仮想ユーザベースのvsftpの使用


 、         
1、Port  (    ):
    C    S   ,    Port  ,     C            S(   C          N          ),    S    Port                 N    ,          。
2、Pasv  (    ):
    C    S   ,   S        C,     (   S          M,        ),    C       ,       S M      ,     ,        。
 、  vsftpd
1、yum  vsftp
#yum ‐y install vsftpd
2、    
#systemctl start vsftpd.service
3、      
/etc/vsftpd
 、  vsftpd         
1、        ftp   ,              ,                     (  ,         ,    )
2、vsftp       ,  anonymous_enable=YES    ,        ,                 ,   /var/ftp/pub (    ),           anon_root= /data/pub,                   。                。
anonymous_enable=YES #       
anon_root= /data/pub #            
local_enable=YES
anon_upload_enable=YES #           (     write_enable=YES,  YES)
anon_mkdir_write_enable=YES #           
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
vsftpd.conf
3、             /data/pub  ,        ,       777   ,    777      ,    vsftpd      ,     pub           ,         777    OK ,                  。
 、          
【            anonymous_enable=NO】
1、      
anonymous_enable=NO
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
use_localtime=YES
local_enable=YES
allow_writeable_chroot=YES
xferlog_enable=YES
local_umask=022
pam_service_name=vsftpd
use_localtime=YES
listen_port=21
chroot_local_user=YES
idle_session_timeout=120
data_connection_timeout=120
guest_enable=YES
guest_username=ftpuser
user_config_dir=/etc/vsftpd/vuser_conf
virtual_use_local_privs=YES
pasv_min_port=10060
pasv_max_port=10090
accept_timeout=5
connect_timeout=1
2、      
     ftpuser    `/home/vsftpd`   
useradd ‐g root ‐M ‐d /home/vsftpd ‐s /sbin/nologin ftpuser
     ftpuser    
passwd ftpuser
  /home/vsftpd      ftpuser.root
chown ‐R ftpuser.root /home/vsftpd
3、        
touch /etc/vsftpd/vuser_passwd
#           :(#      ,     ,  :    root    ,    )
vi /etc/vsftpd/vuser_passwd
    ,    vuser_passwd   
ftp1
12345678
ftp2
12345678
4、          
db_load ‐T ‐t hash ‐f /etc/vsftpd/vuser_passwd /etc/vsftpd/vuser_passwd.db
chmod 600 /etc/vsftpd/vuser_passwd.db
5、      
mkdir /etc/vsftpd/vuser_conf #         vsftp     
cd /etc/vsftpd/vuser_conf #     
touch ftp1 ftp2
(ftp1 ftp2      ,local_root=/home/vsftpd/ftp1#               )。
ftp1       
vim ftp1
local_root=/home/vsftpd/ftp1
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
vim ftp2
local_root=/home/vsftpd/ftp2
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
6、      
# mkdir ‐p /home/vsftpd/ftp1
# mkdir ‐p /home/vsftpd/ftp2
7、    
systemctl restart vsftpd.service      #     
systemctl start vsftpd.service         #     
systemctl status vsftpd.service      #       
8、       PAM  
# cd /etc/pam.d/
  vsftpd  
# cp vsftpd vsftpd.bak
  vsftpd    (        ,        ,     64     ,   32   lib64    lib)
#%PAM‐1.0
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password‐auth
#account include password‐auth
#session required pam_loginuid.so
#session include password‐auth
9、     
      ,   /etc/vsftpd/vsuser.passwd      (        ),    db_load    vsuser.passwd    ,vuser_confi               ,            。
 、    
1、                   。
2、   windows  cmd       ,                     。
3、 windows cmd  ftp   ,   :chroot    /etc/vsftpd/chroot_list    ,                ,      。
4、               ,      ,    vsftpd    ,                     ,                            ,     777  ,    。
  、  ,        。                    ,     。             。
 1、  name.txt,name.txt         、           ,             。
[root@localhost ~]# cat name.txt
lishuai         jiacai 
yuanhongbin     jiacai 
liduo           gongshengsheng
liuqi           lirongxia
nixueging       lirongxia
congshuanjian   lixi
liuxuesheng     gongshengsheng
yubaiyan        jiacai 
shenxiaojiao    lixi
xujianggao      shaozuguang
sunguangshuai   gongshengsheng
xiaoshuyue      congshen
cuijingwen      congshen
lixinju         jina
jinpengyuan     jina
caoqishao       xiaoyang
lienbo          xiaoyang
sunyuqing       jina
gianshunsheng   congshen
yangguangming   xiaoyang
fengxueying     congshen
liuyanshao      shaozuguang
xuhuasheng      lirongxia
lihongwei       jiacai 
licong          lixi
gaoxingjia      gongshengsheng
lishen          lixi
huangyu         shaozuguang
lixihan         lirongxia
shengzimo       shaozuguang
liujiaxin       shaozuguang
2、  shell  ,    vsftpd,             。shell    :
#!bin/bash
yum install -y vsftpd                                                       ##  vsftpd
systemctl start vsftpd                                                     ##  vsftpd
mkdir -pv /home/vsftpd                                                  ##  vsftpd    
read -p "      (      :ftpuser):" uname
if useradd -g root -M -d /home/vsftpd -s /sbin/nologin $uname &>/dev/null;then    ##    
echo "$uname" | passwd --stdin $uname &>/dev/null                                             ##    
echo "     "$uname"   ,        "
else
echo "     "$uname"    "$uname"       ,       "
userdel $uname                                                                                                      ##    
exit 6
fi

chown -R $uname.root /home/vsftpd                      ## /home/vsftpd     ftpuser.root    
while read line                                                        ##     
do
    stu=`echo $line | awk '{print $1}'`                        ##      stu
    tea=`echo $line | awk '{print $2}'`                        ##     tea

    if [ -e $tea ];then                                                 ##  tea  
            echo "$tea   "
            mkdir -pv /bishe/0301/$tea/$stu/upload     ##  /$tea/$stu/upload 
    else
            echo "$tea    " 
            mkdir -pv /bishe/0301/$tea/{$stu/upload,upload}    ##  /$tea/{$stu/upload,upload} 
    fi
    chmod 777 /bishe/0301/$tea/upload                   ## /$tea/upload  
    chmod 777 /bishe/0301/$tea/$stu                       ## /$tea/$stu    
    chmod 777 /bishe/0301/$tea/$stu/upload           ## /$tea/$stu/upload  

    mkdir -pv /etc/vsftpd/vuser_conf        ##        vsftp   
    cd /etc/vsftpd/vuser_conf                   ##    

    echo "local_root=/bishe/0301/$tea/$stu" >$stu
    echo "write_enable=YES" >>$stu
    echo "anon_world_readable_only=NO" >>$stu
    echo "anon_upload_enable=YES" >>$stu
    echo "anon_mkdir_write_enable=YES" >>$stu
    echo "anon_other_write_enable=YES" >>$stu

    echo "local_root=/bishe/0301/$tea" >$tea
    echo "write_enable=YES" >>$tea
    echo "anon_world_readable_only=NO" >>$tea
    echo "anon_upload_enable=YES" >>$tea
    echo "anon_mkdir_write_enable=YES" >>$tea
    echo "anon_other_write_enable=YES" >>$tea

    mkdir -pv /etc/vsftpd/chroot_list                                           ##     

    Pwd=`openssl rand -hex 8 | cksum | cut -c1-6`                   
    echo "$stu">>/etc/vsftpd/vuser_passwd                              ##       /etc/vsftpd/vuser_passwd
    echo "$Pwd">>/etc/vsftpd/vuser_passwd                            ##      /etc/vsftpd/vuser_passwd
    echo | awk '{print $2}' /root/new1.txt | sort | uniq >tea.txt     ##        tea.txt
done<. while="" read="" line="" do="" tea1="`echo" awk="" pwd="`openssl" rand="" cksum="" cut="" echo="">>/etc/vsftpd/vuser_passwd
                 echo "$Pwd">>/etc/vsftpd/vuser_passwd
done<. db_load="" hash="" chmod="" echo="" write_enable="YES" chroot_local_user="YES" chroot_list_enable="YES" use_localtime="YES" local_enable="YES" allow_writeable_chroot="YES" xferlog_enable="YES" local_umask="022" pam_service_name="vsftpd" listen_port="21" idle_session_timeout="120" data_connection_timeout="120" guest_enable="YES" guest_username="ftpuser" user_config_dir="/etc/vsftpd/vuser_conf" virtual_use_local_privs="YES" pasv_min_port="10060" pasv_max_port="10090" accept_timeout="5" connect_timeout="1">/etc/vsftpd/vsftpd.conf
cd /etc/pam.d/
echo  "#%PAM-1.0 
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd 
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd 
#session    optional     pam_keyinit.so    force revoke 
#auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed 
#auth       required    pam_shells.so 
#auth       include password-auth 
#account    include password-auth 
#session    required     pam_loginuid.so 
#session    include password-auth " > vsftpd
systemctl restart vsftpd              ##    
3、      、         
crontab -l
5 7-21 * * * /usr/bin/rsync -az /bishe/ /bak-bishe/ &>/dev/null
30 23 * * *  /bin/bash /bin/backup.sh &>/dev/null

    ,             ,    。
              ,           ,          !