vsftpd -- 虚拟用户一
博客已经搬家,请访问如下地址:http://www.czhphp.com
vsftpd 虚拟用户:
准备:
保证已经安装了vsftpd和db4-utils
rqm -qa | grep vsftpd
rpm -qa | grep db4-utils
本地数据文件方式:
Step 1) Create the virtual users database.
cd /etc/vsftpd/
touch logins.txt
echo 'tom' >> logins.txt
echo '123' >> logins.txt
echo 'lucy' >> logins.txt
echo '123' >> logins.txt
db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
chmod 600 /etc/vsftpd/login.db
Step 2) Create a PAM file which uses your new database.
cp /usr/share/doc/vsftpd-2.0.5/EXAMPLE/VIRTUAL_USERS/vsftpd.pam /etc/pam.d/vsftpd
Step 3) Set up the location of the files for the virtual users.
useradd -d /home/ftpsite virtual
ls -ld /home/ftpsite
(which should give):
drwx------ 3 virtual virtual 4096 Jul 30 00:39 /home/ftpsite
cp /etc/hosts /home/ftpsite
chown virtual.virtual /home/ftpsite/hosts
Step 4) Create your vsftpd.conf config file.
See the example in this directory. Let's go through it line by line:
anonymous_enable=NO
local_enable=YES
This disables anonymous FTP for security, and enables non-anonymous FTP (which
is what virtual users use).
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
These ensure that for security purposes, no write commands are allowed.
chroot_local_user=YES
This makes sure that the virtual user is restricted to the virtual FTP area
/home/ftpsite we set up above.
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above. This will also determine where on the
filesystem the virtual users end up - the home directory of the user
"virtual", /home/ftpsite.
listen=YES
listen_port=10021
This puts vsftpd in "standalone" mode - i.e. not running from an inetd. This
means you just run the vsftpd executable and it will start up. This also
makes vsftpd listen for FTP requests on the non-standard port of 10021 (FTP
is usually 21).
pasv_min_port=30000
pasv_max_port=30999
These put a port range on passive FTP incoming requests - very useful if
you are configuring a firewall.
Copy the example vsftpd.conf file to /etc/vsftpd:
cp vsftpd.conf /etc/vsftpd/
Step 5) Start up vsftpd.
Step 6) Test.
Launch another shell session (or background vsftpd with CTRL-Z and then "bg").
Here is an example of an FTP session:
ftp localhost 10021
Connected to localhost (127.0.0.1).
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (localhost:chris): tom
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (127,0,0,1,117,135)
150 Here comes the directory listing.
226 Transfer done (but failed to open directory).
ftp> size hosts
213 147
ftp>
说明:
影响虚拟用户的upload,downlaod,rename,delete的设置项:
write_enable=YES #开放写权限
anon_world_readable_only=NO #开放下载权限
anon_upload_enable=YES #开放上传权限
anon_mkdir_write_enable=YES #开放markwang创建目录的权限
anon_other_write_enable=YES #开放markwang删除和重命名的权限
当virtual_use_local_privs=YES时,虚拟用户和本地用户有相同的权限;
当virtual_use_local_privs=NO时,虚拟用户和匿名用户有相同的权限,默认是NO。
当virtual_use_local_privs=YES,write_enable=YES时,虚拟用户具有写权限(上传、下载、删除、重命名)。
当virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=YES,
anon_upload_enable=YES时,虚拟用户不能浏览目录,只能上传文件,无其他权限。
当virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO,
anon_upload_enable=NO时,虚拟用户只能下载文件,无其他权限。
当virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO,
anon_upload_enable=YES时,虚拟用户只能上传和下载文件,无其他权限。
当virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO,
anon_mkdir_write_enable=YES时,虚拟用户只能下载文件和创建文件夹,无其他权限。
当virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO,
anon_other_write_enable=YES时,虚拟用户只能下载、删除和重命名文件,无其他权限。
匿名用户常用配置:
本地用户常用配置:
530 Login incorrect:
刚配置完虚拟用户,改成local之后就怎么也登录不了,搞了好半天才搞好:
重新下了个源码包,把RedHat 下得vsftpd.pam copy到/etc/pam.d./ftp vsftpd,然后才搞定,郁闷啊。
转帖:http://viong.blog.51cto.com/844766/261410
