問題:
三個部門分別上傳自己的交易數據,爲了數據的安全,均限制了下載、刪除功能;
財務部進行對賬,可以查看和下載其他三部門的數據。
採用 vsftpd 虛擬用戶實現。
圖例:
腳本:
自己粗略的寫了個腳本,方便以後使用。
#!/bin/bash
#
#generated by kevin@orient
#email to [email protected]
#this project just use vsftpd to set up sharing folders.
echo -e "\n"
echo -e "\e[1;31m There are 6 steps need to be done! \e[0m"
echo -e "\n"
#first step
echo -e "\e[1;32m First step(1/6): Get the variables(獲取變量) \e[0m"
ftpdir=/etc/vsftpd
pubdir=/var/ftp
chrootfile=/etc/vsftpd/chroot_list
read -s -p "Please input the CCB's password: " ccbpass
echo -e "\n"
read -s -p "Please input the BC's password: " bcpass
echo -e "\n"
read -s -p "Please input the ABC's password: " abcpass
echo -e "\n"
read -s -p "Please input the ShangTong's password: " stpass
echo -e "\n"
#second step
echo -e "\e[1;32m Second step(2/6): Create the users and groups(創建用戶和組) \e[0m"
#users and groups
`which groupadd` ftpuser
`which useradd` -s /sbin/nologin vsftpd
`which useradd` -G ftpuser -d /var/ftp/ccb -s /sbin/nologin ftp_ccb
`which useradd` -G ftpuser -d /var/ftp/bc -s /sbin/nologin ftp_bc
`which useradd` -G ftpuser -d /var/ftp/abc -s /sbin/nologin ftp_abc
`which useradd` -G ftpuser,ftp_ccb,ftp_bc,ftp_abc -d /var/ftp/st -s /sbin/nologin ftp_st
#third step
echo -e "\e[1;32m Third step(3/6): Package Dependencies(安裝相關軟件) \e[0m"
#Package Dependencies
yum install vsftpd pam db4 db4-devel db4-utils -y
#step four
echo -e "\e[1;32m Fourth step(4/6): Selinux and Iptables(SELINUX和防火牆) \e[0m"
#selinux iptables service
chkconfig vsftpd on
setenforce 0
iptables -F && service iptables save
#step five
echo -e "\e[1;32m Fifth step(5/6): Create userdb(創建用戶數據) \e[0m"
#db_load
cat > /etc/vsftpd/vuser.txt << EOF
ccb
$ccbpass
bc
$bcpass
abc
$abcpass
st
$stpass
EOF
db_load -T -t hash -f /etc/vsftpd/vuser.txt /etc/vsftpd/vuser.db
chmod 600 $ftpdir/vuser.txt
if [ -f /lib64/security/pam_userdb.so ];then
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
echo "auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" > /etc/pam.d/vsftpd
echo "account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" >> /etc/pam.d/vsftpd
else
echo "auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" > /etc/pam.d/vsftpd
echo "account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" >> /etc/pam.d/vsftpd
fi
#step six
echo -e "\e[1;32m First step(6/6): Configuration(配置數據) \e[0m"
echo "ccb" > $chrootfile
echo "bc" >> $chrootfile
echo "abc" >> $chrootfile
echo "st" >> $chrootfile
sed -e "s/anonymous_enable=YES/anonymous_enable=NO/g" $ftpdir/vsftpd.conf
cat >> $ftpdir/vsftpd.conf << EOF
#added
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=vsftpd
async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=YES
chroot_list_file=$ftpdir/chroot_list
guest_enable=yes
virtual_use_local_privs=YES
user_config_dir=$ftpdir/vuser_config
EOF
#log dir
touch /var/log/vsftpd.log
`which chown` vsftpd.vsftpd /var/log/vsftpd.log
#make configure
mkdir $ftpdir/vuser_config
cd $ftpdir/vuser_config
cat > abc << EOF
download_enable=NO
guest_enable=YES
guest_username=ftp_abc
local_root=/var/ftp/abc
max_clients=10
max_per_ip=5
local_max_rate=100000
cmds_allowed=ABOR,APPE,CWD,CDUP,FEAT,LIST,MKD,MDTM,PASS,PASV,PWD,QUIT,RETR,REST,STOR,STRU,TYPE,USER
EOF
sed -e "s/abc/bc/g" abc > bc
sed -e "s/abc/ccb/g" abc > ccb
sed -e "s/abc/st/g" abc > st
sed -i "s/\/var\/ftp\/st/\/var\/ftp/g" st
sed -i "1d" st
#dirs of ftp
chmod 750 $pubdir/{abc,bc,ccb}
#vsftpd service start
service vsftpd restart
echo -e "\n"
if [ $? -eq 0 ];then
echo -e "\e[1;32m Successful installed!i(安裝成功!)\e[0m"
else
echo -e echo -e "\e[1;31m Warning! Error!(安裝失敗!)\e[0m"
exit 1
fi
echo -e "\n"
寫下做個記錄方便以後查看,腳本中代碼執行時間長的語句(這裏指的是useradd創建指定家目錄用戶)執行不成功,只有再次執行腳本才能創建好。希望知道怎麼解決的哥們兒給個意見,暫不考慮寫到條件語句中限制下一步操作,這裏先謝謝了,QQ345258361