|
|
1.安装vsftpd:
1
| [iyunv@localhost ~]# yum -y install vsftpd
|
用户认证配置文件:/etc/pam.d/vsftpd
服务脚本:/etc/rc.d/init.d/vsftpd
配置文件目录:/etc/vsftpd
主配置文件:vsftpd.conf
匿名用户:共享资源位置:/var/ftp
系统用户通过ftp访问资源是的位置:用户自己的家目录;
虚拟用户通过ftp访问资源时的位置:给虚拟用户指定的硬射成为的系统用户的家目录;
1
2
3
4
5
6
7
8
9
10
11
12
13
| root@localhost ~]# service vsftpd restart
Shutting down vsftpd: [FAILED]
Starting vsftpd for vsftpd: [ OK ]
[iyunv@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 32 *:21 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
[iyunv@localhost ~]#
|
3.修改配置文件:
1
| [iyunv@localhost vsftpd]# cp vsftpd.confvsftpd.bak
|
1
2
| 匿名访问控制:/etc/vsftp.conf
anonymous_enable=YES
|
设置打开上传权限:
系统访问控制:
1
2
3
| local_enable=YES
write_enable=YES
chroot_umask=022
|
禁用本地用户或者指定用户
1
2
| chroot_local_user=YES
chroot_liset_file=/etc/vsftpd/chroot_list
|
利用ftp账户登录并且上传到upload目录里: 先将目录给予setfacl授权读写执行; 1
2
3
4
5
6
7
8
9
10
| [iyunv@localhost ftp]# setfacl -m u:ftp:rwx upload/
[iyunv@localhost ftp]# getfacl upload/
# file: upload/
# owner: root
# group: root
user::rwx
user:ftp:rwx
group::r-x
mask::rwx
other::r-x
|
测试是否可以上传文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| [iyunv@localhostetc]# ftp 192.168.1.122
Connected to 192.168.1.122 (192.168.1.122).
220 (vsFTPd 2.2.2)
Name (192.168.1.122:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode(192,168,1,122,244,212).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Jul 24 00:49 pub
drwxrwxr-x 3 0 0 4096 Oct 22 20:49upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> pwd
257 "/upload"
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode(192,168,1,122,248,28).
150 Ok to send data.
226 Transfer complete.
805 bytes sent in 0.000295 secs (2728.81Kbytes/sec)
ftp>
|
开启ftp服务器里是否可以匿名创建目录的参数:
1
| anon_mkdir_write_enable=YES
|
测试:
1
2
3
4
5
6
7
8
9
10
11
12
13
| rwx------ 2 14 50 4096 Oct 22 20:49 aa
-rw------- 1 14 50 805 Oct 22 20:54fstab
226 Directory send OK.
ftp> mkdir bb
257 "/upload/bb" created
ftp> ls
227 Entering Passive Mode(192,168,1,122,120,93).
150 Here comes the directory listing.
drwx------ 2 14 50 4096 Oct 22 20:49 aa
drwx------ 2 14 50 4096 Oct 22 20:58 bb
-rw------- 1 14 50 805 Oct 22 20:54fstab
226 Directory send OK.
ftp>
|
但是删除不了创建的文件,需要修改配置文件添加一行:
1
| anon_other_write_enable=YES
|
测试:
1
2
| ftp> delete fstab
250 Delete operation successful.
|
其他机制:
用户控制:
1
2
| userlist_enable=YES
userlist_deny=YES|NO
|
默认文件为/etc/vsftpd/user_list
链接限制:
max_clients:最大并发连接数;
max_per_ip:每个ip同时并发请求数;
传输速率:
anno_max_rate:匿名用户最大传输速率,单位是“字节/秒”
local_max_rate:本地用户
虚拟用户:
所有的虚拟用户会被统一映射为一个指定的系统账号,访问的共享位置即为此系统账号的家目录;
各虚拟用户可被赋予不同访问权限;
通过匿名用户的权限控制参数进行指定;
虚拟用户账号的存储方式:
文件:编辑文件
奇数行为用户名
偶数行为密码
此文件需要被编码为hash格式:
关系型数据库中的表中:
即时查询数据库完成用户认证;
Mysql库:
pam_mysql.x86.64
关系型数据库:
1
| [iyunv@localhostlocal]# yum install pam_mysql
|
1.准备数据库及相关表
1
| mariaDB [(none)]> CREATE DATABASE vsftpd;
|
use vsftpd;
授权账号:
1
2
3
| mariaDB [vsftpd]> GRANT SELECT ONvsftpd.* TO vsftp@'192.168.%.%' IDENTIFIED BY '123..com';
mariaDB [vsftpd]> FLUSH PRIVILEGES;
|
查看:
1
2
3
4
5
6
7
8
9
| MariaDB [vsftpd]> DESC users;
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key |Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| id | int(10) unsigned | NO | PRI |NULL | auto_increment |
| name | varchar(50) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+------------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
|
创建列表:
1
| mariaDB [vsftpd]> create table users (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50) BINARYNOT NULL, password CHAR(48) BINARY NOT NULL);
|
插入users表:
1
| mariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('hzm',password('123..com')),('tom',password('123..com'));
|
查看:
1
2
3
4
5
6
7
8
| ariaDB [vsftpd]> SELECT * FROM users;
+----+------+-------------------------------------------+
| id | name | password |
+----+------+-------------------------------------------+
| 1| hzm |*84255B63A81BC5CC440E46029310B403F826E831 |
| 2| tom |*84255B63A81BC5CC440E46029310B403F826E831 |
+----+------+-------------------------------------------+
2 rows in set (0.00 sec
|
2.配置vsftpd
1
| [iyunv@localhost /]# vim/etc/pam.d/vsftpd.mysql
|
#vi /etc/pam.d/vsftpd.mysql
添加如下两行:
1
2
| auth required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2
account required pam_mysql.so user=vsftppasswd=123..com host=192.168.1.122 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2
|
添加如下:
添加个用户修改权限:
[iyunv@localhost /]# useradd -s/sbin/nologin -d /var/ftproot vuser
[iyunv@localhost /]# chmod go+rx/var/ftproot/
修改vsftp.conf:
添加如下信息:
1
2
3
4
5
6
7
| pam_service_name=vsftpd.mysql
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vusers
|
保存重启vsftp;
测试:
3.配置虚拟用户有不同权限:
1
1
2
3
4
| [iyunv@localhost vsftpd]# mkdir vusers
[iyunv@localhostvsftpd]# cd vusers/
[iyunv@localhost vusers]# vim tom
|
添加:
1
2
3
| anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
|
复制一份给hzm,选项参数都改成NO
测试:
1
2
3
4
5
6
7
| ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode(192,168,159,128,172,134).
150 Ok to send data.
226 Transfer complete.
805 bytes sent in 9.1e-05 secs (8846.15Kbytes/sec)
ftp>
|
成功~~~
相反,hzm账户则没有任何权限;
1
2
3
4
5
6
7
8
9
10
11
12
| name (192.168.159.128:root): hzm
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc
Local directory now /etc
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode(192,168,159,128,193,112).
550 Permission denied.
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-18 08:41:07
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡