vsftp服務器部署
阿新 • • 發佈:2017-05-13
vsftp服務器 ftp服務器
[[email protected] www]# useradd -s /sbin/nologin -d /var/www/html/ -g apache xue
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[[email protected] www]#
[[email protected] www]# echo "123456" | passwd --stdin xue
passwd: all authentication tokens updated successfully.
3、 賦予系統用戶對/var/www/html的讀寫執行權限
[[email protected] www]# chown -R apache:apache html/
[[email protected] www]# chmod –R 775 html/
[[email protected] www]# ll -d html/
drwxrwxr-x 2 apache apache 4096 May 13 15:09 html/
4、 創建虛擬用戶文本文件
[[email protected] vsftpd]# vim vusers.txt
xuegod1
12345678
xuegod2
12345678
5、 生成虛擬用戶數據庫
[[email protected] vsftpd]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db
6、 刪除虛擬用戶文本文件防止泄密
[[email protected] vsftpd]# rm vusers.txt
rm: remove regular file `vusers.txt‘? y
[[email protected] vsftpd]#
7、 修改虛擬用戶數據庫文件訪問權限
[[email protected] vsftpd]# chmod 644 vusers.db
[[email protected] vsftpd]# ll vusers.db
-rw-r--r-- 1 root root 12288 May 13 07:27 vusers.db
[[email protected] vsftpd]#
8、 修改pam認證配置
[[email protected] pam.d]# cat vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
[[email protected] pam.d]#
9、 修改vsftpd主配置文件vsftpd.conf
anonymous_enable=NO #不允許匿名登陸
local_enable=YES #允許本地用戶登錄
chroot_local_user=YES #所有用戶都被限制在其主目錄下
chroot_list_enable=NO #不允許例外用戶切換到其他目錄
pam_service_name=vsftpd #指定PAM文件名,配置vsftpd 使用的PAM 模塊為vsftpd
user_config_dir=/etc/vsftpd/vuserconfig #設置虛擬帳號的主目錄為/etc/vsftpd/vuserconfig
10、 創建虛擬用戶配置文件夾vuserconfig
[[email protected] vsftpd]# mkdir vuserconfig
[[email protected] vsftpd]# ll -d vuserconfig/
drwxr-xr-x 2 root root 4096 May 13 07:48 vuserconfig/
[[email protected] vsftpd]#
11、 創建及配置虛擬用戶配置文件
[[email protected] vuserconfig]# cat xuegod1
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[[email protected] vuserconfig]# cat xuegod2
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[[email protected] vuserconfig]#
12、 重啟vsftpd及httpd服務並查看是否成功
[[email protected] vuserconfig]# netstat -antup | grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2136/vsftpd
[[email protected] vuserconfig]# netstat -antup | grep httpd
tcp 0 0 :::80 :::* LISTEN 2148/httpd
[[email protected] vuserconfig]#
13、 測試是否生效
[[email protected] home]# lftp -u xuegod1 192.168.70.243
Password:
lftp [email protected]:~> pwd
ftp:[email protected]
lftp [email protected]:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp [email protected]:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp [email protected]:~> ls
lftp [email protected]:/> put /home/index.html
559038 bytes transferred
lftp [email protected]:/> put /home/boot.tar.gz
3145728 bytes transferred
lftp [email protected]:/> mkdir os
mkdir ok, `os‘ created
lftp [email protected]:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp [email protected]:/> mv os iso
rename successful
lftp [email protected]:/> rm grub.tar.gz
rm ok, `grub.tar.gz‘ removed
lftp [email protected]:/> rmdir iso
rmdir ok, `iso‘ removed
lftp [email protected]:/> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp [email protected]:/> quit
[[email protected] home]#
14、 訪問apahce查看網站頁面
15、 同理測試xuegod2帳號登錄
[[email protected] home]# lftp -u xuegod2 192.168.70.243
Password:
lftp [email protected]:~> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp [email protected]:/> rm index.html
rm ok, `index.html‘ removed
lftp [email protected]:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp [email protected]:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp [email protected]:/> put /home/index.html
559038 bytes transferred
lftp [email protected]:/> put boot.tar.gz
3145728 bytes transferred
lftp [email protected]:/> mkdir os
mkdir ok, `os‘ created
lftp [email protected]:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp [email protected]:/> mv os iso
rename successful
lftp [email protected]:/> rm index.html
rm ok, `index.html‘ removed
lftp [email protected]:/> ls
-rw-r--r-- 1 500 48 3145728 May 13 08:50 grub.tar.gz
drwxr-xr-x 2 500 48 4096 May 13 08:50 iso
lftp [email protected]:/> rm grub.tar.gz
rm ok, `grub.tar.gz‘ removed
lftp [email protected]:/> rmdir iso
rmdir ok, `iso‘ removed
lftp [email protected]:/> ls
16、 刪除hao123主頁index.html後的訪問效果
1、公司內部現在有一臺FTP 和WEB 服務器,FTP
的功能主要用於維護公司的網站內容,包括上傳文件、創建目錄、更新網頁等等。公司現有兩個部門負責維護任務,他們分別使用xuegod1
和xuegod2帳號進行管理。先要求僅允許xuegod1 和xuegod2帳號登錄FTP
服務器,但不能登錄本地系統,並將這兩個帳號的根目錄限制為/var/www/html,不能進入該目錄以外的任何目錄。
說明:最好自己找一個靜態網站,然後通過ftp上傳到/var/www/html下,通過瀏覽器,可以正常訪問
1、 安裝httpd及vsftpd
[[email protected] ~]#yum -y install httpd vsftpd
[[email protected] www]# useradd -s /sbin/nologin -d /var/www/html/ -g apache xue
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[[email protected] www]#
[[email protected] www]# echo "123456" | passwd --stdin xue
passwd: all authentication tokens updated successfully.
3、 賦予系統用戶對/var/www/html的讀寫執行權限
[[email protected] www]# chown -R apache:apache html/
[[email protected] www]# chmod –R 775 html/
[[email protected] www]# ll -d html/
drwxrwxr-x 2 apache apache 4096 May 13 15:09 html/
4、 創建虛擬用戶文本文件
[[email protected] vsftpd]# vim vusers.txt
xuegod1
12345678
xuegod2
12345678
5、 生成虛擬用戶數據庫
[[email protected] vsftpd]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db
6、 刪除虛擬用戶文本文件防止泄密
[[email protected] vsftpd]# rm vusers.txt
rm: remove regular file `vusers.txt‘? y
[[email protected] vsftpd]#
7、 修改虛擬用戶數據庫文件訪問權限
[[email protected] vsftpd]# chmod 644 vusers.db
[[email protected] vsftpd]# ll vusers.db
-rw-r--r-- 1 root root 12288 May 13 07:27 vusers.db
[[email protected] vsftpd]#
8、 修改pam認證配置
[[email protected] pam.d]# cat vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
[[email protected] pam.d]#
9、 修改vsftpd主配置文件vsftpd.conf
anonymous_enable=NO #不允許匿名登陸
local_enable=YES #允許本地用戶登錄
chroot_local_user=YES #所有用戶都被限制在其主目錄下
chroot_list_enable=NO #不允許例外用戶切換到其他目錄
pam_service_name=vsftpd #指定PAM文件名,配置vsftpd 使用的PAM 模塊為vsftpd
user_config_dir=/etc/vsftpd/vuserconfig #設置虛擬帳號的主目錄為/etc/vsftpd/vuserconfig
10、 創建虛擬用戶配置文件夾vuserconfig
[[email protected] vsftpd]# mkdir vuserconfig
[[email protected] vsftpd]# ll -d vuserconfig/
drwxr-xr-x 2 root root 4096 May 13 07:48 vuserconfig/
[[email protected] vsftpd]#
11、 創建及配置虛擬用戶配置文件
[[email protected] vuserconfig]# cat xuegod1
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[[email protected] vuserconfig]# cat xuegod2
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[[email protected] vuserconfig]#
12、 重啟vsftpd及httpd服務並查看是否成功
[[email protected] vuserconfig]# netstat -antup | grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2136/vsftpd
[[email protected] vuserconfig]# netstat -antup | grep httpd
tcp 0 0 :::80 :::* LISTEN 2148/httpd
[[email protected] vuserconfig]#
13、 測試是否生效
[[email protected] home]# lftp -u xuegod1 192.168.70.243
Password:
lftp [email protected]:~> pwd
ftp:[email protected]
lftp [email protected]:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp [email protected]:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp [email protected]:~> ls
lftp [email protected]:/> put /home/index.html
559038 bytes transferred
lftp [email protected]:/> put /home/boot.tar.gz
3145728 bytes transferred
lftp [email protected]:/> mkdir os
mkdir ok, `os‘ created
lftp [email protected]:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp [email protected]:/> mv os iso
rename successful
lftp [email protected]:/> rm grub.tar.gz
rm ok, `grub.tar.gz‘ removed
lftp [email protected]:/> rmdir iso
rmdir ok, `iso‘ removed
lftp [email protected]:/> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp [email protected]:/> quit
[[email protected] home]#
14、 訪問apahce查看網站頁面
15、 同理測試xuegod2帳號登錄
[[email protected] home]# lftp -u xuegod2 192.168.70.243
Password:
lftp [email protected]:~> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp [email protected]:/> rm index.html
rm ok, `index.html‘ removed
lftp [email protected]:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp [email protected]:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp [email protected]:/> put /home/index.html
559038 bytes transferred
lftp [email protected]:/> put boot.tar.gz
3145728 bytes transferred
lftp [email protected]:/> mkdir os
mkdir ok, `os‘ created
lftp [email protected]:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp [email protected]:/> mv os iso
rename successful
lftp [email protected]:/> rm index.html
rm ok, `index.html‘ removed
lftp [email protected]:/> ls
-rw-r--r-- 1 500 48 3145728 May 13 08:50 grub.tar.gz
drwxr-xr-x 2 500 48 4096 May 13 08:50 iso
lftp [email protected]:/> rm grub.tar.gz
rm ok, `grub.tar.gz‘ removed
lftp [email protected]:/> rmdir iso
rmdir ok, `iso‘ removed
lftp [email protected]:/> ls
16、 刪除hao123主頁index.html後的訪問效果
本文出自 “明日靈感” 博客,請務必保留此出處http://coolner.blog.51cto.com/957576/1925296
vsftp服務器部署