vsftpd虚拟用户部署

vsftpd虚拟用户部署

• 案例提供两个用户如下,使用centos7验证可行。

  test
  *AO9ih&7
  ftp
  D@Tx4zp_

• shell脚本运行一键安装vsftp

  #!/bin/bash
  yum -y install vsftpd ftp

  /etc/vsftpd/vsftpd.conf
  cat <<EOL >> /etc/vsftpd/vsftpd.conf
  anonymous_enable=NO
  local_enable=YES
  write_enable=YES
  local_umask=022
  dirmessage_enable=YES
  xferlog_enable=YES
  connect_from_port_20=YES
  xferlog_file=/var/log/xferlog
  xferlog_std_format=YES
  idle_session_timeout=300
  data_connection_timeout=10
  dual_log_enable=YES
  vsftpd_log_file=/var/log/vsftpd.log
  chroot_local_user=YES
  chroot_list_enable=NO
  chroot_list_file=/etc/vsftpd/chroot_list
  listen=YES
  pam_service_name=vsftpd
  userlist_enable=YES
  tcp_wrappers=YES
  anon_umask=022
  guest_enable=YES
  guest_username=virtual
  pam_service_name=vsftpd.vu
  use_localtime=YES
  user_config_dir=/etc/vsftpd/users_dir
  connect_from_port_20=YES
  write_enable=YES
  pasv_enable=YES
  pasv_min_port=10200
  pasv_max_port=10300
  pasv_promiscuous=YES
  pasv_addr_resolve=NO
  chroot_local_user=YES
  accept_timeout=5
  connect_timeout=1
  allow_writeable_chroot=YES
  EOL

  cd /etc/vsftpd/

  /etc/vsftpd/users
  cat <<EOL >>/etc/vsftpd/users
  test
  *AO9ih&7
  ftp
  D@Tx4zp_
  EOL

  db_load -T -t hash -f users users.db
  chmod 600 /etc/vsftpd/users.*
  useradd -d /home/virtual -s /sbin/nologin virtual
  chmod 755 /home/virtual

  /etc/pam.d/vsftpd.vu
  cat <<EOL >>/etc/pam.d/vsftpd.vu
  #%PAM-1.0
  auth required pam_userdb.so db=/etc/vsftpd/users
  account required pam_userdb.so db=/etc/vsftpd/users
  EOL

  mkdir users_dir

  /etc/vsftpd/users_dir/test
  cat <<EOL >>/etc/vsftpd/users_dir/test
  anon_upload_enable=YES
  anon_mkdir_write_enable=YES
  anon_other_write_enable=YES
  local_root=/home/virtual/test
  local_umask=022
  write_enable=YES
  chroot_local_user=YES
  allow_writeable_chroot=YES
  EOL

  /etc/vsftpd/users_dir/ftp
  cat <<EOL >>/etc/vsftpd/users_dir/ftp
  anon_upload_enable=YES
  anon_mkdir_write_enable=YES
  anon_other_write_enable=YES
  local_root=/home/virtual/ftp
  local_umask=022
  write_enable=YES
  chroot_local_user=YES
  allow_writeable_chroot=YES
  EOL

  mkdir -p /home/virtual/ftp /home/virtual/test
  chown -R virtual:virtual /home/virtual/ftp /home/virtual/test
  chmod -R 755 /home/virtual/ftp /home/virtual/test
  systemctl start vsftpd
  systemctl enable vsftpd

• 验证登录

  [root@ccod2 vsftpd]# ftp 10.130.47.243
  Connected to 10.130.47.243 (10.130.47.243).
  220 (vsFTPd 3.0.2)
  Name (10.130.47.243:root): test
  331 Please specify the password.
  Password:
  230 Login successful.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> ls
  227 Entering Passive Mode (10,130,47,243,39,238).
  150 Here comes the directory listing.
  -rw-r--r-- 1 1003 1003 6752455 Jan 20 13:52 fastdfs606_install.tar.gz
  226 Directory send OK.
  ftp> put
  ftpusers user_list users users.db users_dir/ vsftpd.conf vsftpd_conf_migrate.sh
  ftp> put users
  local: users remote: users
  227 Entering Passive Mode (10,130,47,243,39,252).
  150 Ok to send data.
  226 Transfer complete.
  27 bytes sent in 5e-05 secs (540.00 Kbytes/sec)
  ftp> get fastdfs606_install.tar.gz
  local: fastdfs606_install.tar.gz remote: fastdfs606_install.tar.gz
  227 Entering Passive Mode (10,130,47,243,40,46).
  150 Opening BINARY mode data connection for fastdfs606_install.tar.gz (6752455 bytes).
  226 Transfer complete.
  6752455 bytes received in 0.0255 secs (265103.65 Kbytes/sec)
  ftp>