部署pureftp(file transfer protocol)

安装

[root@localhost ~]# yum install -y gcc openssl-devel perl-devel

[root@localhost ~]# cd /usr/local/src/

[root@localhost src]# wget https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.42.tar.gz

[root@localhost src]# tar zxvf pure-ftpd-1.0.42.tar.gz

[root@localhost src]# cd pure-ftpd-1.0.42

[root@localhost pure-ftpd-1.0.42]# ./configure --prefix=/usr/local/pureftpd --without-inetd --with-altlog --with-puredb --with-throttling --with-peruserlimits --with-tls

[root@localhost pure-ftpd-1.0.42]# make && make install


配置

[root@localhost pure-ftpd-1.0.42]# mkdir -p /usr/local/pureftpd/etc/

[root@localhost pure-ftpd-1.0.42]# cp /usr/local/src/pure-ftpd-1.0.42/configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/pure-ftpd.conf

[root@localhost pure-ftpd-1.0.42]# cp /usr/local/src/pure-ftpd-1.0.42/configuration-file/pure-config.pl /usr/local/pureftpd/sbin/pure-config.pl

[root@localhost pure-ftpd-1.0.42]# chmod 755 /usr/local/pureftpd/sbin/pure-config.pl

配置文件

[root@localhost pure-ftpd-1.0.42]# cat /usr/local/pureftpd/etc/pure-ftpd.conf | grep ^[a-zA-Z]

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous                 no
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
PureDB                        /usr/local/pureftpd/etc/pureftpd.pdb
LimitRecursion              3136 8
AnonymousCanCreateDirs      no
MaxLoad                     4
AntiWarez                   yes
Umask                       133:022
MinUID                      100
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
PIDFile                     /usr/local/pureftpd/var/run/pure-ftpd.pid
MaxDiskUsage               99
CustomerProof              yes

[root@localhost pure-ftpd-1.0.42]# mkdir -p /data/pure-ftp

[root@localhost pure-ftpd-1.0.42]# useradd -s /sbin/nologin pure-ftp

[root@localhost pure-ftpd-1.0.42]# chown -R pure-ftp /data/pure-ftp/

映射FTP用户

[root@localhost pure-ftpd-1.0.42]# /usr/local/pureftpd/bin/pure-pw useradd ftptest1 -upure-ftp -d /data/pure-ftp/

ftptest1  登陆ftp的虚拟用户

-upure-ftp  指定映射的系统用户pure-ftp

-d 用户FTP目录,指定用户登陆FTP直接到达的目录


创建用户密码库,每次增加用户都必须执行一次创建用户密码库命令

[root@localhost pure-ftpd-1.0.42]# /usr/local/pureftpd/bin/pure-pw mkdb

查看用户映射列表

[root@localhost pure-ftpd-1.0.42]# /usr/local/pureftpd/bin/pure-pw list

ftptest1            /data/pure-ftp/./

删除已经映射的FTP用户

[root@localhost pure-ftpd-1.0.42]# /usr/local/pureftpd/bin/pure-pw userdel ftptst1

启动FTP程序,前面是程序文件,后面是主配置文件

[root@localhost pure-ftpd-1.0.42]# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf


windows登陆FTP测试,默认端口是21,可以省略掉

ftp://username:password@hostname:port


查看日志

[root@localhost ~]# cat /var/log/messages


至此,pureftp部署完毕


部署VSFTP

安装VSFTP

[root@localhost ~]# yum install -y vsftpd

[root@localhost ~]# /etc/init.d/vsftpd restart

配置VSFTP

VSFTP主配置文件

[root@localhost ~]# ll /etc/vsftpd/vsftpd.conf

创建虚拟用户

[root@localhost ~]# useradd -s /sbin/nologin vsftp

创建用户密码文件

[root@localhost ~]# vi /etc/vsftpd/vsftpd_login

vsftp1

123456

vsftp2

abcdef

[root@localhost ~]# chmod 600 /etc/vsftpd/vsftpd_login

[root@localhost ~]# mkdir /etc/vsftpd/vsftpd_user_conf

创建虚拟用户配置文件,文件名必须与登陆用户名对应,每一个配置文件对应一个用户

[root@localhost ~]# vi /etc/vsftpd/vsftpd_user_conf/vsftp1

# 设置用户家目录

local_root=/home/vsftp/vsftp1

# 匿名登陆是否可用

anonymous_enable=NO

# 是否可写

write_enable=YES

local_umask=022

# 匿名用户是否可上传

anon_upload_enable=NO

# 匿名用户是否可写入

anon_mkdir_write_enable=NO

idle_session_timeout=600

data_connection_timeout=120

max_clients=10

max_per_ip=5

local_max_rate=50000

[root@localhost ~]# mkdir /home/vsftp/vsftp1

[root@localhost ~]# chown -R vsftp:vsftp /home/vsftp/vsftp1/

配置认证方式,增加2行,第2第3行,指定用户名密码db文件路,即上面生成用户密码文件后面所指定的路径/etc/vsftpd/vsftpd_login.db

[root@localhost ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0

auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

session    optional     pam_keyinit.so    force revoke

auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

auth       required     pam_shells.so

auth       include      password-auth

account    include      password-auth

session    required     pam_loginuid.so

session    include      password-auth

[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf

# 匿名用户是否可登陆

anonymous_enable=NO

# 本地用户是否可登陆

local_enable=YES

# 是否可写

write_enable=YES

local_umask=022

# 匿名用户是否可上传

anon_upload_enable=NO

# 匿名用户是否可mkdir

anon_mkdir_write_enable=NO

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_std_format=YES

# 限制不能跨目录访问

chroot_local_user=YES

listen=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

# 此项必须为YES,否则vsftp用户无法登陆

guest_enable=YES

guest_username=vsftp

virtual_use_local_privs=YES

# 虚拟用户配置文件目录

user_config_dir=/etc/vsftpd/vsftpd_user_conf

生成用户密码文件

[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db

[root@localhost ~]# /etc/init.d/vsftpd restart

至此,VSFTP配置完毕