VSFTPD to implement a virtual user management site directory based on a database file:
FTP authorizes a single system user management (this user wants to disable the login server), virtual out of multiple virtual users to manage different site directories
an environment :
(1) Close selinux,centos6.8 x_86_64 Open the firewall, release the FTP port
(2). Store the virtual user's password file
[Email protected] vsftpd]# Cat/etc/vsftpd/vsftpd_login
DRXIAOWU # #账户
ZKJXU55RT9 # #密码
Yanyong
zk&ao=+w09
Xiaowu
Zk&xi+wu96
(3) Generate account's file database
Db_load-t-T Hash-f vsftpd_login/etc/vsftpd/vsftpd_login.db
(4) Modify File database access rights
chmod 600/etc/vsftpd/vsftpd_login.db
(5) Manually build the PAM profile required by the virtual user
[Email protected] extra]# cat/etc/pam.d/vsftpd.virtual
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
(6) Add a virtual user's portal account
useradd-d/var/www/html-s/sbin/nologin Apache
Two. Production Environment Configuration Demo:
2.1 The complete production configuration file is as follows:
[Email protected] test001]# cat/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_std_format=yes
Xferlog_file=/var/log/xferlog
Listen=yes
listen_port=1029 # # #默认ftp端口是21, now modify the FTP port to 1029
# # #listen_data_port =1011
Pam_service_name= Vsftpd.virtual
Userlist_enable=yes
Tcp_wrappers=yes
Check_shell=yes
Chroot_local_user=yes
Guest _enable=yes
Guest_username=apache
Virtual_use_local_privs=yes
User_config_dir=/etc/vsftpd/extra
More than 2.2 different virtual users share the configuration file that manages the same site directory:
[Email protected] extra]# Cat/etc/vsftpd/extra/drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000
[Email protected] extra]# Cat/etc/vsftpd/extra/yanyong
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Max_clients=3
max_per_ip=2
local_max_rate=50000
More than 2.2 different virtual users manage configuration files for different site directories:
[email protected] extra]# Cat Xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Local_root=/var/www/html/itop
Max_clients=1
max_per_ip=2
local_max_rate=50000
[email protected] extra]# cat Drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000
Test:
Login Xiaowu FTP Account test:
[Email protected] itop]# lftp-p 1029 [email protected]
lftp [email protected]:/> mkdir test0000000001
mkdir OK, ' test0000000001 ' created
lftp [email protected]:/> cd test0000000001/
lftp [Email protected]:/test0000000001> put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.7K/S)
lftp [email protected]:/test0000000001> ls
-rw-r--r--1 265146 Jan 05:47 10.13.23.24.sql
lftp [Email protected]:/test0000000001> pwdbr/>ftp://[email protected]: 1029/test0000000001
[Email protected]~]# Cd/var/www/html/itop
[[email protected]itop]# ll test0000000001/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 13:47 10.13.23.24.sql
Login Drxiaowu FTP Account test:
[[email protected]itop]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> mkdir txt0000001
mkdir OK, ' txt0000001 ' created
Lftp[email protected]:/> CD txt0000001/
Lftp[email protected]:/txt0000001> Put/root/megasas.log
187351 bytes Transferred
Lftp[email protected]:/txt0000001> ls
-rw-r--r--1 187351 Jan 05:53 MegaSAS.log
Lftp[email protected]:/txt0000001>
[[email protected]itop]# cd/var/www/html/cacti/
[[email protected]cacti]# ls txt0000001/
MegaSAS.log
[[email protected]cacti]# ll txt0000001/
Total 184
-rw-r--r--. 1 Apache Apache 187351 Jan 13:53 MegaSAS.log
More than 2.3 different virtual users manage profiles for different site directories:
The current site directory is not under the/var/www/html, but in the following directory, for example:/data/www/testweb/var/www/html/opt/www Multiple directories like this: The
Mate file is as follows:
[[email Protected] /]# Cat/etc/vsftpd/extra/xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_ Upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_root=/data/www/ TestWeb
Max_clients=1
max_per_ip=2
local_max_rate=50000
Test:
[email protected] itop]# lftp-p 1029 [email protected]
Password:
LFTP [email protected]:~> ls
LFTP [email protected]:/> ls
LFTP [email protected]:/> pwd
ftp://[email protected]: 1029/
Lftp[email protected]:/> Put/root/10.13.23.24.sql
Put:access failed:553 Could not create file. (10.13.23.24.sql)
Upload file failed because: virtual with the user is Apache, and the specified FTP upload site Directory/data/www/testweb is root permission, so there is no permission to upload.
Authorized TestWeb for Apache permissions
cd/data/www/
Chown-r Apache.apache TestWeb
Re-upload:
[[email protected]www]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> pwdbr/>ftp://[email protected]: 1029/
[Email protected]:/> Put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.8K/S)
Lftp[email protected]:/> ls
-rw-r--r--1 265146 Jan 06:09 10.13.23.24.sql
[[email protected]www]# ll/data/www/testweb/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 14:09 10.13.23.24.sql
Upload succeeded.
Hint: At this time other FTP user Drxiaowu Yanyong still can upload file to/var/www/html/cacti/var/www/html/itop directory.
VSFTPD Implementing a Virtual User Management site directory based on database files