vsftpd虚拟用户部署

案例提供两个用户如下,使用centos7验证可行。

test
*AO9ih&7
ftp
D@Tx4zp_
shell脚本运行一键安装vsftp

#!/bin/bash
yum -y install vsftpd ftp

/etc/vsftpd/vsftpd.conf
cat <<EOL >> /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
idle_session_timeout=300
data_connection_timeout=10
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
chroot_local_user=YES
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
anon_umask=022
guest_enable=YES
guest_username=virtual
pam_service_name=vsftpd.vu
use_localtime=YES
user_config_dir=/etc/vsftpd/users_dir
connect_from_port_20=YES
write_enable=YES
pasv_enable=YES
pasv_min_port=10200
pasv_max_port=10300
pasv_promiscuous=YES
pasv_addr_resolve=NO
chroot_local_user=YES
accept_timeout=5
connect_timeout=1
allow_writeable_chroot=YES
EOL

cd /etc/vsftpd/

/etc/vsftpd/users
cat <<EOL >>/etc/vsftpd/users
test
*AO9ih&7
ftp
D@Tx4zp_
EOL

db_load -T -t hash -f users users.db
chmod 600 /etc/vsftpd/users.*
useradd -d /home/virtual -s /sbin/nologin virtual
chmod 755 /home/virtual

/etc/pam.d/vsftpd.vu
cat <<EOL >>/etc/pam.d/vsftpd.vu
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/users
account required pam_userdb.so db=/etc/vsftpd/users
EOL

mkdir users_dir

/etc/vsftpd/users_dir/test
cat <<EOL >>/etc/vsftpd/users_dir/test
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/home/virtual/test
local_umask=022
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
EOL

/etc/vsftpd/users_dir/ftp
cat <<EOL >>/etc/vsftpd/users_dir/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/home/virtual/ftp
local_umask=022
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
EOL

mkdir -p /home/virtual/ftp /home/virtual/test
chown -R virtual:virtual /home/virtual/ftp /home/virtual/test
chmod -R 755 /home/virtual/ftp /home/virtual/test
systemctl start vsftpd
systemctl enable vsftpd
验证登录

[root@ccod2 vsftpd]# ftp 10.130.47.243
Connected to 10.130.47.243 (10.130.47.243).
220 (vsFTPd 3.0.2)
Name (10.130.47.243:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,130,47,243,39,238).
150 Here comes the directory listing.
-rw-r--r-- 1 1003 1003 6752455 Jan 20 13:52 fastdfs606_install.tar.gz
226 Directory send OK.
ftp> put
ftpusers user_list users users.db users_dir/ vsftpd.conf vsftpd_conf_migrate.sh
ftp> put users
local: users remote: users
227 Entering Passive Mode (10,130,47,243,39,252).
150 Ok to send data.
226 Transfer complete.
27 bytes sent in 5e-05 secs (540.00 Kbytes/sec)
ftp> get fastdfs606_install.tar.gz
local: fastdfs606_install.tar.gz remote: fastdfs606_install.tar.gz
227 Entering Passive Mode (10,130,47,243,40,46).
150 Opening BINARY mode data connection for fastdfs606_install.tar.gz (6752455 bytes).
226 Transfer complete.
6752455 bytes received in 0.0255 secs (265103.65 Kbytes/sec)
ftp>