vsftpd

vsftpd:

    程序环境:

        配置文件:/etc/vsftpd/vsftpd.conf

        主程序:/usr/sbin/vsftpd

        Unit File:/usr/lib/systemd/system/vsftpd.service

        文件路径映射:/var/ftp 

            ftp://ftp.magedu.com/pub/a.txt  –> /var/ftp/pub/a.txt

            用户的家目录的映射:访问ftp必须以某个系统用户的身份,此用户的家目录即文档目录;

            匿名用户:anonymous,要映射为一个系统用户,默认ftp;

        

    用户种类:

        匿名用户、系统用户、虚拟用户

    配置vsftpd:

        配置文件:vsftpd.conf

            directive value

            注意:directive之前不能有任何字符;

        匿名用户:

        anonymous_enable=YES

        anon_upload_enable=YES

        anon_mkdir_write_enable=YES

        anon_other_write_enable=YES

        系统用户:

            local_enable=YES

            write_enable=YES

            辅助认证配置文件/etc/vsftpd/ftpusers:

                pam认证的配置文件:/etc/pam.d/vsftpd

                chroot_local_users=YES

    禁锢所有的本地用户于自己的家目录中;但需要事先移除用户对家目录的写权限;

                chroot_list_enable=YES

                chroot_list_file=/etc/vsftpd/chroot_list 

    禁锢指定的文件中的用户于自己的家目录中;但需要事先移除用户对家目录的写权限;

        数据传输日志:

            xferlog_std_format=YES

            xferlog_enable=YES

            xferlog_file=/var/log/xferlog

        控制可登录vsftpd服务的用户列表:

            userlist_enable=YES

                是否启用/etc/vsftpd/user_list文件来可登录的用户;

            userlist_deny={YES|NO}

                YES:黑名单

                NO:白名单

    虚拟用户:

        用户账号存储于何处?

            文件,MySQL,Redis, …

        vsftpd的认证功能托管给pam:

            Pluggable Authencate Module,认证框架,认证库;

            通过模块完成认证功能:/usr/lib64/security/

            pam_mysql模块:

# ./configure –with-pam=/usr –with-mysql=/usr –with-pam-mods-dir=/usr/lib64/security

            # make

            # make install 

            准备数据库:

            mysql> CREATE DATABASE vsftpd;

            mysql> CREATE TABLE vsftpd.users (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, name CHAR(30) NOT NULL UNIQUE KEY,password CHAR(48));

            mysql> INSERT INTO vsftpd.users (name,password) VALUES ('tom',PASSWORD('mageedu')),('jerry',PASSWORD('mageedu'));

            mysql> GRANT ALL ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'mageedu';

            mysql> GRANT ALL ON vsftpd.* TO 'vsftpd'@'127.0.0.1' IDENTIFIED BY 'mageedu';

            mysql> FLUSH PRIVILEGES;

            vsftpd通过pam_mysql进行认证的配置文件:/etc/pam.d/vsftpd.mysql

            auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

            account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

            user:连接mysql服务器的用户名,此用户要有权限访问认证vsftpd服务的数据库;

                passwd:上面的用户的密码; 

                host:mysql服务器主机地址;

                db:认证vsftpd服务的数据库名称;

                table:存放了用户和密码的表;

                usercolumn:用户名对应的字段;

                passwdcolumn:密码对应的字段;

                crypt:密码加密方法;

            准备匿名用户映射的系统用户账号:

                # mkdir /ftproot 

                # useradd  -d /ftproot  vuser

                # mkdir /ftproot/{pub,upload}

                # setfacl -m u:vuser:rwx  /ftproot/upload

            配置vsftpd:vsftpd.conf

                pam_service_name=vsftpd.mysql

                guest_enable=YES

                guest_username=vuser

            配置每匿名用户有单独的权限设定

                vsftpd.conf,添加:

                    user_config_dir=/etc/vsftpd/users_conf

                创建目录:

                    # mkdir /etc/vsftpd/vusers_conf

                为每用户提供配置文件:

                    /etc/vsftpd/vusers_conf/{tom,jerry}

                配置权限的指令:

                    anon_upload_enable

                    anon_mkdir_write_enable

                    anon_other_write_enable

原创文章,作者:songzizhe,如若转载,请注明出处:http://www.178linux.com/55874