cp /etc/ftpd/ftpaccess /etc/ftpd/ftpaccess.bak
其他你需要修改的備份文件也做備份。
其他你需要修改的備份文件也做備份。
1、建立測試賬戶
useradd -d /data1/test -m test
命令解釋:
建立賬戶test,賬戶的目錄爲/data1/test
如果不存在/data1/test,則建立/data1/test
如果存在,就使用/data1/test作爲賬戶test的目錄。
命令解釋:
建立賬戶test,賬戶的目錄爲/data1/test
如果不存在/data1/test,則建立/data1/test
如果存在,就使用/data1/test作爲賬戶test的目錄。
restricted-uid test
guest-root /data1/test test
解釋:
restricted-uid test需要限制的用戶UID
guest-root 命令把目錄(/data1/test)指定給test賬戶登陸ftp的默認家目錄
guest-root /data1/test test
解釋:
restricted-uid test需要限制的用戶UID
guest-root 命令把目錄(/data1/test)指定給test賬戶登陸ftp的默認家目錄
[root@root]:/etc/ftpd#ftp 110.1.28.135
Connected to 110.1.28.135.
220 aisms FTP server ready.
Name (110.1.28.135:root): test
331 Password required for test.
Password:
230 User test logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
a.sql
b.sql
c.sql
d.sql
e.sql
226 Transfer complete.
35 bytes received in 0.00034 seconds (101.36 Kbytes/s)
ftp> cd ..
550 Permission denied on server. You are restricted to your account.
ftp> cd /data1
550 /data1: No such file or directory.
ftp> cd /data1
550 /data1: No such file or directory.
ftp> bye
[root@root]:/data1/test#ls
a.sql b.sql c.sql d.sql e.sql
[root@root]:/data1/test#cd /
[root@root]:/#ls
bin cdrom data1 devices export kernel lost+found net platform sbin test.sh usr vol
boot data dev etc home lib mnt opt proc system tmp var yl
[root@root]:/#
-----可見/data1、/data目錄是存在的,但在ftp中用test登陸提示550 /data1: No such file or directory.,可以確定,已經限制用戶test訪問test家目錄以外的任何目錄。
可以確定的是,這樣用戶只能ftp訪問自己在ftpaccess中指定的目錄。
Connected to 110.1.28.135.
220 aisms FTP server ready.
Name (110.1.28.135:root): test
331 Password required for test.
Password:
230 User test logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
a.sql
b.sql
c.sql
d.sql
e.sql
226 Transfer complete.
35 bytes received in 0.00034 seconds (101.36 Kbytes/s)
ftp> cd ..
550 Permission denied on server. You are restricted to your account.
ftp> cd /data1
550 /data1: No such file or directory.
ftp> cd /data1
550 /data1: No such file or directory.
ftp> bye
[root@root]:/data1/test#ls
a.sql b.sql c.sql d.sql e.sql
[root@root]:/data1/test#cd /
[root@root]:/#ls
bin cdrom data1 devices export kernel lost+found net platform sbin test.sh usr vol
boot data dev etc home lib mnt opt proc system tmp var yl
[root@root]:/#
-----可見/data1、/data目錄是存在的,但在ftp中用test登陸提示550 /data1: No such file or directory.,可以確定,已經限制用戶test訪問test家目錄以外的任何目錄。
可以確定的是,這樣用戶只能ftp訪問自己在ftpaccess中指定的目錄。
本文出自 “Focus on Oracle” 博客,請務必保留此出處http://alexy.blog.51cto.com/6115453/1084516