Create multiple ftp VM instances that support different Access Permissions

Source: Internet
Author: User

Create multiple ftp VM instances that support different Access Permissions

Lab environment:
The company recently launched a game. When the game client logs on to the server with a patch update, it uses ftp to update the data. therefore, you need to create an ordinary virtual user account for the client to log on to the ftp server to update the patch. This account only supports the download permission. because we also need to maintain the server background to upload data, we need to create a dedicated virtual user account, which has all permissions. upload data to the Home Directory of a common virtual user for download!

Public: Download
One dedicated user personal: All Permissions

Solution:
1. Create a user database:
# Vim/etc/vsftpd/vsftpd_login.txt
Public Account
Public Password
Personal Account
Personal Password

2. Generate a database:
Db_load: Install db4, db4-devel, db4-utils
# Yum-y install db4 *
# Db_load-T-t hash-f/etc/vsftpd/vsftpd_login.txt/etc/vsftpd/vsftpd_login.db

3. Modify the data file access permission:
Chmod 600/etc/vsftpd/vsftp_login.db

4. Modify the pam Configuration:
# Cat/etc/pam. d/vsftpd
Comment out all the original ones and add the following:
Auth required/lib/security/pam_userdb.so db =/etc/vsftpd/vsftpd_login
Account required/lib/security/pam_userdb.so db =/etc/vsftpd/vsftpd_login
Note: db =/etc/vsftpd/vsftpd_login must be removed from. db

5. Create a system user corresponding to the virtual account:

The common account public corresponds to the system account ftp_public and specifies its home directory as/var/ftp/public.
The public account of a common account can only be downloaded. Modify the public directory and set the permission of other users to rx readable and executable.

The dedicated account personal corresponds to the system account ftp_personal. The main directory is/var/ftp/personal.
The dedicated account personal allows upload and download. Therefore, the permission for the personal directory is set to rwx, Which is readable and writable and executable. If the permission is not set, the user cannot log on and cannot change the directory.
# Useradd-d/var/ftp/personal/-s/sbin/nologin ftp_personal
# Useradd-d/var/ftp/public/-s/sbin/nologin ftp_public
# Chmod-R 500/var/ftp/public/
# Chmod-R 700/var/ftp/personal/

6. create unnecessary ftp permissions for different virtual users:
# Vim/etc/vsftpd/vsftpd.com
Anonymous_enable = NO (modify configuration) Disable Anonymous User Logon
Write_enable = YES (enabled by default) allows you to use any FTP command that can modify the File System
Local_enable = YES (enabled by default) Enable Local User Logon Settings
Chroot_local_user = YES (user-created configuration) restrict all local users to the Home Directory
Pam_service_name = vsftpd (enabled by default) the PAM module used for vsftpd configuration is vsftpd
User_config_dir =/etc/vsftpd/vsftpd_login (user-created configuration) set the main directory of the virtual account to/vsftpd_login
Max_clients = 300 (user-created configuration) sets the maximum number of FTP server access clients to 300
Max_per_ip = 10 (user-created configuration) sets the maximum number of connections per IP address to 10
Listen = YES
Port_enable = NO (user-created configuration) Cancel PORT mode for data transmission
Connect_from_port_20 = NO (modify the configuration) PORT mode. for data transmission, PORT 20 is used.
Pasv_enable = YES (user-created configuration) allows PASV mode for data transmission
Pasv_min_port = 65341 (user-created configuration) lower port range for data transmission in PASV Mode
Pasv_max_port = 65351 (user-created configuration) Upper port range for data transmission in PASV Mode

7. Create a virtual account configuration file:
In the path specified by user_config_dir, create a configuration file with the same name as the virtual account and add the corresponding configuration fields

[Root @ red-hat-5 vsftpd] # mkdir/etc/vsftpd/vsftpd_login
[Root @ red-hat-5 vsftpd] # touch/etc/vsftpd/vsftpd_login/public
[Root @ red-hat-5 vsftpd] # touch/etc/vsftpd // vsftpd_login/personal

First, create a configuration file for the public account.
[Root @ red-hat-5 vsftpd_login] # echo guest_enable = yes> public
[Root @ red-hat-5 vsftpd_login] # echo guest_username = ftp_public> public
[Root @ red-hat-5 vsftpd_login] # echo anon_world_readable_only = no> public
[Root @ red-hat-5 vsftpd_login] # echo anon_max_rate = 50000> public
[Root @ red-hat-5 vsftpd_login] # cat public
Guest_enable = yes enable virtual Account Login
Guest_username = ftp_public: set the system account of the virtual user public to ftp_public.
Anon_world_readable_only = no does not allow anonymous users to access the file system of the entire server.
Anon_max_rate = 50000 the transmission rate is 50KB/s.

Note:
Vsftpd does not absolutely lock the file transfer speed in a value, but in the range of 80% ~ Change between 120% ~ For example, if 100KB/s is set, the actual speed is 80 kb/s ~ Change between kb/s ~

Create the configuration file personal for the dedicated account.
[Root @ red-hat-5 v: wqsftpd_login] # echo guest_enable = yes> personal
[Root @ red-hat-5 vsftpd_login] # echo guest_username = ftp_personal> personal
[Root @ red-hat-5 vsftpd_login] # echo anon_world_readable_only = no> personal
[Root @ red-hat-5 vsftpd_login] # echo anon_mkdir_write_enable = yes> personal
[Root @ red-hat-5 vsftpd_login] # echo anon_upload_enable = yes> personal
[Root @ red-hat-5 vsftpd_login] # echo anon_max_rate = 50000> personal
[Root @ red-hat-5 vsftpd_login] # cat personal
Guest_enable = yes enable virtual Account Login
Guest_username = ftp _ personal: set the system account of the virtual user to ftp_personal.
Anon_other_write_enable = YES allow anonymous accounts to delete. Rename
Anon_mkdir_write_enable = yes allow Folder creation
Anon_upload_enable = yes enable the upload function for anonymous accounts
Anon_world_readable_only = no anonymous users are not allowed to browse the file system of the entire server.
Anon_max_rate = 100000 the transmission speed is 100KB/s

# Service vsftpd restart

Publish uploaded data to the Home Directory of a common virtual user for download!
[Root @ red-hat-5 ~] # Cp/var/ftp/personal/*/var/ftp/public/

Publish uploaded data to the Home Directory of a common virtual user for download.
[Root @ red-hat-5 ~] # Chown-R ftp_public.ftp_public/var/ftp/public/

Change the owner and group of the public directory to ftp_public so that the public user can download

 

Four Advanced configurations of vsftpd Server:

VsFTPd configuration Tutorial:

Install and configure the FTP server in CentOS 7

Simple and practical Ubuntu FTP setup

Set up FTP server and Apache server on Ubuntu

Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform

Install vsftpd source code in Linux

Install and configure the FTP server vsftpd in openSUSE 13.2/13.1

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.