, anonymous users are not
allowed to upload files to FTP server. To change
this setting, you should uncomment the following
line, and restart <span class="app application">vsftpd</span>:
</p>
<div class="code"><pre class="contents ">anon_upload_enable=YES
</pre></div>
<div class="note note-warning" title="Avvertimento"><div class="inner"><div class="region"><div class="contents">
<p class="para">Abilitare il caricamento anonimo di file via FTP può compromettere la sicurezza del sistema. È sconsigliato abilitare il caricamento anonimo su server collegati direttamente a Internet.</p>
</div></div></div></div>
<p class="para">Il file di configurazione è composto da diversi parametri di configurazione, le cui informazioni sono disponibili nel file stesso. In alternativa, è possibile fare riferimento alla pagina man (<span class="cmd command">man 5 vsftpd.conf</span>).</p>
</div></div>
</div></div>
<div class="sect2 sect" id="vsftpd-security"><div class="inner">
<div class="hgroup"><h2 class="title">FTP sicuro</h2></div>
<div class="region"><div class="contents">
<p class="para">All'interno del file di configurazione <span class="file filename">/etc/vsftpd.conf</span> di <span class="app application">vsftpd</span>, sono presenti molte opzioni per rendere il programma più sicuro. Per esempio, togliendo il commento a quanto segue, gli utenti possono essere limitati all'utilizzo solo della propria directory personale:</p>
<div class="code"><pre class="contents ">chroot_local_user=YES
</pre></div>
<p class="para">È anche possibile limitare un particolare gruppo di utenti all'utilizzo delle sole directory personali:</p>
<div class="code"><pre class="contents ">chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
</pre></div>
<p class="para">Tolto il commento alle opzioni precedenti, creare un file <span class="file filename">/etc/vsftpd.chroot_list</span> con l'elenco degli utenti, uno per riga, quindi riavviare <span class="app application">vsftpd</span>:</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo restart vsftpd</span>
</pre></div>
<p class="para">Inoltre, il file <span class="file filename">/etc/ftpusers</span> contiene un elenco di utenti a cui è <span class="em emphasis">negato</span> l'accesso FTP. L'elenco comprende gli utenti root, daemon, nobody, ecc... Per disabilitare l'accesso FTP ad altri utenti, aggiungerli semplicemente a questo elenco.</p>
<p class="para">
FTP can also be encrypted using <span class="em emphasis">FTPS</span>. Different from <span class="em emphasis">SFTP</span>,
<span class="em emphasis">FTPS</span> is FTP over Secure Socket Layer (SSL). <span class="em emphasis">SFTP</span> is a FTP
like session over an encrypted <span class="em emphasis">SSH</span> connection. A major difference is that users
of SFTP need to have a <span class="em emphasis">shell</span> account on the system, instead of a
<span class="em emphasis">nologin</span> shell. Providing all users with a shell may not be ideal for some
environments, such as a shared web host. However, it is possible to restrict such accounts to
only SFTP and disable shell interaction. See the section on OpenSSH-Server for more.
</p>
<p class="para">Per configurare <span class="em emphasis">FTPS</span>, modificare il file <span class="file filename">/etc/vsftpd.conf</span> aggiungendo:</p>
<div class="code"><pre class="contents ">ssl_enable=Yes
</pre></div>
<p class="para">Inoltre, notare anche le opzioni relative al certificato e alla chiave:</p>
<div class="code"><pre class="contents ">rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
</pre></div>
<p class="para">
By default these options are set to the certificate and key provided by the <span class="app application">ssl-cert</span>
package. In a production environment these should be replaced with a certificate and key generated for the specific
host. For more information on certificates see <a class="xref" href="certificates-and-security.html" title="Certificati">Certificati</a>.
</p>
<p class="para">Riavviare <span class="app application">vsftpd</span> e gli utenti non-anonimi utilizzeranno <span class="em emphasis">FTPS</span>:</p>
<div class="screen"><pre class="contents "><span class="cmd command">sudo restart vsftpd</span>
</pre></div>
<p class="para">Per consentire accesso FTP agli utenti dotati di una shell <span class="file filename">/usr/sbin/nologin</span>, ma non dispongono di accesso shell, modificare il file <span class="file filename">/etc/shells</span> aggiungendo <span class="em emphasis">nologin</span>:</p>
<div class="code"><pre class="contents "># /etc/shells: valid login shells
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/usr/sbin/nologin
</pre></div>
<p class="para">Questo è necessario poiché, in modo predefinito, <span class="app application">vsftpd</span> utilizza PAM per l'autenticazione e i file di configurazione <span class="file filename">/etc/pam.d/vsftpd</span> contiene:</p>
<div class="code"><pre class="contents ">auth required pam_shells.so
</pre></div>
<p class="para">Il modulo <span class="em emphasis">shells</span> di PAM limita l'accesso alle shell indicate nel file <span class="file filename">/etc/shells</span>.</p>
<p class="para">
Most popular FTP clients can be configured to connect using FTPS. The <span class="app application">lftp</span> command line FTP
client has the ability to use FTPS as well.
</p>
</div></div>
</div></div>
<div class="sect2 sect" id="vsftpd-references"><div class="inner">
<div class="hgroup"><h2 class="title">Riferimenti</h2></div>
<div class="region"><div class="contents"><div class="list itemizedlist"><ul class="list itemizedlist">
<li class="list itemizedlist">
<p class="para">Per maggiori informazioni, consultare il <a class="ulink" href="http://vsftpd.beasts.org/vsftpd_conf.html" title="http://vsftpd.beasts.org/vsftpd_conf.html">sito web di vsftpd</a>.</p>
</li>
<li class="list itemizedlist">
<p class="para">
For detailed <span class="file filename">/etc/vsftpd.conf</span> options see the
<a class="ulink" href="http://manpages.ubuntu.com/manpages/precise/en/man5/vsftpd.conf.5.html" title="http://manpages.ubuntu.com/manpages/precise/en/man5/vsftpd.conf.5.html">vsftpd.conf man page</a>.
</p>
</li>
</ul></div></div></div>
</div></div>
</div>
<div class="links nextlinks">
<a class="nextlinks-prev" href="file-servers.html" title="Server di file">Indietro</a> | <a class="nextlinks-next" href="network-file-system.html" title="NFS (Network File System)">Avanti</a>
</div>
<div class="clear"></div>
</div>
<div id="pagebottom"></div>
</div></div>
</div>
<div id="content-bottom"></div>
</div>
<div id="footer"><div class="container">
<div id="ubuntulinks">Ubuntu e Canonical sono marchi registrati da Canonical Ltd. <br>
Questa opera è pubblicata sotto una <span style="text-decoration: underline;"><a href="http://help.ubuntu-it.org/legal.html">licenza</a></span> Creative Commons.
</div>
<div id="pagebottom"></div>
</div></div>
</body>
</html>