VSFTPD Implementing a Virtual User Management site directory based on database files

Source: Internet
Author: User

VSFTPD to implement a virtual user management site directory based on a database file:

FTP authorizes a single system user management (this user wants to disable the login server), virtual out of multiple virtual users to manage different site directories

an environment :
(1) Close selinux,centos6.8 x_86_64 Open the firewall, release the FTP port

(2). Store the virtual user's password file
[Email protected] vsftpd]# Cat/etc/vsftpd/vsftpd_login
DRXIAOWU # #账户
ZKJXU55RT9 # #密码
Yanyong
zk&ao=+w09
Xiaowu
Zk&xi+wu96

(3) Generate account's file database
Db_load-t-T Hash-f vsftpd_login/etc/vsftpd/vsftpd_login.db
(4) Modify File database access rights
chmod 600/etc/vsftpd/vsftpd_login.db
(5) Manually build the PAM profile required by the virtual user
[Email protected] extra]# cat/etc/pam.d/vsftpd.virtual
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

(6) Add a virtual user's portal account
useradd-d/var/www/html-s/sbin/nologin Apache

Two. Production Environment Configuration Demo:

2.1 The complete production configuration file is as follows:
[Email protected] test001]# cat/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_std_format=yes
Xferlog_file=/var/log/xferlog

Listen=yes
listen_port=1029 # # #默认ftp端口是21, now modify the FTP port to 1029
# # #listen_data_port =1011
Pam_service_name= Vsftpd.virtual
Userlist_enable=yes
Tcp_wrappers=yes
Check_shell=yes
Chroot_local_user=yes
Guest _enable=yes
Guest_username=apache
Virtual_use_local_privs=yes
User_config_dir=/etc/vsftpd/extra

More than 2.2 different virtual users share the configuration file that manages the same site directory:
[Email protected] extra]# Cat/etc/vsftpd/extra/drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000
[Email protected] extra]# Cat/etc/vsftpd/extra/yanyong
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Max_clients=3
max_per_ip=2
local_max_rate=50000

More than 2.2 different virtual users manage configuration files for different site directories:

[email protected] extra]# Cat Xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Local_root=/var/www/html/itop
Max_clients=1
max_per_ip=2
local_max_rate=50000

[email protected] extra]# cat Drxiaowu
Local_root=/var/www/html/cacti
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
idle_session_timeout=600
data_connection_timeout=120
Max_clients=3
Max_per_ip=3
local_max_rate=50000

Test:
Login Xiaowu FTP Account test:
[Email protected] itop]# lftp-p 1029 [email protected]
lftp [email protected]:/> mkdir test0000000001
mkdir OK, ' test0000000001 ' created
lftp [email protected]:/> cd test0000000001/
lftp [Email protected]:/test0000000001> put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.7K/S)
lftp [email protected]:/test0000000001> ls
-rw-r--r--1 265146 Jan 05:47 10.13.23.24.sql
lftp [Email protected]:/test0000000001> pwdbr/>ftp://[email protected]: 1029/test0000000001
[Email protected]~]# Cd/var/www/html/itop
[[email protected]itop]# ll test0000000001/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 13:47 10.13.23.24.sql

Login Drxiaowu FTP Account test:

[[email protected]itop]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> mkdir txt0000001
mkdir OK, ' txt0000001 ' created
Lftp[email protected]:/> CD txt0000001/
Lftp[email protected]:/txt0000001> Put/root/megasas.log
187351 bytes Transferred
Lftp[email protected]:/txt0000001> ls
-rw-r--r--1 187351 Jan 05:53 MegaSAS.log
Lftp[email protected]:/txt0000001>
[[email protected]itop]# cd/var/www/html/cacti/
[[email protected]cacti]# ls txt0000001/
MegaSAS.log
[[email protected]cacti]# ll txt0000001/
Total 184
-rw-r--r--. 1 Apache Apache 187351 Jan 13:53 MegaSAS.log

More than 2.3 different virtual users manage profiles for different site directories:
The current site directory is not under the/var/www/html, but in the following directory, for example:/data/www/testweb/var/www/html/opt/www Multiple directories like this: The
Mate file is as follows:
[[email  Protected] /]# Cat/etc/vsftpd/extra/xiaowu
Write_enable=yes
Anon_world_readable_only=no
Anon_ Upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_root=/data/www/ TestWeb
Max_clients=1
max_per_ip=2
local_max_rate=50000

Test:
[email protected] itop]# lftp-p 1029 [email protected]
Password:
LFTP [email protected]:~> ls
LFTP [email protected]:/> ls
LFTP [email protected]:/> pwd
ftp://[email protected]: 1029/

Lftp[email protected]:/> Put/root/10.13.23.24.sql
Put:access failed:553 Could not create file. (10.13.23.24.sql)
Upload file failed because: virtual with the user is Apache, and the specified FTP upload site Directory/data/www/testweb is root permission, so there is no permission to upload.
Authorized TestWeb for Apache permissions
cd/data/www/
Chown-r Apache.apache TestWeb
Re-upload:
[[email protected]www]# lftp-p 1029[email protected]
Password:
Lftp[email protected]:~> ls
Lftp[email protected]:/> pwdbr/>ftp://[email protected]: 1029/
[Email protected]:/> Put/root/10.13.23.24.sql
265146 bytes transferred in 5 seconds (48.8K/S)
Lftp[email protected]:/> ls
-rw-r--r--1 265146 Jan 06:09 10.13.23.24.sql
[[email protected]www]# ll/data/www/testweb/
Total 260
-rw-r--r--. 1 Apache Apache 265146 Jan 14:09 10.13.23.24.sql
Upload succeeded.

Hint: At this time other FTP user Drxiaowu Yanyong still can upload file to/var/www/html/cacti/var/www/html/itop directory.

VSFTPD Implementing a Virtual User Management site directory based on database files

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.