vsftp-基於虛擬用戶
阿新 • • 發佈:2019-05-07
any alt lis 轉換 生成 ins 不可 erl asc 一、在線安裝vsftpd需要的組件
[[email protected] home]# yum -y install vsftpd*
[[email protected] home]#yum -y install pam*
[[email protected] home]# yum -y install db4*
[[email protected] home]# yum -y install db4-utils二、建立虛擬用戶
[[email protected] home]#vi /etc/vsftpd/vftpuser.txt 添加虛擬用戶名和密碼。奇數行為用戶名,偶數行為密碼。 hanye hanye han han
三、生成虛擬用戶口令認證文件
把剛添加的vftpuser.txt虛擬用戶口令轉換成系統的口令認證文件。
[[email protected] home]#db_load -T -t hash -f /etc/vsftpd/vftpuser.txt /etc/vsftpd/vu_list.db四、編輯vsftpd的PAM認證
[[email protected] home]# cat /etc/pam.d/vsftpd auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vu_list account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vu_list
五、建立本地映射用戶並設置宿主權限
[[email protected] hanye]#useradd -d /home/vftpuser1 -s /sbin/nologin vftpuser [[email protected] hanye]#mkdir /home/vftpuser1/{hanye,han} 目錄的權限應該是770,owner是root,group是vftpuser [[email protected] home]#chmod -R 770 /home/vftpuser1 [[email protected] home]#chown root:vftpuser /home/vftpuser1
六、配置 vsftpd.conf
[[email protected] home]# cat /etc/vsftpd/vsftpd.conf|grep -vE "^$|^#"
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vftpuser
user_config_dir=/etc/vsftpd/userconf
allow_writeable_chroot=YES
[[email protected] home]# mkdir /etc/vsftpd/userconf七、虛擬用戶權限配置
[[email protected] userconf]# cat hanye
anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=NO
local_root=/home/vftpuser1/hanye
anon_mkdir_write_enable=YES
[[email protected] userconf]# cat han
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=yes 參數解釋
local_root=/home/vftpuser1/hanye (指定FTP只能登陸到這裏)
anon_world_readable_only=no (只讀,不能下載)
write_enable=yes (可寫入)[不能單獨使用,相當於寫開關]
anon_upload_enable=yes (可上傳)
anon_other_write_enable=yes (可刪除)
anon_mkdir_write_enable=yes (可創建目錄)
重啟vsftpd:systemctl restart vsftpdftp登錄查看
hanye用戶
hanyonghu
常用組合:
1.可瀏覽
anon_world_readable_only=no
1-1.禁瀏覽
anon_world_readable_only=yes (默認設置)
2.可上傳
write_enable=yes
anon_upload_enable=yes
3.瀏覽+下載+上傳
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=yes
4.瀏覽+下載+上傳+刪除
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=yes
anon_other_write_enable=yes
5.瀏覽+下載+上傳+創建目錄+刪除
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=yes
anon_other_write_enable=yes
anon_mkdir_write_enable=yes
6.瀏覽+下載+上傳+創建目錄+不可刪除
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=yes
anon_other_write_enable=no (或取消本項參數)
anon_mkdir_write_enable=yes總結
vsftpd是一款在Linux發行版中最受推崇的FTP服務器程序。特點是小巧輕快,安全易用。vsftp-基於虛擬用戶