构建基于虚拟用户的vsftpd服务器
——白·月
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=fcba9029-9415-4fe6-b076-0a83857d01ec
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::e1da:4a27:77d0:a6dd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:1b:a7:25 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1104 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a
[root@localhost yum.repos.d]# mv C* a
[root@localhost yum.repos.d]# vim yum.repo
[a]
name=a
baseurl=file:///media
gpgcheck=0
[root@localhost yum.repos.d]# mount /dev/cdrom /media
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum -y install vsftpd ftp
Installed:
ftp.x86_64 0:0.17-67.el7 vsftpd.x86_64 0:3.0.2-21.el7
Complete!
[root@localhost ~]# vim /etc/vsftpd/vusers.list \\建立虚拟FTP用户的帐号数据库文件
a
123
b
123
~
[root@localhost ~]# cd /etc/vsftpd/
[root@localhost vsftpd]# db_load -T -t hash -f vusers.list vusers.db
[root@localhost vsftpd]# file vusers.db
vusers.db: Berkeley DB (Hash, version 9, native byte-order)
[root@localhost vsftpd]# chown 600 /etc/vsftpd/vusers.* \\给账号密码权限
[root@localhost vsftpd]# useradd -d /syj -s /sbin/nologin baiyue \\创建FTP根目录及虚拟用户映射的系统用户
[root@localhost vsftpd]# chmod 755 /syj \\给文件权限
[root@localhost vsftpd]# vim /etc/pam.d/vsftp \\建立支持虚拟用户的PAM认证文件
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/vusers
account required pam_userdb.so db=/etc/vsftpd/vusers
[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf \\修改配置文件
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
chroot_local_user=YES
allow_writeable_chroot=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=baiyue
user_config_dir=/etc/vsftpd/vusers_dir
[root@localhost vsftpd]# mkdir /etc/vsftpd/vusers_dir
[root@localhost vsftpd]# cd /etc/vsftpd/vusers_dir/
[root@localhost vusers_dir]# touch a b
[root@localhost vusers_dir]# vim a
anon_upload_enable=YES
anon_mkdir_write_enable=YES
[root@localhost vsftpd]# mkdir /etc/vsftpd/vusers_dir \\为个别虚拟用户建立独立的配置文件
[root@localhost vsftpd]# cd /etc/vsftpd/vusers_dir/
[root@localhost vusers_dir]# touch a b
[root@localhost vusers_dir]# vim a
anon_upload_enable=YES
anon_mkdir_write_enable=YES
[root@localhost vusers_dir]# systemctl start vsftpd \\启动ftp
[root@localhost vusers_dir]# systemctl stop firewalld.service
[root@localhost vusers_dir]# setenforce 0 \\降低沙盒
[root@localhost vusers_dir]# cd /syj
[root@localhost syj]# touch a
[root@localhost syj]# ls
a
客户端:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=fcba9029-9415-4fe6-b076-0a83857d01ec
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.2
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::8237:c6c4:f9e9:6e23 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:45:b2:6f txqueuelen 1000 (Ethernet)
RX packets 3 bytes 180 (180.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 840 (840.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a
[root@localhost yum.repos.d]# mv C* a
[root@localhost yum.repos.d]# vim yum.repo
[a]
name=a
baseurl=file:///media
gpgcheck=0
[root@localhost yum.repos.d]# mount /dev/cdrom /media
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum -y install vsftpd ftp
Installed:
ftp.x86_64 0:0.17-67.el7 vsftpd.x86_64 0:3.0.2-21.el7
Complete!
[root@localhost ~]# touch b
[root@localhost ~]# ftp 192.168.1.1 \\验证
Connected to 192.168.1.1 (192.168.1.1).
220 (vsFTPd 3.0.2)
Name (192.168.1.1:root): a
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,1,245,184).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jun 18 19:57 a
226 Directory send OK.
ftp> get a
local: a remote: a
227 Entering Passive Mode (192,168,1,1,44,190).
150 Opening BINARY mode data connection for a (0 bytes).
226 Transfer complete.
ftp> put b
local: b remote: b
227 Entering Passive Mode (192,168,1,1,101,140).
150 Ok to send data.
226 Transfer complete.
ftp> quit
221 Goodbye.
[root@localhost ~]# ftp 192.168.1.1
Connected to 192.168.1.1 (192.168.1.1).
220 (vsFTPd 3.0.2)
Name (192.168.1.1:root): b
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,1,141,152).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jun 18 19:57 a
-rw-r--r-- 1 1001 1001 0 Jun 18 20:00 b
226 Directory send OK.
ftp> get a
local: a remote: a
227 Entering Passive Mode (192,168,1,1,248,56).
150 Opening BINARY mode data connection for a (0 bytes).
226 Transfer complete.
ftp> put b
local: b remote: b
227 Entering Passive Mode (192,168,1,1,163,6).
550 Permission denied.
ftp>
[root@localhost ~]# ls
a Desktop initial-setup-ks.cfg Public
anaconda-ks.cfg Documents Music Templates
b Downloads Pictures Videos
构建本地用户验证的vsftpd服务器
——白·月
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=fcba9029-9415-4fe6-b076-0a83857d01ec
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::e1da:4a27:77d0:a6dd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:1b:a7:25 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1104 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a
[root@localhost yum.repos.d]# mv C* a
[root@localhost yum.repos.d]# vim yum.repo
[a]
name=a
baseurl=file:///media
gpgcheck=0
[root@localhost yum.repos.d]# mount /dev/cdrom /media
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum -y install vsftpd ftp
Installed:
ftp.x86_64 0:0.17-67.el7 vsftpd.x86_64 0:3.0.2-21.el7
Complete!
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
allow_writeable_chroot=YES
local_enable=YES
write_enable=YES
anon_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
[root@localhost ~]# systemctl start vsftpd
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# chmod 755 /var/ftp/
[root@localhost ~]# useradd zhangsan
[root@localhost ~]# useradd lisi
[root@localhost ~]# passwd zhangsan
Changing password for user zhangsan.
New password:
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# passwd lisi
Changing password for user lisi.
New password:
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# cd /var/ftp/
[root@localhost ftp]# ls
pub
[root@localhost ftp]# touch a
客户端:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=fcba9029-9415-4fe6-b076-0a83857d01ec
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.2
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::8237:c6c4:f9e9:6e23 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:45:b2:6f txqueuelen 1000 (Ethernet)
RX packets 3 bytes 180 (180.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 840 (840.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a
[root@localhost yum.repos.d]# mv C* a
[root@localhost yum.repos.d]# vim yum.repo
[a]
name=a
baseurl=file:///media
gpgcheck=0
[root@localhost yum.repos.d]# mount /dev/cdrom /media
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum -y install vsftpd ftp
Installed:
ftp.x86_64 0:0.17-67.el7 vsftpd.x86_64 0:3.0.2-21.el7
Complete!
[root@localhost ~]# touch b
[root@localhost ~]# ls
anaconda-ks.cfg Documents Music Templates
b Downloads Pictures Videos
Desktop initial-setup-ks.cfg Public
[root@localhost ~]# ftp 192.168.1.1
Connected to 192.168.1.1 (192.168.1.1).
220 (vsFTPd 3.0.2)
Name (192.168.1.1:root): zhangsan
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put b
local: b remote: b
227 Entering Passive Mode (192,168,1,1,252,63).
150 Ok to send data.
226 Transfer complete.
ftp> ls
227 Entering Passive Mode (192,168,1,1,217,154).
150 Here comes the directory listing.
-rw-r--r-- 1 1001 1001 0 Jun 17 00:44 1.txt
-rw-r--r-- 1 1001 1001 0 Jun 17 01:06 b
226 Directory send OK.
[root@localhost ~]# ftp 192.168.1.1
Connected to 192.168.1.1 (192.168.1.1).
220 (vsFTPd 3.0.2)
Name (192.168.1.1:root): lisi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put b
local: b remote: b
227 Entering Passive Mode (192,168,1,1,182,96).
150 Ok to send data.
226 Transfer complete.
ftp> ls
227 Entering Passive Mode (192,168,1,1,117,245).
150 Here comes the directory listing.
-rw-r--r-- 1 1002 1002 0 Jun 17 01:07 b
226 Directory send OK.