VSFPD権限制御
2816 ワード
VSTFTPDのユーザーについては、3種類のユーザーに分けられます.
1.匿名アカウント:anonymous.権限使用anon_XXXコントロール.
2.ローカル勘定科目:ローカル勘定科目の権限に完全に依存します.
3.仮想アカウント:vsftpdマニュアルでは権限と匿名アカウントは同じだと言われていますが、テストではanonymousの一部の行為とは異なり、些細なことがわかりました.
vsftpdの使い方については、次のを参照してください.
1.FAQ: https://security.appspot.com/vsftpd/FAQ.txt
2.前の構成の説明:http://blog.csdn.net/yunhuang2010/article/details/6950830
3.confファイル:
1.匿名アカウント:anonymous.権限使用anon_XXXコントロール.
2.ローカル勘定科目:ローカル勘定科目の権限に完全に依存します.
3.仮想アカウント:vsftpdマニュアルでは権限と匿名アカウントは同じだと言われていますが、テストではanonymousの一部の行為とは異なり、些細なことがわかりました.
vsftpdの使い方については、次のを参照してください.
1.FAQ: https://security.appspot.com/vsftpd/FAQ.txt
2.前の構成の説明:http://blog.csdn.net/yunhuang2010/article/details/6950830
3.confファイル:
#
listen=YES
connect_from_port_20=YES
# limit max clients
max_clients=100
anonymous_enable=YES
#anonymous user root
anon_root=/ftp/pub
# if it is set, anonymous users will be permitted
# to perform write operations other than upload
# and create directory, such as deletion and renaming
# ***** can rename and delete files
anon_other_write_enable=YES
# enbale upload, virtual user treated as anonymous user,
# so it also require to set Yes when virtaul user needs upload
# ***** can upload files
anon_upload_enable=YES
# enable anonymous to mkdir, also require write_enable=Yes
# ***** can mkdir and delete folders
anon_mkdir_write_enable=YES
# when enabled, anonymous users will only be allowed to download files
anon_world_readable_only=NO
# If enabled, all anonymously uploaded files will have the
# ownership changed to the user specified in the setting chown_username
chown_uploads=YES
chown_username=ftp-admin
# must enable to allow local user(include virtual user) to login
local_enable=YES
#
local_umask=022
#
write_enable=YES
#
local_root=/ftp/$USER
user_sub_token=$USER
# This is the name of the user that is used by vsftp
# when it wants to be totally unprivileged
# nopriv_user=vsftpd
nopriv_user=ftp
# chroot
chroot_local_user=YES
# point new configuration file for each user, some options
# can not affect by this because they are whole-control ones
# such as listen_address, banner_file, max_per_ip,
# max_clients, xferlog_file, etc
user_config_dir=/etc/vsftpd_user_conf
# virtual user, If enabled, all non-anonymous logins are classed as "guest" logins.
guest_enable=YES
guest_username=vsftpd
# If enabled, virtual users will use the same privileges as local users. By default,
# virtual users will use the same privileges as anonymous users, which tends to be more
# restrictive (especially in terms of write access)
virtual_use_local_privs=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
dirmessage_enable=YES
banner_file=/etc/vsftpd_banner
syslog_enable=NO
log_ftp_protocol=YES
xferlog_std_format=NO
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd/vsftpd.log
xferlog_file=/var/log/vsftpd/xferlog.log
data_connection_timeout=15virtual_use_local_privs=YES