# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
1.拥有读写权限
#mkdir /ftp
#useradd -s /sbin/nologin -d /ftp -M admin
# passwd admin
Changing password for user admin.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
#chown admin:admin /ftp
#chmod 755 /ftp
2.只拥有读权限
#mkdir -p /ftp/test
#useradd -s /sbin/nologin -d /ftp/test -M test
# passwd test
Changing password for user test.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
#chown test:admin /ftp/test
#chmod 575 /ftp/test
3.限制用户只访问所指定的目录,不能访问其他路径
启用chroot_list_enable=YES,chroot_local_user=NO,chroot_list_file=/etc/vsftpd/chroot_list。
在/etc/vsftpd.chroot_list文件中列出的用户,不能切换到其他目录;未在文件中列出的用户,可以切换到其他目录。
创建并编辑/etc/vsftpd/chroot_list文件,将受限制的用户添加进去,每个用户名一行
vim /etc/vsftpd/chroot_list
添加后如下:
test /ftp/test
即test用户不能切换到其他目录,未添加到chroot_list文件中的admin用户可以切换。
[iyunv@client ~]# echo "123" > 123
[iyunv@client ~]#
使用admin账户传到test ftp目录下
[iyunv@client ~]# curl ftp://10.10.60.197/test/ -u admin:admin -T 123
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4 0 0 100 4 0 10 --:--:-- --:--:-- --:--:-- 11
使用admin账户传到其ftp目录下
[iyunv@client ~]# curl ftp://10.10.60.197 -u admin:admin -T 123
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4 0 0 100 4 0 11 --:--:-- --:--:-- --:--:-- 12
服务器端查看
[iyunv@server ~]# cd /ftp/
[iyunv@server ftp]# pwd
/ftp
[iyunv@server ftp]# ll
total 12
-rw-r--r-- 1 admin admin 4 Nov 12 03:33 123
dr-xrwxr-x 2 test admin 4096 Nov 12 03:29 test
[iyunv@server ftp]#
[iyunv@server ftp]# cat 123
123
[iyunv@server ftp]#
[iyunv@server ftp]# cat test/123
123