FTP服务器限制用户磁盘配额

项目要求

匿名用户可以看到公司的公共文档，但不能上传，本地账号拥有自己的私有空间，限制为10M,同时在线用户数量100，每用户连接数2，

本地速率1M/S,匿名100k/s,ftp服务器只能在上班时间访问（08-20：00）

3、FTP服务器

[root@mail ~]# yum install vsftp -y

3.1 用户限制配额

[root@mail ~]# fdisk –l --查看新硬盘的名称

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel

Building a new DOS disklabel. Changes will remain in memory only,

until you decide to write them. After that, of course, the previous

content won't be recoverable.

The number of cylinders for this disk is set to 1044.

There is nothing wrong with that, but this is larger than 1024,

and could in certain setups cause problems with:

1) software that runs at boot time (e.g., old versions of LILO)

2) booting and partitioning software from other OSs

   (e.g., DOS FDISK, OS/2 FDISK)

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Command (m for help): m

Command action

   a   toggle a bootable flag

   b   edit bsd disklabel

   c   toggle the dos compatibility flag

   d   delete a partition

   l   list known partition types

   m   print this menu

   n   add a new partition

   o   create a new empty DOS partition table

   p   print the partition table

   q   quit without saving changes

   s   create a new empty Sun disklabel

   t   change a partition's system id

   u   change display/entry units

   v   verify the partition table

   w   write table to disk and exit

   x   extra functionality (experts only)

Invalid partition number for type `1'

Command action

   e   extended

   p   primary partition (1-4)

p

Partition number (1-4): 1

First cylinder (1-1044, default 1): 1

Last cylinder or +size or +sizeM or +sizeK (1-1044, default 1044): 1044

Command (m for help): p

Disk /dev/sdb: 8589 MB, 8589934592 bytes

255 heads, 63 sectors/track, 1044 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System

/dev/sdb1               1        1044     8385898+  83  Linux

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.

[root@mail ~]# mkfs -t ext3 /dev/sdb1

3.2 添加永久挂载

[root@mail ftp]# mkdir /mnt/ftp

[root@mail~]#vim /etc/fstab

[root@mail ~]# mount -a --或者重启

[root@mail ~]# mount

/dev/sda2 on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/sda1 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

/dev/sdb1 on /mnt/ftp type ext3 (rw,usrquota)

3.3 检查配额

[root@mail ~]# quotacheck -augvc

[root@mail ~]# cd /mnt/ftp/

[root@mail ftp]# ll

总计 24

-rw------- 1 root root  6144 08-11 22:36 aquota.user

drwx------ 2 root root 16384 08-11 22:31 lost+found

3.4 配额应用

[root@mail ftp]# edquota -u user1

[root@mail ftp]# edquota -u user2

3.5 启用配额

[root@mail ftp]# quotaon /dev/sdb1

开机启动选项

[root@mail ftp]# vim /etc/rc.d/rc.local

touch /var/lock/subsys/local

quotaon /dev/sdb1

3.6 ftp服务器的配置

[root@mail ftp]# mkdir public

[root@mail ftp]# cd public/

[root@mail public]# touch f1

[root@mail public]# touch f2

[root@mail public]# cd ../

[root@mail ftp]# mkdir home

[root@mail ftp]# ll

总计 32

-rw------- 1 root root  7168 08-11 22:53 aquota.user

drwxr-xr-x 2 root root  4096 08-11 22:56 home

drwx------ 2 root root 16384 08-11 22:31 lost+found

drwxr-xr-x 2 root root  4096 08-11 22:55 public

3.7 移动用户家目录

[root@mail ftp]# mv /home/* /mnt/ftp/home/

[root@mail ftp]# vim /etc/passwd

3.8 新建本地用户更改目录

root@mail ftp]# useradd -D -b /mnt/ftp/home

[root@mail ftp]# useradd user4 --新建用户家目录存放在新盘上

[root@mail ftp]# passwd user4

[root@mail ftp]# vim /etc/passwd

3.9 更改匿名用户登录目录

[root@mail ftp]# vim /etc/vsftpd/vsftpd.conf

115 anon_root=/mnt/ftp/public

[root@mail ftp]# service vsftpd restar

3.10 配额的使用

[root@mail ftp]# dd if=/dev/zero of=f1 bs=1M count=5

[root@mail ftp]# dd if=/dev/zero of=f2 bs=1M count=5

[root@mail ftp]# dd if=/dev/zero of=f3 bs=1M count=5

[root@mail ftp]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user1

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> !dir

aquota.user  f1  f2  f3  home  lost+found  public

ftp> put f1

local: f1 remote: f1

227 Entering Passive Mode (127,0,0,1,177,81)

150 Ok to send data.

451 Failure writing to local file.

5242880 bytes sent in 4.9 seconds (1.1e+03 Kbytes/s)

ftp> put f2

local: f2 remote: f2

227 Entering Passive Mode (127,0,0,1,249,95)

150 Ok to send data.

226 File receive OK.

5242880 bytes sent in 5 seconds (1e+03 Kbytes/s)

ftp> put f3

local: f3 remote: f3

227 Entering Passive Mode (127,0,0,1,56,142)

150 Ok to send data.

451 Failure writing to local file.

ftp> bye

[root@mail ftp]# quota user1

Disk quotas for user user1 (uid 2002):

     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace

      /dev/sdb1   10000*  10000   10000              13       0       0       

3.11用户访问ftp的限制

[root@mail ftp]# vim /etc/vsftpd/vsftpd.conf

115 anon_root=/mnt/ftp/public --匿名用户访问ftp的目录

116 max_clients=100 --最大用户连接数100

117 max_per_ip=2 --用户主机最大连接数是2

118 local_max_rate=1000000 --本地速率1m/s

119 anon_max_rate=100000 --匿名用户100k/s

[root@mail ftp]# service vsftpd restart

3.12 ftp限制测试

本地用户速率测试

[root@mail ftp]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user1

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> dir

227 Entering Passive Mode (127,0,0,1,39,22)

150 Here comes the directory listing.

-rw-r--r--    1 2002     2002      4931584 Aug 11 15:14 f1

-rw-r--r--    1 2002     2002      5242880 Aug 11 15:14 f2

-rw-r--r--    1 2002     2002            0 Aug 11 15:14 f3

-rw-------    1 2002     2002          472 Aug 11 11:07 mbox

226 Directory send OK.

ftp> get f1

local: f1 remote: f1

227 Entering Passive Mode (127,0,0,1,184,104)

150 Opening BINARY mode data connection for f1 (4931584 bytes).

226 File send OK.

4931584 bytes received in 5 seconds (9.7e+02 Kbytes/s)

ftp>

3.13匿名用户测试

[root@mail ftp]# cp -p f3 /mnt/ftp/public/

[root@mail ftp]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): anonymous

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> dir

227 Entering Passive Mode (127,0,0,1,109,39)

150 Here comes the directory listing.

-rw-r--r--    1 0        0               0 Aug 11 14:55 f1

-rw-r--r--    1 0        0               0 Aug 11 14:55 f2

-rw-r--r--    1 0        0         5242880 Aug 11 15:13 f3

226 Directory send OK.

ftp> get f3

local: f3 remote: f3

227 Entering Passive Mode (127,0,0,1,26,82)

150 Opening BINARY mode data connection for f3 (5242880 bytes).

226 File send OK.

5242880 bytes received in 52 seconds (99 Kbytes/s)

ftp>

3.14 用户连接数测试

3.15 超级守护进程

通过守护进程限制访问ftp的时间

[root@mail ~]# vim /etc/vsftpd/vsftpd.conf

109 listen=NO

[root@mail ~]# cd /etc/xinetd.d/

[root@mail xinetd.d]# cp /usr/share/doc/vsftpd-2.0.5/vsftpd.xinetd  vsftpd

[root@mail xinetd.d]# vim vsftpd

[root@mail xinetd.d]# date

2012年 09月 20日 星期四 19:18:56 CST

[root@mail xinetd.d]# date 092023002012

2012年 09月 20日 星期四 23:00:00 CST

转载于:https://blog.51cto.com/zhangzhenzz/1003989