本文介绍vsftpd的安装和配置,配置后的效果:
安装
配置
禁止匿名
限制只能访问本地目录
设置支持被动模式
1
2
3
4
|
pasv_enable=YES
pasv_min_port=6000
pasv_max_port=7000
|
增加虚拟账号
1
2
3
4
5
6
7
8
9
10
| cd /etc/vsftpd
cat > vuser << EOF
ftp1
123456
ftp2
123456
EOF
db_load -T -t hash -f vuser vuser.db
useradd -d /data/vuser -s /sbin/nologin vuser
|
增加虚拟账号的pam认证
1
2
3
4
| cat > /etc/pam.d/vsftpd.vuser << EOF
auth required pam_userdb.so db=/etc/vsftpd/vuser
account required pam_userdb.so db=/etc/vsftpd/vuser
EOF
|
开启虚拟账号
1
2
3
4
|
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.vuser
|
增加虚拟账号登录
不同用户增加不同权限
1
2
|
user_config_dir=/etc/vsftpd/vuser_dir
|
每个虚拟用户,一个配置文件
1
2
3
4
5
6
7
8
9
10
|
cat > /etc/vsftpd/vuser_dir/ftp1 << EOF
local_root=/data/FTP/ftpuser
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
EOF
|
增加IP限制
1
2
3
| echo "vsftpd:ALL" >> /etc/hosts.deny
echo "vsftpd:192.168.1.0/255.255.255.0" >> /etc/hosts.allow
echo "vsftpd:172.16.0.0/255.255.0.0" >> /etc/hosts.allow
|
脚本
CENTOS6下vsftpd快速安装+增加虚拟用户的脚本:
vsftpd.shview raw1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
| #!/bin/bash
VUSER=ftp_v_user
DEFAULT_DIR=/data/ftp_v_user
function help(){
echo "-----------------------------"
echo " 1 - install"
echo " 2 - add user"
echo " ex. $0 2 username passwd"
echo " 3 - uninstall vsftpd"
echo " 4 - reload"
echo "-----------------------------"
}
function uninstall(){
yum -y remove vsftpd
rm -rf /etc/vsftpd
}
function install(){
uninstall
yum -y install vsftpd
cat > /etc/vsftpd/vsftpd.conf << EOF
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
userlist_enable=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=6000
pasv_max_port=7000
guest_enable=YES
guest_username=${VUSER}
pam_service_name=vsftpd.${VUSER}
user_config_dir=/etc/vsftpd/${VUSER}_dir
EOF
cat > /etc/pam.d/vsftpd.${VUSER} << EOF
auth required pam_userdb.so db=/etc/vsftpd/${VUSER}
account required pam_userdb.so db=/etc/vsftpd/${VUSER}
EOF
cd /etc/vsftpd
touch ${VUSER}
mkdir ${VUSER}_dir
useradd -d ${DEFAULT_DIR} -s /sbin/nologin ${VUSER}
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6000:7000 -j ACCEPT
add_vuser ftptest ftptest
}
function create_db(){
db_load -T -t hash -f /etc/vsftpd/${VUSER} /etc/vsftpd/${VUSER}.db
service vsftpd restart
}
function add_vuser(){
if [ "$1" == "" ]; then
echo "user can not empty."
exit
fi
if [ "$2" == "" ]; then
echo "pass can not empty."
exit
fi
ftp_user=$1
ftp_pass=$2
echo $ftp_user >> /etc/vsftpd/${VUSER}
echo $ftp_pass >> /etc/vsftpd/${VUSER}
mkdir -p ${DEFAULT_DIR}/${ftp_user}
chown ${VUSER}:${VUSER} ${DEFAULT_DIR}/${ftp_user} -R
cat > /etc/vsftpd/${VUSER}_dir/${ftp_user} << EOF
local_root=${DEFAULT_DIR}/${ftp_user}
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
EOF
create_db
echo "add finish"
}
case $1 in
[1]) install;;
[2]) add_vuser $2 $3;;
[3]) uninstall;;
[4]) create_db;;
*) help;;
esac
|
参考文档
- http://www.centoscn.com/CentosServer/ftp/2014/1215/4313.html
- http://jingyan.baidu.com/article/03b2f78c771db45ea237ae28.html