跳过正文
  1. Posts/

搭建FTP虚拟用户

·470 字·3 分钟·
Kubehan
作者
Kubehan
云原生知识栈:深度解析容器技术、Kubernetes、Istio、DevOps 实践、Prometheus 监控、Envoy 代理、Golang 开发及云原生架构与微服务趋势的专业博客
  1. 安装认证所需包
</div>

<span style="color:#333333; font-family:Helvetica; font-size:10pt; background-color:white">首先安装PAM(用于用户认证)和DB4(用于生成虚拟用户的用户名密码的db文件)<br /> </span>

<span style="font-family:Courier New; font-size:10pt">yum -y install pam*<br /> </span>

<span style="font-family:Courier New; font-size:10pt">yum -y install db4*<br /> </span>

 

  1. 安装vsftpd
</div>

<span style="font-family:Courier New; font-size:10pt">yum install vsftpd<br /> </span>

 
  1. 设置vsftpd开机启动:
</div>

<span style="color:#7d8b8d; font-family:Helvetica; font-size:10pt"><br /> </span>  <span style="font-family:Courier New; font-size:10pt">chkconfig vsftpd on<br /> </span>

 
  1. 配置vsftpd.conf
</div>

<span style="font-size:10pt"><span style="font-family:Courier New">anonymous_enable=NO(</span><span style="font-family:等线">匿名用户关闭</span><span style="font-family:Courier New">)<br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">local_enable=YES</span><span style="font-family:等线">(本地用户可访问)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">write_enable=YES</span><span style="font-family:等线">(可上传)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">local_umask=022<br /> </span>

<span style="font-family:Courier New; font-size:10pt">xferlog_enable=YES<br /> </span>

<span style="font-family:Courier New; font-size:10pt">xferlog_std_format=YES<br /> </span>

<span style="font-family:Courier New; font-size:10pt">xferlog_file=/etc/vsftpd/vsftpd.log<br /> </span>

<span style="font-size:10pt"><span style="font-family:等线">这</span><span style="font-family:Courier New">3</span><span style="font-family:等线">项由于设置</span><span style="font-family:Courier New">log</span><span style="font-family:等线">日志,在</span><span style="font-family:Courier New">/etc/vsftpd/</span><span style="font-family:等线">下新建一个</span><span style="font-family:Courier New">vsftpd.log</span><span style="font-family:等线">文件</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">connect_from_port_20=YES<br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">idle_session_timeout=600</span><span style="font-family:等线">(数据传输中断间隔时间)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">listen=YES<br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">#listen_ipv6=YES(</span><span style="font-family:等线">注释掉</span><span style="font-family:Courier New">)<br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">pam_service_name=vsftpd<br /> </span>

<span style="font-family:Courier New; font-size:10pt">userlist_enable=YES<br /> </span>

<span style="font-family:Courier New; font-size:10pt">tcp_wrappers=YES<br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">chroot_local_user=YES</span><span style="font-family:等线">(锁定根目录</span><span style="font-family:Courier New"><br /> </span><span style="font-family:等线">)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">guest_enable=YES</span><span style="font-family:等线">(启用虚拟用户)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">guest_username=sprixin</span><span style="font-family:等线">(虚拟用户借用的系统本地用户名)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">user_config_dir=/etc/vsftpd/virtualuser_conf</span><span style="font-family:等线">(虚拟用户的配置文件路径)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">allow_writeable_chroot=YES<br /> </span>

<span style="font-family:Courier New; font-size:10pt">touch /etc/vsftpd/vsftpd.log<br /> </span>
  1. 配置虚拟用户(虚拟用户权限根据以下内容控制)
</div>

<span style="font-size:10pt"><span style="font-family:Courier New">mkdir /etc/vsftpd/virtualuser_conf (</span><span style="font-family:等线">虚拟用户配置文件</span><span style="font-family:Courier New">)<br /> </span></span>

<span style="font-size:10pt"><span style="font-family:等线">在</span><span style="font-family:Courier New">/etc/vsftpd/virtualuser_conf </span><span style="font-family:等线">新建一个虚拟用户名文件</span><span style="font-family:Courier New"><br /> </span></span>

<span style="color:#7d8b8d; font-family:Helvetica; font-size:10pt"><span style="background-color:yellow">vim etc/vsftpd/virtualuser_conf /u1(只能下载不能上传)</span><br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">local_root=/home/ftp</span><span style="font-family:等线">(该虚拟用户上传下载的根目录)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">write_enable=YES</span><span style="font-family:等线">(启动写权限,上传)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">anon_umask=022<br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_world_readable_only=NO</span><span style="font-family:等线">(关闭只可读权限)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_upload_enable=NO</span><span style="font-family:等线">(不能上传)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_mkdir_write_enable=YES</span><span style="font-family:等线">(创建目录权限)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_other_write_enable=YES</span><span style="font-family:等线">(其他写权限,改,删)</span><span style="font-family:Courier New"><br /> </span></span>

<p style="background: white">
   
</p>

<span style="color:#7d8b8d; font-family:Helvetica; font-size:10pt"><span style="background-color:yellow">Vim etc/vsftpd/virtualuser_conf /u2(只能上传,不能下载)</span><br /> </span>

<span style="font-family:Courier New; font-size:10pt">local_root=/home/ftp<br /> </span>

<span style="font-family:Courier New; font-size:10pt">write_enable=YES<br /> </span>

<span style="font-family:Courier New; font-size:10pt">download_enable=NO<br /> </span>

<span style="font-family:Courier New; font-size:10pt">anon_umask=022<br /> </span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_world_readable_only=NO</span><span style="font-family:等线">(关闭只可读权限)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_upload_enable=YES</span><span style="font-family:等线">(不能上传)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_mkdir_write_enable=YES</span><span style="font-family:等线">(创建目录权限)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-size:10pt"><span style="font-family:Courier New">anon_other_write_enable=YES</span><span style="font-family:等线">(其他写权限,改,删)</span><span style="font-family:Courier New"><br /> </span></span>

<span style="font-family:Courier New; font-size:10pt">cmds_allowed=FEAT,REST,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RMD,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST,RETR<br /> </span>
  1. 在/etc/vsftpd/目录新建一个虚拟用户文档
</div>

<span style="color:#7d8b8d; font-family:Helvetica; font-size:10pt">vim virtualuser_passwd.txt<br /> </span>

<span style="color:#7d8b8d; font-family:Helvetica"><span style="font-size:10pt">ch</span><span style="color:#333333"><span style="background-color:white">奇数行是用户名,偶数行是密码,</span><span style="color:#7d8b8d; font-size:10pt"><br /> </span></span></span>
  1. 生成虚拟用户认证的db文件
</div>

<span style="font-family:Courier New; font-size:10pt">db_load -T -t hash -f /etc/vsftpd/virtualuser_passwd.txt /etc/vsftpd/virtualuser_passwd.db<br /> </span>
  1. 编辑认证文件/etc/pam.d/vsftpd,全部注释掉原来语句,添加以下两句
</div>

<span style="font-family:Courier New; font-size:10pt">auth required pam_userdb.so db=/etc/vsftpd/virtualuser_passwd<br /> </span>

<span style="font-family:Courier New; font-size:10pt">account required pam_userdb.so db=/etc/vsftpd/virtualuser_passwd<br /> </span>
  1. 设置服务器上的目录权限
</div>

<span style="font-family:Courier New; font-size:10pt">chown -R sprixin:sprixin /home/ftpuser<br /> </span>

<span style="font-family:Courier New; font-size:10pt">chmod 777 /home/ftpuser  </span>