-
LDAP 的配置见:
-
查看当前
isi ftp list
配置:
accept-timeout 60
allow-anon-access NO
allow-anon-upload NO
allow-dirlists YES
allow-downloads YES
allow-local-access YES
allow-writes YES
always-chdir-homedir YES
anon-chown-username ftp
anon-root-path /ifs/home/ftp
anon-umask 077
ascii-mode off
connect-timeout 60
data-timeout 300
dirlist-localtime NO
dirlist-names hide
file-create-perm 0666
local-root-path /ifs/home/ftp
local-umask 002
server-to-server NO
session-support YES
session-timeout 300
user-config-dir /ifs/data/ftp-role
denied-user-list (none)
limit-anon-passwords NO
anon-password-list (disabled)
chroot-local-mode All local users chrooted; exception list inactive
chroot-exception-list (none)
- 关键配置
isi ftp --help
:
isi ftp local-root-path --value "/ifs/home/ftp"
isi ftp local-umask --value 002
isi ftp anon-chown-username --value ftp
isi ftp allow-anon-upload NO
isi ftp always-chdir-homedir NO
isi ftp chroot-local-mode all
isi ftp ls
# 重启服务的方法:
isi services -a vsftpd disable
isi services -a vsftpd enable
- 创建用户
bash /ifs/data/create-ftpuser.sh higkoo
后即可使用LDAP
帐号登录使用:
#!/usr/bin/env bash
/bin/cp -fv /ifs/data/ftp-role/higkoo /ifs/data/ftp-role/${1}
/bin/mkdir -pv /ifs/home/ftp/${1}
/usr/sbin/chown ${1} /ifs/home/ftp/${1}
exit 0
由于 /ifs 指定了 noexec 选项,所以放在 /ifs 目录下的脚本都不能直接运行。
OneFS on /ifs (efs, local, noatime, noexec)
- 用户的模板配置
/ifs/data/ftp-role/higkoo
示例:
guest_enable=YES
guest_username=ftp
virtual_use_local_privs=YES
user_sub_token=$USER
chroot_local_user=YES
local_root=/ifs/home/ftp/$USER
anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=NO
- 这样就实现了一个公有
ftp
服务啦,只要有ldap
帐号就有自己的目录。 - 再实现
web
+ldap
+webdav
访问特定目录,就爽歪歪了。