RHEL vsftpd multiple virtual users accessing different directory issues

Recently, the company received a requirement: A department needs to share files with different vendors, which are not shared between vendors (via FTP).

FTP Account requirements: A Department of an internal account, the supplier of an external account, internal accounts can be entered into the vendor account directory.

FTP Permission requirements: Internal account has all permissions, including upload, download, delete, external account only upload, download permissions.

FTP Bandwidth limit: Internal upload download Unlimited, external upload download speed limit 200KB.

Workaround:

1. Create a new user on the FTP server (VSFTPD) and specify the directory (virtual account usage)

[Email protected] ~]# useradd ftpgcb-s/bin/fail-d/HOME/GCB

2. New external Virtual Account directory

[Email protected] home]# mkdir-p/home/gcb/shxc

3. Modify virtual directory ownership and grant permissions 755 (can be set as needed)

[Email protected] home]# chmod-r 755/home/gcb/

　　　[Email protected] home]# chown-r ftpgcb:ftpgcb/home/gcb/

4. Create a new virtual account and generate a database file (odd account number, even password)

Internal account: [[email protected] vsftpd]# VI vsftpd_login_intranet.txt

[Email protected] vsftpd]# db_load-t-t hash-f vsftpd_login_intranet.txt vsftpd_login_intranet.db

External account: [[email protected] vsftpd]# VI vsftpd_login_internet.txt

[Email protected] vsftpd]# db_load-t-t hash-f vsftpd_login_internet.txt vsftpd_login_internet.db

5, the new virtual account configuration file

　　　Internal account: [Email protected] user_conf]# Vi/etc/vsftpd/vsftpd_intranet/user_conf/ruisi

A few main parameters:

Write_enable=yes Anon_upload_enable=yes

Anon_mkdir_write_enable=yes Anon_other_write_enable=yes

Guest_enable=yes GUEST_USERNAME=FTPGCB

Chmod_enable=yes Anon_world_readable_only=no

Connect_from_port_20=yes Hide_ids=yes

pasv_min_port=50000 pasv_max_port=60000

Tcp_wrappers=yes Xferlog_std_format=yes

Xferlog_enable=no Log_ftp_protocol=no

Ls_recurse_enable=no Ascii_download_enable=no

Ascii_upload_enable=no Async_abor_enable=no

Dirlist_enable=yes idle_session_timeout=120

data_connection_timeout=300 accept_timeout=60

Connect_timeout=60 Port_enable=yes

Download_enable=yes anon_max_rate=0

Chroot_local_user=no Deny_file={*.mp3,*.mov,.private}

Internal user ancestor Directory Common configuration (/etc/vsftpd/vsftpd_intranet/vsftpd_intranet.conf):

Listen=yes listen_address=10.x.x.y (internal IP address)

Listen_port=21 Anonymous_enable=no

Local_enable=yes user_config_dir=/etc/vsftpd/vsftpd_intranet/user_conf

Local_max_rate=0 ftpd_banner=ftp Server

Banner_file=/etc/vsftpd/vsftpd_intranet/banner

Pam_service_name=ftp_e Use_localtime=yes

　　　External Account: [Email protected] user_conf]# Vi/etc/vsftpd/vsftpd_internet/user_conf/xinchun

Listen=yes Turn on monitoring

listen_address=10.x.x.x Setting the IP address of the Listener (external IP address)

listen_port=21 setting the port number to listen on

max_clients=200 Setting the maximum number of IP connections

Max_per_ip=4 setting the number of connections that the first IP allows to establish concurrently with the FTP server

Write_enable=yes Allow Write permissions

　　　anon_upload_enable=yes Allow anonymous users to upload

Anon_mkdir_write_enable=no prohibit anonymous users from creating directories

Anon_other_write_enable=no prohibit anonymous users from other permissions

Guest_enable=yes Enabling virtual users

GUEST_USERNAME=FTPGCB Local user account for virtual users

　　　local_root=/home/gcb/shxc Local user login (defined) directory

Chmod_enable=yes allows local users to change uploaded file permissions using the chmod command

local_umask=077 permission Mask when local users upload an archive (default)

file_open_mode=0666 file permissions for local users after uploading files (default)

Anon_world_readable_only=no prohibit anonymous users from downloading

Connect_from_port_20=yes Open 20-Port connection

Hide_ids=yes the owner of all files and the local user of the group for the virtual user

pasv_min_port=50000 set the passive mode data connection to use the port range's minimum port (default = 0 for any port)

pasv_max_port=60000 setting a passive mode data connection can use the maximum port range port (default = 0 for any port)

Tcp_wrappers=yes Enable wrap Mate vsftpd Check settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection allows access to the FTP server (simple firewall)

Xferlog_std_format=yes enable Xferlog standard log format (off by default)

xferlog_enable=no Disable upload/download logging (default is on, record is saved in Xferlog_file defined file)

Log_ftp_protocol=no disables all FTP request and response logging (default is disabled, the log will be saved in/var/log/vsftpd.log when turned on, and Xferlog_std_format cannot be activated.) This option is typically used for debugging)

Ls_recurse_enable=no prohibit login use Ls-r to view files in the directory under the current directory (default forbidden)

Ascii_download_enable=no disable ASCII mode download data (default is NO)

Ascii_upload_enable=no disable ASCII modulo upload data (default is NO)

Async_abor_enable=no Disabling the Sync abor feature (when enabled, the FTP command will appear as "Async Abor" for Advanced Client use only)

Dirlist_enable=yes allow users to view the contents of a directory

IDLE_SESSION_TIMEOUT=200 Idle User session timeout, 200 seconds do not perform any action on the FTP server will disconnect the FTP link

data_connection_timeout=300 setting the timeout for establishing an FTP data connection 5 minutes

Accept_timeout=60 setting the time-out for FTP connections is 60 seconds (default)

Connect_timeout=60 time-out for data connections in active mode is 60 seconds (default)

Port_enable=yes Open Active Mode

　　　Download_enable=yes allow files to be downloaded locally

anon_max_rate=200000 Maximum transfer speed for anonymous users (200K, 80%-120% floating, 0 unrestricted)

local_max_rate=200000 Maximum transfer speed for Local Users (200K, 80%-120% floating)

Chroot_local_user=yes when Chroot_list_enable=no, all users cannot switch to another directory

Banner_file=/etc/vsftpd/vsftpd_internet/banner sets the file containing the content that is displayed when the user logs on to FTP, overwriting the string set by the Ftpd_banner

Deny_file={*.mp3,*.mov,*.exe,.private} to set access denied files

Use_localtime=yes display time using local user's time zone

　　　

External user ancestor directory common configuration file (/etc/vsftpd/vsftpd_internet/vsftpd_internet.conf):

Anonymous_enable=no Prohibit anonymous user login

Local_enable=yes allow local users to log on

user_config_dir=/etc/vsftpd/vsftpd_internet/user_conf sets the directory where the user profile is located (after the user logs in, it reads the same file as the current user name in the specified directory. and further configuration of the current user based on the configuration commands in the file)

Ftpd_banner=ftp Server Setting FTP greeting string (default None)

Pam_service_name=ftp_i set the file name used by PAM (default path/etc/pam.d/)

6. Modify disk quota limits

Modify/etc/fstab, add a comma after the/home row defaults, plus Usrquota save exit

Check the/home file system using Quotacheck: [[email protected] ~]# Quotacheck-avug

Set a quota limit of quota (in K) for the account, set blocks corresponding soft and hard values (30g,250000 files).

[Email protected] ~]# edquota-u FTPGCB

Disk quotas for user FTPGCB (UID 509):

Filesystem blocks soft hard inodes soft hard

/DEV/SDA5 116 31457280 31458280 22 250000 253000

7, restart the service, testing.

Configuration reference for VSFTPD:

Http://wiki.ubuntu.org.cn/Vsftpd

Http://os.51cto.com/art/201008/222036.htm

http://yuanbin.blog.51cto.com/363003/108262/

Http://blog.sina.com.cn/s/blog_946cb2b70100x4zc.html

RHEL vsftpd multiple virtual users accessing different directory issues