(在server内进行操作)
对ftp的部署
[root@localhost ~]# vim /etc/sysconfig/selinux ##改enforcing为disabled
[root@localhost ~]# reboot ##重启
Connection to 172.25.254.229 closed by remote host.
Connection to 172.25.254.229 closed.
[kiosk@foundation29 Desktop]$ ssh root@172.25.254.229
root@172.25.254.229's password:
Last login: Fri May 4 22:44:11 2018 from 172.25.254.29
[root@localhost ~]# getenforce ##检测是否更改正确
Disabled
[root@localhost ~]# yum install vsftpd -y ##下载 vsftp
[root@localhost ~]# yum install lftpd -y ##下载 lftp
[root@localhost ~]# systemctl start vsftpd ##打开
[root@localhost ~]# systemctl enable vsftpd ##开机自动启动
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service' ##出现了报错,可以想到使火墙不允许
[root@localhost ~]# netstat -antlupe | grep vsftpd ##查看端口是否开启
tcp6 0 0 :::21 :::* LISTEN 0 38048 1805/vsftpd ##开着呢,所以肯定是火墙不允许
[root@localhost ~]# firewall-cmd --list-all ##查看火墙信息
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh ##的确,只允许ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##使火墙允许ftp
success
[root@localhost ~]# firewall-cmd --reload ##更新
success
[root@localhost ~]# firewall-cmd --list-all ##再次查看
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ftp ssh ##允许成功
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
连接ftp并对ftp进行查看
[root@localhost ~]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub
lftp 172.25.254.229:/>
[root@localhost ~]# cd /var/ftp ##默认ftp的文件都在var内
[root@localhost ftp]# ls
pub
[root@localhost ftp]# touch westosfile
[root@localhost ftp]# ls
pub westosfile
[root@localhost ftp]# lftp 172.25.254.229 ##再次查看
lftp 172.25.254.229:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub
-rw-r--r-- 1 0 0 0 May 08 09:34 westosfile
lftp 172.25.254.229:/>
ftp服务的基本信息
软件安装包:vsftpd
默认发布目录: /var/ftp
协议接口: 21/tcp
服务配置文件: /etc/vsftpd/vsftpd.conf
报错id的解析:
500 ##文件系统权限过大
530 ##用户认证失败
550 ##服务本身功能未开放
553 ##本地文件系统权限过小
1.修改家目录:
[root@localhost ftp]# mkdir /ftpdir/westosdir -p
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##在anonymous_enable=YES 后加 anon_root=/ftpdir
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxr-xr-x 2 0 0 6 May 08 09:42 westosdir
2.匿名用户是否可以登陆
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##改 anonymous_enable=YES 为 NO
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls ##连接不上
Interrupt
4.ftp是否对登陆用户可写
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##改 write_enable=YES 为 NO
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]#lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> put /etc/passwd
put: Access failed: 550 Permission denied. (passwd) ##出现错误,不能上传文件
lftp westos@172.25.254.229:~>
5.匿名用户上传
方法一
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##打开anon_upload_enable=YES
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# chmod 777 /var/ftp/pub/
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxrwxrwx 2 0 0 6 Aug 03 2015 pub
-rw-r--r-- 1 0 0 0 May 05 07:21 westosfile
lftp 172.25.254.229:/> cd pub/
lftp 172.25.254.229:/pub> ls
lftp 172.25.254.229:/pub> put /etc/passwd
2323 bytes transferred
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub> quit
报错
550 ##服务本身功能未开放。操作之前应注释掉 anon_root=/ftpdir
方法二
[root@localhost ftp]# chgrp ftp /var/ftp/pub/ ##建一个组
[root@localhost ftp]# chmod 775 /var/ftp/pub/ ##给一个权限
[root@localhost ftp]# ls -ld /var/ftp/pub/ ##查看文件权限
drwxrwxr-x 2 root ftp 19 May 5 04:31 /var/ftp/pub/
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxrwxr-x 2 0 50 19 May 05 08:31 pub
-rw-r--r-- 1 0 0 0 May 05 07:21 westosfile
lftp 172.25.254.229:/> cd pub/
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub> put /etc/passwd
put: Access failed: 553 Could not create file. (passwd) ##因为上一步上传过passwd,所以得换一个重新上传
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub> put /etc/group
980 bytes transferred
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 980 May 05 08:37 group
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub>
6.匿名用户的下载
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##写入anon_world_readable_only=NO
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]#lftp 172.25.254.229
lftp 172.25.254.229:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.254.229:/pub> get group
980 bytes transferred
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 980 May 05 08:37 group
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub> rm group ##删除不了
rm: Access failed: 550 Permission denied. (group)
7.匿名用户的删除
[root@localhost ftp]# systemctl restart vsftpd ##写入anon_other_write_enable=YES
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.254.229:/pub> rm group
rm ok, `group' removed
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 passwd
lftp 172.25.254.229:/pub> mv passwd hello ##把passwd的名字改成hello
rename successful
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 hello
lftp 172.25.254.229:/pub> mkdir test ##建立不了用户
mkdir: Access failed: 550 Permission denied. (test)
8.匿名用户建立目录
[root@localhost ftp]# vim /etc/vsftpd/vsftpd.conf ##写入 anon_mkdir_write_enable=YES
[root@localhost ftp]# systemctl restart vsftpd
[root@localhost ftp]# lftp 172.25.254.229
lftp 172.25.254.229:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 hello
lftp 172.25.254.229:/pub> mkdir test
mkdir ok, `test' created
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2323 May 05 08:31 hello
drwx------ 2 14 50 6 May 05 09:08 test
lftp 172.25.254.229:/pub>
9.限速上传
[root@localhost mnt]# ls
[root@localhost mnt]# dd if=/dev/zero of=/mnt/bigfile bs=1M count=2000
2000+0 records in
2000+0 records out
2097152000 bytes (2.1 GB) copied, 26.1882 s, 80.1 MB/s
[root@localhost mnt]# ls
bigfile
[root@localhost mnt]# lftp 172.25.254.229
lftp 172.25.254.229:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.254.229:/pub> put /mnt/bigfile
2097152000 bytes transferred in 56 seconds (35.82M/s)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ## 输入 anon_max_rate=102400 ##限制了上传速度,太慢了
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
[root@localhost mnt]# dd if=/dev/zero of=/mnt/bigfile bs=1M count=2000
2000+0 records in
2000+0 records out
2097152000 bytes (2.1 GB) copied, 22.0108 s, 95.3 MB/s
[root@localhost mnt]# lftp 172.25.254.229
lftp 172.25.254.229:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.254.229:/pub> put /mnt/bigfile
Interrupt
10.本地用户上传文件权限
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf ##在local_umask=022的情况下
[root@localhost westos]# systemctl restart vsftpd
[root@localhost westos]# lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> put /etc/passwd
2048 bytes transferred
lftp westos@172.25.254.229:~> ls
-rw-r--r-- 1 1001 1001 2048 May 06 02:09 passwd
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:~> quit
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf
[root@localhost westos]# systemctl restart vsftpd
[root@localhost westos]# lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> ls
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:~> put /etc/group
865 bytes transferred
lftp westos@172.25.254.229:~> ls
-rw------- 1 1001 1001 865 May 06 02:07 group
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:~> quit
11.匿名用户的最大权限
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf ## anon_umask=022
[root@localhost westos]# systemctl restart vsftpd
[root@localhost westos]# chmod 777 /var/ftp/pub/
[root@localhost westos]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxrwxrwx 3 0 50 43 May 06 01:59 pub
-rw-r--r-- 1 0 0 0 May 05 07:21 westosfile
lftp 172.25.254.229:/> cd pub/
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2097152000 May 06 01:46 bigfile
drwx------ 2 14 50 6 May 05 09:08 test
lftp 172.25.254.229:/pub> put /etc/group
865 bytes transferred
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2097152000 May 06 01:46 bigfile
-rw-r--r-- 1 14 50 865 May 06 02:16 group
drwx------ 2 14 50 6 May 05 09:08 test
[root@localhost westos]# vim /etc/vsftpd/vsftpd.conf ##在 anon_umask=077 的情况下
[root@localhost westos]# systemctl restart vsftpd
[root@localhost westos]# lftp 172.25.254.229
lftp 172.25.254.229:~> ls
drwxrwxrwx 3 0 50 43 May 06 02:16 pub
-rw-r--r-- 1 0 0 0 May 05 07:21 westosfile
lftp 172.25.254.229:/> cd pub/
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2097152000 May 06 01:46 bigfile
-rw-r--r-- 1 14 50 865 May 06 02:16 group
drwx------ 2 14 50 6 May 05 09:08 test
lftp 172.25.254.229:/pub> put /etc/passwd
2048 bytes transferred
lftp 172.25.254.229:/pub> ls
-rw------- 1 14 50 2097152000 May 06 01:46 bigfile
-rw-r--r-- 1 14 50 865 May 06 02:16 group
-rw------- 1 14 50 2048 May 06 02:22 passwd
drwx------ 2 14 50 6 May 05 09:08 test
限制本地用户访问目录
操作一、所有用户被锁定到自己的家目录中
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##把106行的 chroot_local_user=YES 的意思是默认任何人都不可以访问家目录
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> ls
-rw------- 1 1001 1001 865 May 06 02:07 group
-rw-r--r-- 1 1001 1001 2048 May 06 02:09 passwd
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:/> ls
-rw------- 1 1001 1001 865 May 06 02:07 group
-rw-r--r-- 1 1001 1001 2048 May 06 02:09 passwd
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:/> cd / ##切换到 / 家目录
lftp westos@172.25.254.229:/> ls ##不能被访问
-rw------- 1 1001 1001 865 May 06 02:07 group
-rw-r--r-- 1 1001 1001 2048 May 06 02:09 passwd
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##把 chroot_local_user=NO 的意思是:默认任何人都可以访问家目录
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> ls
-rw------- 1 1001 1001 865 May 06 02:07 group
-rw-r--r-- 1 1001 1001 2048 May 06 02:09 passwd
drwxr-xr-x 2 0 0 6 May 06 02:05 pub
lftp westos@172.25.254.229:~> cd / ##切换到 / 家目录
cd ok, cwd=/
lftp westos@172.25.254.229:/> ls ##可以被访问
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jul 10 2014 boot
drwxr-xr-x 18 0 0 2880 May 06 00:58 dev
drwxr-xr-x 134 0 0 8192 May 06 01:29 etc
drwxr-xr-x 3 0 0 22 May 05 07:41 ftpdir
drwxr-xr-x 4 0 0 33 May 05 07:55 home
lrwxrwxrwx 1 0 0 7 May 07 2014 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 May 07 2014 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 13 2014 media
drwxr-xr-x 2 0 0 20 May 06 01:26 mnt
drwxr-xr-x 3 0 0 15 Jul 10 2014 opt
dr-xr-xr-x 157 0 0 0 May 06 00:58 proc
dr-xr-x--- 14 0 0 4096 May 06 02:40 root
drwxr-xr-x 35 0 0 1140 May 06 01:29 run
lrwxrwxrwx 1 0 0 8 May 07 2014 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 13 2014 srv
dr-xr-xr-x 13 0 0 0 May 06 00:58 sys
drwxrwxrwt 14 0 0 4096 May 06 01:29 tmp
drwxr-xr-x 13 0 0 4096 May 07 2014 usr
drwxr-xr-x 23 0 0 4096 May 06 00:58 var
lftp westos@172.25.254.229:/>
操作二、用户白名单建立
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
内容:
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# vim /etc/vsftpd/chroot_list ##编写这个文件的意思是,list是白名单,默认任何人都不可以,只有名单里的人才可以。westos不在名单内,student在名单内。
[root@localhost ~]# lftp 172.25.254.229 -u westos ##所以说westos不可以。
Password:
lftp westos@172.25.254.229:~> cd /
cd: Login failed: 500 OOPS: could not read chroot() list file:/etc/vsftpd/chroot_list
[root@localhost ~]# lftp 172.25.254.229 -u student ##而student可以。
Password:
lftp student@172.25.254.229:~> cd /
cd ok, cwd=/
lftp student@172.25.254.229:/> ls
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jul 10 2014 boot
drwxr-xr-x 18 0 0 2880 May 06 00:58 dev
drwxr-xr-x 134 0 0 8192 May 06 01:29 etc
drwxr-xr-x 3 0 0 22 May 05 07:41 ftpdir
操作三、用户黑名单建立
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
内容:
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# vim /etc/vsftpd/chroot_list ##编写这个文件的意思是,list是黑名单,默认任何人都可以,只有名单里的人不可以。westos不在名单内,student在名单内。
[root@localhost ~]# lftp 172.25.254.229 -u westos ##westos不在黑名单内,所以可以访问家目录
Password:
lftp westos@172.25.254.229:~> cd /
cd ok, cwd=/
lftp westos@172.25.254.229:/> ls
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jul 10 2014 boot
drwxr-xr-x 18 0 0 2880 May 06 00:58 dev
drwxr-xr-x 134 0 0 8192 May 06 01:29 etc
[root@localhost ~]# lftp 172.25.254.229 -u student ##而student在黑名单内,所以不可以访问家目录。
Password:
lftp student@172.25.254.229:~> cd /
cd ok, cwd=/
lftp student@172.25.254.229:/> ls
lftp student@172.25.254.229:/> ls
lftp student@172.25.254.229:/>
限制本地用户登陆
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##在128行,输入 userlist_deny=NO 意思就是将这个临时黑名单改成了白名单。
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# vim /etc/vsftpd/user_list ##写入westos
[root@localhost ~]# lftp 172.25.254.229 -u student ##所以student不可以登陆
Password:
lftp student@172.25.254.229:~> cd
cd: Login failed: 530 Permission denied.
[root@localhost ~]# lftp 172.25.254.229 -u westos ##westos就可以登陆
Password:
lftp westos@172.25.254.229:~> cd /
cd ok, cwd=/
[root@localhost ~]# vim /etc/vsftpd/ftpusers ##永久黑名单,输入westos
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.229 -u westos
Password:
lftp westos@172.25.254.229:~> cd ##就不可以
cd: Login failed: 530 Login incorrect.
报错
[root@localhost ~]# lftp 172.25.254.229 -u student
Password:
lftp student@172.25.254.229:~> cd /
cd: Login failed: 530 Permission denied. ##得在/etc/vsftpd/vsftpd.conf的128行,改 userlist_deny=YES 。
lftp student@172.25.254.229:~> quit
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##改 userlist_deny=YES
[root@localhost ~]# systemctl restart vsftpd
[root@localhost ~]# lftp 172.25.254.229 -u student
Password:
lftp student@172.25.254.229:~> cd
cd ok, cwd=/home/student ##就可以了。
lftp student@172.25.254.229:~>
要进行以下操作的之前需删掉之前所有的黑白名单。
ftp虚拟用户的设定
操作一、创建虚拟帐号身份
[root@localhost vsftpd]# vim /etc/vsftpd/westosfile
内容:
ftpuser1
123
ftpuser2
123
ftpuser3
123
[root@localhost vsftpd]# db_load -T -t hash -f /etc/vsftpd/westosfile /etc/vsftpd/westosfile.db
[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]# vim /etc/pam.d/westos
内容:
account required pam_userdb.so db=/etc/vsftpd/westosfile
auth required pam_userdb.so db=/etc/vsftpd/westosfile
[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf
内容:
pam_service_name=westos
guest_enable=YES
guest_username=student
userlist_enable=YES
#userlist_deny=YES
tcp_wrappers=YES
[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]# lftp 172.25.254.229 -u ftpuser1
Password:
lftp ftpuser1@172.25.254.229:~> ls
lftp ftpuser1@172.25.254.229:/> quit
操作二、虚拟用户家目录的独立设定
[root@localhost ~]# mkdir /vftpdir
[root@localhost ~]# touch /vftpdir/vftpfile
[root@localhost ~]# cd /vftpdir/
[root@localhost vftpdir]# ls
vftpfile
[root@localhost vftpdir]# mkdir ftpuser{1..3}
[root@localhost vftpdir]# ll
total 0
drwxr-xr-x 2 root root 6 May 6 03:05 ftpuser1
drwxr-xr-x 2 root root 6 May 6 03:05 ftpuser2
drwxr-xr-x 2 root root 6 May 6 03:05 ftpuser3
-rw-r--r-- 1 root root 0 May 6 02:47 vftpfile
[root@localhost vftpdir]# touch ftpuser1/ftpuser1file
[root@localhost vftpdir]# touch ftpuser2/ftpuser2file
[root@localhost vftpdir]# touch ftpuser3/ftpuser3file
[root@localhost vftpdir]# ls
ftpuser1 ftpuser2 ftpuser3 vftpfile
[root@localhost vftpdir]# cd ftpuser1
[root@localhost ftpuser1]# ll
total 0
-rw-r--r-- 1 root root 0 May 6 03:07 ftpuser1file
[root@localhost ftpuser1]# vim /etc/vsftpd/vsftpd.conf
内容:
local_root=/vftpdir/$USER
user_sub_token=$USER ##告诉ftp$USER的使用方法
[root@localhost ftpuser1]# systemctl restart vsftpd
[root@localhost ftpuser1]# lftp 172.25.254.229 -u ftpuser1
Password:
lftp ftpuser1@172.25.254.229:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:07 ftpuser1file
lftp ftpuser1@172.25.254.229:/>
[root@localhost ~]# cd /vftpdir
[root@localhost vftpdir]# ls
ftpuser1 ftpuser2 ftpuser3 vftpfile
[root@localhost vftpdir]# mkdir ftpuser{1..3}/pub ##建立pub。因为要上传文件,所以要在pub下测试
[root@localhost vftpdir]# chgrp student ftpuser{1..3}/pub ##因为在student的用户下作的,所以在student建组
[root@localhost vftpdir]# chmod 775 ftpuser{1..3}/pub ##给pub权限
[root@localhost vftpdir]# lftp 172.25.254.229 -u ftpuser1
Password:
lftp ftpuser1@172.25.254.229:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:07 ftpuser1file
drwxrwxr-x 2 0 1000 6 May 06 07:44 pub
lftp ftpuser1@172.25.254.229:/> cd pub/
lftp ftpuser1@172.25.254.229:/pub> put /etc/passwd ##ftpuser1 可以在pub下上传文件
2093 bytes transferred
lftp ftpuser1@172.25.254.229:/pub> ls
-rw------- 1 1000 1000 2093 May 06 07:49 passwd
lftp ftpuser1@172.25.254.229:/pub> rm passwd ##也可以删除
rm ok, `passwd' removed
lftp ftpuser1@172.25.254.229:/pub> ls
lftp ftpuser1@172.25.254.229:/pub> quit
[root@localhost vftpdir]# lftp 172.25.254.229 -u ftpuser2
Password:
lftp ftpuser2@172.25.254.229:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:07 ftpuser2file
drwxrwxr-x 2 0 1000 6 May 06 07:44 pub
lftp ftpuser2@172.25.254.229:/> cd pub/
lftp ftpuser2@172.25.254.229:/pub> put /etc/passwd ##ftpuser2 也可以
2093 bytes transferred
lftp ftpuser2@172.25.254.229:/pub> rm passwd
rm ok, `passwd' removed
lftp ftpuser2@172.25.254.229:/pub> quit
虚拟帐号配置独立
虚拟用户也依赖于匿名用户的参数控制。
vim /etc/vsftpd/vsftpd.conf
最后一行添加:
user_config_dir=/etc/vsftpd/userconf
[root@localhost ftpuser1]# vim /etc/vsftpd/vsftpd.conf 最后一行添加制定内容
[root@localhost ftpuser1]# systemctl restart vsftpd
[root@localhost ftpuser1]# cd /vftpdir
[root@localhost vftpdir]# ls
ftpuser1 ftpuser2 ftpuser3 vftpfile
[root@localhost vftpdir]# ll
total 0
drwxr-xr-x 2 root root 25 May 6 03:12 ftpuser1
drwxr-xr-x 2 root root 25 May 6 03:12 ftpuser2
drwxr-xr-x 2 root root 25 May 6 03:12 ftpuser3
-rw-r--r-- 1 root root 0 May 6 03:12 vftpfile
[root@localhost vftpdir]# mkdir ftpuser{1..3}/pub 建立/pub目录
[root@localhost vftpdir]# vim /etc/vsftpd/vsftpd.conf
[root@localhost vftpdir]# vim /etc/vsftpd/vsftpd.conf 将匿名用户上传关闭,因为虚拟用户依赖于匿名用户。
[root@localhost vftpdir]# systemctl restart vsftpd 重启
[root@localhost vftpdir]# chgrp westos ftpuser{1..3}/pub
[root@localhost vftpdir]# chmod 775 ftpuser{1..3}/pub 赋予权限
[root@localhost vftpdir]# lftp 172.25.254.221 -u ftpuser3
Password:
lftp ftpuser3@172.25.254.221:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:12 ftpuser3file
drwxrwxr-x 2 0 1001 6 May 06 07:40 pub
lftp ftpuser3@172.25.254.221:/> cd /pub
lftp ftpuser3@172.25.254.221:/pub> ls
lftp ftpuser3@172.25.254.221:/pub> put /etc/passwd 不可上传因为功能关闭
put: Access failed: 550 Permission denied. (passwd)
lftp ftpuser3@172.25.254.221:/pub> quit
[root@localhost vftpdir]# mkdir /etc/vsftpd/conf_dir -p 建立主配置文件中的目录
[root@localhost vftpdir]# vim /etc/vsftpd/conf_dir/ftpuser2 给虚拟用户单独的上传权限
[root@localhost vftpdir]# cat /etc/vsftpd/conf_dir/ftpuser2 ftpuser2可以上传
anon_upload_enable=YES
[root@localhost vftpdir]# systemctl restart vsftpd
[root@localhost vftpdir]# lftp 172.25.254.221 -u ftpuser3
Password:
lftp ftpuser3@172.25.254.221:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:12 ftpuser3file
drwxrwxr-x 2 0 1001 6 May 06 07:40 pub
lftp ftpuser3@172.25.254.221:/> cd /pub
lftp ftpuser3@172.25.254.221:/pub> ls
lftp ftpuser3@172.25.254.221:/pub> put /etc/group 不可以上传因为没有权限
put: Access failed: 550 Permission denied. (group)
lftp ftpuser3@172.25.254.221:/pub> quit
[root@localhost vftpdir]# lftp 172.25.254.221 -u ftpuser2
Password:
lftp ftpuser2@172.25.254.221:~> ls
-rw-r--r-- 1 0 0 0 May 06 07:12 ftpuser2file
drwxrwxr-x 2 0 1001 6 May 06 07:40 pub
lftp ftpuser2@172.25.254.221:/> cd /pub
lftp ftpuser2@172.25.254.221:/pub> ls
lftp ftpuser2@172.25.254.221:/pub> put /etc/passwd 可以上传,有自己单独的权限
2048 bytes transferred
lftp ftpuser2@172.25.254.221:/pub> ls
-rw------- 1 1001 1001 2048 May 06 07:52 passwd
lftp ftpuser2@172.25.254.221:/pub> quit