1.安裝vsftpd:
[root@localhost ~]# yum -y install vsftpd
用戶認證配置文件:/etc/pam.d/vsftpd
服務腳本:/etc/rc.d/init.d/vsftpd
配置文件目錄:/etc/vsftpd
主配置文件:vsftpd.conf
匿名用戶:共享資源位置:/var/ftp
系統用戶通過ftp訪問資源是的位置:用戶自己的家目錄;
虛擬用戶通過ftp訪問資源時的位置:給虛擬用戶指定的硬射成爲的系統用戶的家目錄;
root@localhost ~]# service vsftpd restart Shutting down vsftpd: [FAILED] Starting vsftpd for vsftpd: [ OK ] [root@localhost ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 :::80 :::* LISTEN 0 32 *:21 *:* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* [root@localhost ~]#
3.修改配置文件:
[root@localhost vsftpd]# cp vsftpd.confvsftpd.bak
匿名訪問控制:/etc/vsftp.conf anonymous_enable=YES
設置打開上傳權限:
anon_upload_enable=YES
系統訪問控制:
local_enable=YES write_enable=YES chroot_umask=022
禁用本地用戶或者指定用戶
chroot_local_user=YES chroot_liset_file=/etc/vsftpd/chroot_list
利用ftp賬戶登錄並且上傳到upload目錄裏:
先將目錄給予setfacl授權讀寫執行;
[root@localhost ftp]# setfacl -m u:ftp:rwx upload/ [root@localhost ftp]# getfacl upload/ # file: upload/ # owner: root # group: root user::rwx user:ftp:rwx group::r-x mask::rwx other::r-x
測試是否可以上傳文件:
[root@localhostetc]# ftp 192.168.1.122 Connected to 192.168.1.122 (192.168.1.122). 220 (vsFTPd 2.2.2) Name (192.168.1.122:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode(192,168,1,122,244,212). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Jul 24 00:49 pub drwxrwxr-x 3 0 0 4096 Oct 22 20:49upload 226 Directory send OK. ftp> cd upload 250 Directory successfully changed. ftp> pwd 257 "/upload" ftp> put fstab local: fstab remote: fstab 227 Entering Passive Mode(192,168,1,122,248,28). 150 Ok to send data. 226 Transfer complete. 805 bytes sent in 0.000295 secs (2728.81Kbytes/sec) ftp>
開啓ftp服務器裏是否可以匿名創建目錄的參數:
anon_mkdir_write_enable=YES
測試:
rwx------ 2 14 50 4096 Oct 22 20:49 aa -rw------- 1 14 50 805 Oct 22 20:54fstab 226 Directory send OK. ftp> mkdir bb 257 "/upload/bb" created ftp> ls 227 Entering Passive Mode(192,168,1,122,120,93). 150 Here comes the directory listing. drwx------ 2 14 50 4096 Oct 22 20:49 aa drwx------ 2 14 50 4096 Oct 22 20:58 bb -rw------- 1 14 50 805 Oct 22 20:54fstab 226 Directory send OK. ftp>
但是刪除不了創建的文件,需要修改配置文件添加一行:
anon_other_write_enable=YES
測試:
ftp> delete fstab 250 Delete operation successful.
其他機制:
用戶控制:
userlist_enable=YES userlist_deny=YES|NO
默認文件爲/etc/vsftpd/user_list
鏈接限制:
max_clients:最大併發連接數;
max_per_ip:每個ip同時併發請求數;
傳輸速率:
anno_max_rate:匿名用戶最大傳輸速率,單位是“字節/秒”
local_max_rate:本地用戶
虛擬用戶:
所有的虛擬用戶會被統一映射爲一個指定的系統賬號,訪問的共享位置即爲此係統賬號的家目錄;
各虛擬用戶可被賦予不同訪問權限;
通過匿名用戶的權限控制參數進行指定;
虛擬用戶賬號的存儲方式:
文件:編輯文件
奇數行爲用戶名
偶數行爲密碼
此文件需要被編碼爲hash格式:
關係型數據庫中的表中:
即時查詢數據庫完成用戶認證;
Mysql庫:
pam_mysql.x86.64
關係型數據庫:
[root@localhostlocal]# yum install pam_mysql
1.準備數據庫及相關表
mariaDB [(none)]> CREATE DATABASE vsftpd;
use vsftpd;
授權賬號:
mariaDB [vsftpd]> GRANT SELECT ONvsftpd.* TO vsftp@'192.168.%.%' IDENTIFIED BY '123..com'; mariaDB [vsftpd]> FLUSH PRIVILEGES;
查看:
MariaDB [vsftpd]> DESC users; +----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key |Default | Extra | +----------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI |NULL | auto_increment | | name | varchar(50) | NO | | NULL | | | password | char(48) | NO | | NULL | | +----------+------------------+------+-----+---------+----------------+ 3 rows in set (0.00 sec)
創建列表:
mariaDB [vsftpd]> create table users (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50) BINARYNOT NULL, password CHAR(48) BINARY NOT NULL);
插入users表:
mariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('hzm',password('123..com')),('tom',password('123..com'));
查看:
ariaDB [vsftpd]> SELECT * FROM users; +----+------+-------------------------------------------+ | id | name | password | +----+------+-------------------------------------------+ | 1| hzm |*84255B63A81BC5CC440E46029310B403F826E831 | | 2| tom |*84255B63A81BC5CC440E46029310B403F826E831 | +----+------+-------------------------------------------+ 2 rows in set (0.00 sec
2.配置vsftpd
[root@localhost /]# vim/etc/pam.d/vsftpd.mysql
#vi /etc/pam.d/vsftpd.mysql
添加如下兩行:
auth required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2 account required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2
添加如下:
添加個用戶修改權限:
[root@localhost /]# useradd -s/sbin/nologin -d /var/ftproot vuser
[root@localhost /]# chmod go+rx/var/ftproot/
修改vsftp.conf:
添加如下信息:
pam_service_name=vsftpd.mysql userlist_enable=YES tcp_wrappers=YES guest_enable=YES guest_username=vuser user_config_dir=/etc/vsftpd/vusers
保存重啓vsftp;
測試:
3.配置虛擬用戶有不同權限:
1
[root@localhost vsftpd]# mkdir vusers [root@localhostvsftpd]# cd vusers/ [root@localhost vusers]# vim tom
添加:
anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
複製一份給hzm,選項參數都改成NO
測試:
ftp> put fstab local: fstab remote: fstab 227 Entering Passive Mode(192,168,159,128,172,134). 150 Ok to send data. 226 Transfer complete. 805 bytes sent in 9.1e-05 secs (8846.15Kbytes/sec) ftp>
成功~~~
相反,hzm賬戶則沒有任何權限;
name (192.168.159.128:root): hzm 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> lcd /etc Local directory now /etc ftp> put fstab local: fstab remote: fstab 227 Entering Passive Mode(192,168,159,128,193,112). 550 Permission denied.