最近在研究sftp 搞得自己焦头烂额,整理出一个创建sftp的脚本,供大家参考,本人没怎么写过shell脚本,都是百度拼出来的。。写的不好之处,请多多体谅
1.检查vsftpd是否安装
rpm -qa |grep vsftp
服务器有vsftp示例图
如果有vsftp,可以看sshd_config是否有改动,修改后示例
#Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Subsystem sftp internal-sftp
Match Group sftptest
ChrootDirectory %h
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp
没有vsftp,执行以下操作就可以了
yum install vsftpd
安装vsftpd,根据脚本执行就可以了
#! /bin/bash
usage()
{
echo "usage============================================================"
echo -e "$0 [-u] [-h] [-H] [-p] [-a] [-g] [-P] "
echo -e "-u, 用户名 "
echo -e "-h, 家目录前缀 eg:/test/abc"
echo -e "-p, 用户密码"
echo -e "-P, 端口 选填"
echo -e "-g, 用户组 选填,默认为sftp"
echo -e "-a, 家目录权限 选填 默认750"
echo -e "-H, 帮助 eg:sh addsftpuser.sh -a 700 -u test -h /group/test -p 123"
echo "================================================================="
exit 1
}
while getopts u:h:H:p:P:g:a: OPTION
do
case $OPTION in
u)
user=$OPTARG
;;
h)
homepre=$OPTARG
;;
H)
usage
;;
p)
password=$OPTARG
;;
P)
port=$OPTARG
;;
g)
group=$OPTARG
;;
a)
auth=$OPTARG
;;
?)
usage
;;
esac
done
if test ! ${user};then
usage
exit 1
fi
if test ! ${password};then
usage
exit 1
fi
if test ! ${group};then
group=sftp
fi
if test ${port};then
sed -i "s|#Port|Port|" /etc/ssh/sshd_config
oldport=$(awk '/^Port/{print $2}' /etc/ssh/sshd_config)
sed -i "s|Port ${oldport}|Port ${port} |" /etc/ssh/sshd_config
echo "sftp端口修改成功"
fi
groupadd ${group}
system=$(awk '/^Subsystem/{print $3}' /etc/ssh/sshd_config)
if [ ${system} != "internal-sftp" ];then
echo "初始化sshd_config开始..."
sed -i 's|Subsystem|#Subsystem|' /etc/ssh/sshd_config
echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
echo "Match Group ${group}" >> /etc/ssh/sshd_config
echo "ChrootDirectory %h" >> /etc/ssh/sshd_config
echo "AllowTcpForwarding no" >> /etc/ssh/sshd_config
echo "X11Forwarding no" >> /etc/ssh/sshd_config
echo "ForceCommand internal-sftp" >> /etc/ssh/sshd_config
echo "初始化sshd_config结束..."
fi
sftps=$(awk '/^Match/{print $3}' /etc/ssh/sshd_config)
if [[ ${sftps} =~ ${group} ]];
then
echo "-------------------------"
else
sed -i "s|Match Group ${sftps}|Match Group ${sftps},${group}|" /etc/ssh/sshd_config
fi
sftp=$group
echo "`systemctl restart sshd.service`"
#判断文件夹是否存在 -d
if [[ ! -d "$homepre" ]]; then
mkdir ${homepre}
fi
home="$homepre/$user"
# 创建sftp用户
useradd -d $home -m -g $sftp -s /bin/false $user
if [ $? -eq 0 ];then
echo " 创建${user}用户成功"
else
echo " 创建用户失败"
exit 1
fi
echo "$password" | passwd --stdin "$user"
if [ $? -eq 0 ];then
echo " 密码设置成功"
else
echo " 密码设置失败"
exit 1
fi
#家目录权限 750
auth=${auth:-750}
chmod ${auth} ${home}
if [ $? -eq 0 ];then
echo " 设置家目录权限:${auth}成功"
else
echo " 设置家目录权限:${auth}失败"
fi
#数据主目录用户权限
chown ${user}:${sftp} $home
if [ $? -eq 0 ];then
echo " 设置数据目录属主 ${user}:sftp成功"
else
echo " 设置数据目录属主 ${user}:sftp失败"
fi
#数据主目录root权限
chown root:${sftp} $home
if [ $? -eq 0 ];then
echo " 设置家目录属主 root:sftp成功"
else
echo " 设置家目录属主 root:sftp失败"
fi
echo "-----------------------------"
echo "用户名为:${user}"
echo "密码为: ${password}"
echo "sftp端口:${port}"
echo "用户家目录为: ${home}"