VSFTPD Implementing a Virtual User Management site directory based on database files

Last Update:2018-01-14 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

VSFTPD to implement a virtual user management site directory based on a database file:

FTP authorizes a single system user management (this user wants to disable the login server), virtual out of multiple virtual users to manage different site directories

an environment :
(1) Close selinux,centos6.8 x_86_64 Open the firewall, release the FTP port

(2). Store the virtual user's password file
[Email protected] vsftpd]# Cat/etc/vsftpd/vsftpd_login
DRXIAOWU # #账户
ZKJXU55RT9 # #密码
Yanyong
zk&ao=+w09
Xiaowu
Zk&xi+wu96

(3) Generate account's file database
Db_load-t-T Hash-f vsftpd_login/etc/vsftpd/vsftpd_login.db
(4) Modify File database access rights
chmod 600/etc/vsftpd/vsftpd_login.db
(5) Manually build the PAM profile required by the virtual user
[Email protected] extra]# cat/etc/pam.d/vsftpd.virtual
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

(6) Add a virtual user's portal account
useradd-d/var/www/html-s/sbin/nologin Apache

Two. Production Environment Configuration Demo:

2.1 The complete production configuration file is as follows:
[Email protected] test001]# cat/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_std_format=yes
Xferlog_file=/var/log/xferlog

Listen=yes
listen_port=1029 # # #默认ftp端口是21, now modify the FTP port to 1029
# # #listen_data_port =1011
Pam_service_name= Vsftpd.virtual
Userlist_enable=yes
Tcp_wrappers=yes
Check_shell=yes
Chroot_local_user=yes
Guest _enable=yes
Guest_username=apache
Virtual_use_local_privs=yes
User_config_dir=/etc/vsftpd/extra

More than 2.2 different virtual users share the configuration file that manages the same site directory:
[Email protected] extra]# Cat/etc/vsftpd/extra/drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000
[Email protected] extra]# Cat/etc/vsftpd/extra/yanyong
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Max_clients=3
max_per_ip=2
local_max_rate=50000

More than 2.2 different virtual users manage configuration files for different site directories:

[email protected] extra]# Cat Xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Local_root=/var/www/html/itop
Max_clients=1
max_per_ip=2
local_max_rate=50000

[email protected] extra]# cat Drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000

Test:
Login Xiaowu FTP Account test:
[Email protected] itop]# lftp-p 1029 [email protected]
lftp [email protected]:/> mkdir test0000000001
mkdir OK, ' test0000000001 ' created
lftp [email protected]:/> cd test0000000001/
lftp [Email protected]:/test0000000001> put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.7K/S)
lftp [email protected]:/test0000000001> ls
-rw-r--r--1 265146 Jan 05:47 10.13.23.24.sql
lftp [Email protected]:/test0000000001> pwdbr/>ftp://[email protected]: 1029/test0000000001
[Email protected]~]# Cd/var/www/html/itop
[[email protected]itop]# ll test0000000001/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 13:47 10.13.23.24.sql

[[email protected]itop]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> mkdir txt0000001
mkdir OK, ' txt0000001 ' created
Lftp[email protected]:/> CD txt0000001/
Lftp[email protected]:/txt0000001> Put/root/megasas.log
187351 bytes Transferred
Lftp[email protected]:/txt0000001> ls
-rw-r--r--1 187351 Jan 05:53 MegaSAS.log
Lftp[email protected]:/txt0000001>
[[email protected]itop]# cd/var/www/html/cacti/
[[email protected]cacti]# ls txt0000001/
MegaSAS.log
[[email protected]cacti]# ll txt0000001/
Total 184
-rw-r--r--. 1 Apache Apache 187351 Jan 13:53 MegaSAS.log

More than 2.3 different virtual users manage profiles for different site directories:
The current site directory is not under the/var/www/html, but in the following directory, for example:/data/www/testweb/var/www/html/opt/www Multiple directories like this: The
Mate file is as follows:
[[email Protected] /]# Cat/etc/vsftpd/extra/xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_ Upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_root=/data/www/ TestWeb
Max_clients=1
max_per_ip=2
local_max_rate=50000

Test:
[email protected] itop]# lftp-p 1029 [email protected]
Password:
LFTP [email protected]:~> ls
LFTP [email protected]:/> ls
LFTP [email protected]:/> pwd
ftp://[email protected]: 1029/

Lftp[email protected]:/> Put/root/10.13.23.24.sql
Put:access failed:553 Could not create file. (10.13.23.24.sql)
Upload file failed because: virtual with the user is Apache, and the specified FTP upload site Directory/data/www/testweb is root permission, so there is no permission to upload.
Authorized TestWeb for Apache permissions
cd/data/www/
Chown-r Apache.apache TestWeb
Re-upload:
[[email protected]www]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> pwdbr/>ftp://[email protected]: 1029/
[Email protected]:/> Put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.8K/S)
Lftp[email protected]:/> ls
-rw-r--r--1 265146 Jan 06:09 10.13.23.24.sql
[[email protected]www]# ll/data/www/testweb/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 14:09 10.13.23.24.sql
Upload succeeded.

Hint: At this time other FTP user Drxiaowu Yanyong still can upload file to/var/www/html/cacti/var/www/html/itop directory.

VSFTPD Implementing a Virtual User Management site directory based on database files

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

VSFTPD Implementing a Virtual User Management site directory based on database files

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

VSFTPD Implementing a Virtual User Management site directory based on database files

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support