1.安装vsftpd:
[root@localhost ~]# yum -y install vsftpd
用户认证配置文件:/etc/pam.d/vsftpd
服务脚本:/etc/rc.d/init.d/vsftpd
配置文件目录:/etc/vsftpd
主配置文件:vsftpd.conf
匿名用户:共享资源位置:/var/ftp
系统用户通过ftp访问资源是的位置:用户自己的家目录;
虚拟用户通过ftp访问资源时的位置:给虚拟用户指定的硬射成为的系统用户的家目录;
root@localhost ~]# service vsftpd restartShutting down vsftpd: [FAILED]Starting vsftpd for vsftpd: [ OK ][root@localhost ~]# ss -tnlState Recv-Q Send-Q Local Address:Port Peer Address:PortLISTEN 0 50 *:3306 *:* LISTEN 0 128 :::80 :::* LISTEN 0 32 *:21 *:* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* [root@localhost ~]#
3.修改配置文件:
[root@localhost vsftpd]# cp vsftpd.confvsftpd.bak
匿名访问控制:/etc/vsftp.confanonymous_enable=YES
设置打开上传权限:
anon_upload_enable=YES
系统访问控制:
local_enable=YESwrite_enable=YESchroot_umask=022
禁用本地用户或者指定用户
chroot_local_user=YESchroot_liset_file=/etc/vsftpd/chroot_list
利用ftp账户登录并且上传到upload目录里:
先将目录给予setfacl授权读写执行;
[root@localhost ftp]# setfacl -m u:ftp:rwx upload/[root@localhost ftp]# getfacl upload/# file: upload/# owner: root# group: rootuser::rwxuser:ftp:rwxgroup::r-xmask::rwxother::r-x
测试是否可以上传文件:
[root@localhostetc]# ftp 192.168.1.122Connected to 192.168.1.122 (192.168.1.122).220 (vsFTPd 2.2.2)Name (192.168.1.122:root): ftp331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode(192,168,1,122,244,212).150 Here comes the directory listing.drwxr-xr-x 2 0 0 4096 Jul 24 00:49 pubdrwxrwxr-x 3 0 0 4096 Oct 22 20:49upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> pwd257 "/upload"ftp> put fstablocal: fstab remote: fstab227 Entering Passive Mode(192,168,1,122,248,28).150 Ok to send data.226 Transfer complete.805 bytes sent in 0.000295 secs (2728.81Kbytes/sec)ftp>
开启ftp服务器里是否可以匿名创建目录的参数:
anon_mkdir_write_enable=YES
测试:
rwx------ 2 14 50 4096 Oct 22 20:49 aa-rw------- 1 14 50 805 Oct 22 20:54fstab226 Directory send OK.ftp> mkdir bb257 "/upload/bb" createdftp> ls227 Entering Passive Mode(192,168,1,122,120,93).150 Here comes the directory listing.drwx------ 2 14 50 4096 Oct 22 20:49 aadrwx------ 2 14 50 4096 Oct 22 20:58 bb-rw------- 1 14 50 805 Oct 22 20:54fstab226 Directory send OK.ftp>
但是删除不了创建的文件,需要修改配置文件添加一行:
anon_other_write_enable=YES
测试:
ftp> delete fstab250 Delete operation successful.
其他机制:
用户控制:
userlist_enable=YESuserlist_deny=YES|NO
默认文件为/etc/vsftpd/user_list
链接限制:
max_clients:最大并发连接数;
max_per_ip:每个ip同时并发请求数;
传输速率:
anno_max_rate:匿名用户最大传输速率,单位是“字节/秒”
local_max_rate:本地用户
虚拟用户:
所有的虚拟用户会被统一映射为一个指定的系统账号,访问的共享位置即为此系统账号的家目录;
各虚拟用户可被赋予不同访问权限;
通过匿名用户的权限控制参数进行指定;
虚拟用户账号的存储方式:
文件:编辑文件
奇数行为用户名
偶数行为密码
此文件需要被编码为hash格式:
关系型数据库中的表中:
即时查询数据库完成用户认证;
Mysql库:
pam_mysql.x86.64
关系型数据库:
[root@localhostlocal]# yum install pam_mysql
1.准备数据库及相关表
mariaDB [(none)]> CREATE DATABASE vsftpd;
use vsftpd;
授权账号:
mariaDB [vsftpd]> GRANT SELECT ONvsftpd.* TO vsftp@'192.168.%.%' IDENTIFIED BY '123..com'; mariaDB [vsftpd]> FLUSH PRIVILEGES;
查看:
MariaDB [vsftpd]> DESC users;+----------+------------------+------+-----+---------+----------------+| Field | Type | Null | Key |Default | Extra |+----------+------------------+------+-----+---------+----------------+| id | int(10) unsigned | NO | PRI |NULL | auto_increment || name | varchar(50) | NO | | NULL | || password | char(48) | NO | | NULL | |+----------+------------------+------+-----+---------+----------------+3 rows in set (0.00 sec)
创建列表:
mariaDB [vsftpd]> create table users (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50) BINARYNOT NULL, password CHAR(48) BINARY NOT NULL);
插入users表:
mariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('hzm',password('123..com')),('tom',password('123..com')); 查看:
ariaDB [vsftpd]> SELECT * FROM users;+----+------+-------------------------------------------+| id | name | password |+----+------+-------------------------------------------+| 1| hzm |*84255B63A81BC5CC440E46029310B403F826E831 || 2| tom |*84255B63A81BC5CC440E46029310B403F826E831 |+----+------+-------------------------------------------+2 rows in set (0.00 sec
2.配置vsftpd
[root@localhost /]# vim/etc/pam.d/vsftpd.mysql
#vi /etc/pam.d/vsftpd.mysql
添加如下两行:
auth required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2account required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2
添加如下:
添加个用户修改权限:
[root@localhost /]# useradd -s/sbin/nologin -d /var/ftproot vuser
[root@localhost /]# chmod go+rx/var/ftproot/
修改vsftp.conf:
添加如下信息:
pam_service_name=vsftpd.mysqluserlist_enable=YEStcp_wrappers=YES guest_enable=YESguest_username=vuseruser_config_dir=/etc/vsftpd/vusers
保存重启vsftp;
测试:
3.配置虚拟用户有不同权限:
1
[root@localhost vsftpd]# mkdir vusers [root@localhostvsftpd]# cd vusers/[root@localhost vusers]# vim tom
添加:
anon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES
复制一份给hzm,选项参数都改成NO
测试:
ftp> put fstablocal: fstab remote: fstab227 Entering Passive Mode(192,168,159,128,172,134).150 Ok to send data.226 Transfer complete.805 bytes sent in 9.1e-05 secs (8846.15Kbytes/sec)ftp>
成功~~~
相反,hzm账户则没有任何权限;
name (192.168.159.128:root): hzm331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> lcd /etcLocal directory now /etcftp> put fstablocal: fstab remote: fstab227 Entering Passive Mode(192,168,159,128,193,112).550 Permission denied.