、
1、Port ( ):
C S , Port , C S( C N ), S Port N , 。
2、Pasv ( ):
C S , S C, ( S M, ), C , S M , , 。
、 vsftpd
1、yum vsftp
#yum ‐y install vsftpd
2、
#systemctl start vsftpd.service
3、
/etc/vsftpd
、 vsftpd
1、 ftp , , ( , , )
2、vsftp , anonymous_enable=YES , , , /var/ftp/pub ( ), anon_root= /data/pub, 。 。
anonymous_enable=YES #
anon_root= /data/pub #
local_enable=YES
anon_upload_enable=YES # ( write_enable=YES, YES)
anon_mkdir_write_enable=YES #
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
vsftpd.conf
3、 /data/pub , , 777 , 777 , vsftpd , pub , 777 OK , 。
、
【 anonymous_enable=NO】
1、
anonymous_enable=NO
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
use_localtime=YES
local_enable=YES
allow_writeable_chroot=YES
xferlog_enable=YES
local_umask=022
pam_service_name=vsftpd
use_localtime=YES
listen_port=21
chroot_local_user=YES
idle_session_timeout=120
data_connection_timeout=120
guest_enable=YES
guest_username=ftpuser
user_config_dir=/etc/vsftpd/vuser_conf
virtual_use_local_privs=YES
pasv_min_port=10060
pasv_max_port=10090
accept_timeout=5
connect_timeout=1
2、
ftpuser `/home/vsftpd`
useradd ‐g root ‐M ‐d /home/vsftpd ‐s /sbin/nologin ftpuser
ftpuser
passwd ftpuser
/home/vsftpd ftpuser.root
chown ‐R ftpuser.root /home/vsftpd
3、
touch /etc/vsftpd/vuser_passwd
# :(# , , : root , )
vi /etc/vsftpd/vuser_passwd
, vuser_passwd
ftp1
12345678
ftp2
12345678
4、
db_load ‐T ‐t hash ‐f /etc/vsftpd/vuser_passwd /etc/vsftpd/vuser_passwd.db
chmod 600 /etc/vsftpd/vuser_passwd.db
5、
mkdir /etc/vsftpd/vuser_conf # vsftp
cd /etc/vsftpd/vuser_conf #
touch ftp1 ftp2
(ftp1 ftp2 ,local_root=/home/vsftpd/ftp1# )。
ftp1
vim ftp1
local_root=/home/vsftpd/ftp1
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
vim ftp2
local_root=/home/vsftpd/ftp2
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
6、
# mkdir ‐p /home/vsftpd/ftp1
# mkdir ‐p /home/vsftpd/ftp2
7、
systemctl restart vsftpd.service #
systemctl start vsftpd.service #
systemctl status vsftpd.service #
8、 PAM
# cd /etc/pam.d/
vsftpd
# cp vsftpd vsftpd.bak
vsftpd ( , , 64 , 32 lib64 lib)
#%PAM‐1.0
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password‐auth
#account include password‐auth
#session required pam_loginuid.so
#session include password‐auth
9、
, /etc/vsftpd/vsuser.passwd ( ), db_load vsuser.passwd ,vuser_confi , 。
、
1、 。
2、 windows cmd , 。
3、 windows cmd ftp , :chroot /etc/vsftpd/chroot_list , , 。
4、 , , vsftpd , , , 777 , 。
、 , 。 , 。 。
1、 name.txt,name.txt 、 , 。
[root@localhost ~]# cat name.txt
lishuai jiacai
yuanhongbin jiacai
liduo gongshengsheng
liuqi lirongxia
nixueging lirongxia
congshuanjian lixi
liuxuesheng gongshengsheng
yubaiyan jiacai
shenxiaojiao lixi
xujianggao shaozuguang
sunguangshuai gongshengsheng
xiaoshuyue congshen
cuijingwen congshen
lixinju jina
jinpengyuan jina
caoqishao xiaoyang
lienbo xiaoyang
sunyuqing jina
gianshunsheng congshen
yangguangming xiaoyang
fengxueying congshen
liuyanshao shaozuguang
xuhuasheng lirongxia
lihongwei jiacai
licong lixi
gaoxingjia gongshengsheng
lishen lixi
huangyu shaozuguang
lixihan lirongxia
shengzimo shaozuguang
liujiaxin shaozuguang
2、 shell , vsftpd, 。shell :
#!bin/bash
yum install -y vsftpd ## vsftpd
systemctl start vsftpd ## vsftpd
mkdir -pv /home/vsftpd ## vsftpd
read -p " ( :ftpuser):" uname
if useradd -g root -M -d /home/vsftpd -s /sbin/nologin $uname &>/dev/null;then ##
echo "$uname" | passwd --stdin $uname &>/dev/null ##
echo " "$uname" , "
else
echo " "$uname" "$uname" , "
userdel $uname ##
exit 6
fi
chown -R $uname.root /home/vsftpd ## /home/vsftpd ftpuser.root
while read line ##
do
stu=`echo $line | awk '{print $1}'` ## stu
tea=`echo $line | awk '{print $2}'` ## tea
if [ -e $tea ];then ## tea
echo "$tea "
mkdir -pv /bishe/0301/$tea/$stu/upload ## /$tea/$stu/upload
else
echo "$tea "
mkdir -pv /bishe/0301/$tea/{$stu/upload,upload} ## /$tea/{$stu/upload,upload}
fi
chmod 777 /bishe/0301/$tea/upload ## /$tea/upload
chmod 777 /bishe/0301/$tea/$stu ## /$tea/$stu
chmod 777 /bishe/0301/$tea/$stu/upload ## /$tea/$stu/upload
mkdir -pv /etc/vsftpd/vuser_conf ## vsftp
cd /etc/vsftpd/vuser_conf ##
echo "local_root=/bishe/0301/$tea/$stu" >$stu
echo "write_enable=YES" >>$stu
echo "anon_world_readable_only=NO" >>$stu
echo "anon_upload_enable=YES" >>$stu
echo "anon_mkdir_write_enable=YES" >>$stu
echo "anon_other_write_enable=YES" >>$stu
echo "local_root=/bishe/0301/$tea" >$tea
echo "write_enable=YES" >>$tea
echo "anon_world_readable_only=NO" >>$tea
echo "anon_upload_enable=YES" >>$tea
echo "anon_mkdir_write_enable=YES" >>$tea
echo "anon_other_write_enable=YES" >>$tea
mkdir -pv /etc/vsftpd/chroot_list ##
Pwd=`openssl rand -hex 8 | cksum | cut -c1-6`
echo "$stu">>/etc/vsftpd/vuser_passwd ## /etc/vsftpd/vuser_passwd
echo "$Pwd">>/etc/vsftpd/vuser_passwd ## /etc/vsftpd/vuser_passwd
echo | awk '{print $2}' /root/new1.txt | sort | uniq >tea.txt ## tea.txt
done<. while="" read="" line="" do="" tea1="`echo" awk="" pwd="`openssl" rand="" cksum="" cut="" echo="">>/etc/vsftpd/vuser_passwd
echo "$Pwd">>/etc/vsftpd/vuser_passwd
done<. db_load="" hash="" chmod="" echo="" write_enable="YES" chroot_local_user="YES" chroot_list_enable="YES" use_localtime="YES" local_enable="YES" allow_writeable_chroot="YES" xferlog_enable="YES" local_umask="022" pam_service_name="vsftpd" listen_port="21" idle_session_timeout="120" data_connection_timeout="120" guest_enable="YES" guest_username="ftpuser" user_config_dir="/etc/vsftpd/vuser_conf" virtual_use_local_privs="YES" pasv_min_port="10060" pasv_max_port="10090" accept_timeout="5" connect_timeout="1">/etc/vsftpd/vsftpd.conf
cd /etc/pam.d/
echo "#%PAM-1.0
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth " > vsftpd
systemctl restart vsftpd ##
3、 、
crontab -l
5 7-21 * * * /usr/bin/rsync -az /bishe/ /bak-bishe/ &>/dev/null
30 23 * * * /bin/bash /bin/backup.sh &>/dev/null
, , 。
, , !