VSFTP簡介
VSFTP是一個基於GPL發佈的類Unix系統上使用的FTP服務器軟件,它的全稱是Very Secure FTP。
軟件安裝
yum install vsftpd mariadb-server mariadb-devel pam-devel -y
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
tar xf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure --with-pam=/usr --with-mysql=/usr --with-pam-mods-dir=/usr/lib64/security
make -j 4 && make install配置數據庫
配置my.cnf
vim /etc/my.cnf
[mysqld]
innodb_file_per_table = 1
skip_name_resolve=1
log_bin=mysql-bin啓動mariadb
systemctl start mariadb.service
systemctl enable mariadb.service建立數據用戶授權
mysql
grant all on vsftpd.* to 'vsftpd'@'l27.0.0.1' identified by 'vsftpd';
grant all on vsftpd.* to 'vsftpd'@'localhost' identified by 'vsftpd';建數據庫
mysql -uvsftpd -pvsftpd -hlocalhost
create database vsftpd;建立表
use vsftpd;
create table users(id int unsigned not null auto_increment primary key, name varchar(100) not null,password char(48) not null,unique key(name));
desc users;建FTP登錄授權賬號
insert into users (name,password) values ('ftp1',password('ftp1')), ('ftp2',password('ftp2'));配置Vsftp
創建系統用戶vuser
mkdir -pv /ftproot
useradd -d /ftproot/vuser vuser創建目錄授權
mkdir -pv /ftproot/vuser/{pub,upload}
chmod a-w /ftproot/vuser配置vsftpd.vusers
vim /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2crypt=0:表示口令使用明文方式保存在數據庫中
crypt=1:表示口令使用UNIX的DES加密方式加密後保存在數據庫中
crypt=2:表示口令使用MySQL的password()函數加密後保存在數據庫中
crypt=3:表示口令使用MD5散列值的方式保存在數據庫中
配置vsftpd.conf
cp /etc/vsftpd/vsftpd.conf{,.back}
vim /etc/vsftpd/vsftpd.conf
guest_enable=YES #開啓虛擬用戶
guest_username=vuser #FTP虛擬用戶對應的系統用戶,需要創建系統用戶
pam_service_name=vsftpd.vusers #PAM認證文件 這裏是手動建立的pam認證文件名
user_config_dir=/etc/vsftpd/vusers_config/虛擬用戶權限
chown vuser.vuser /ftproot/vuser/upload
mkdir -pv /etc/vsftpd/vusers_config
touch /etc/vsftpd/vusers_config/{ftp1,ftp2}vim /etc/vsftpd/vusers_config/ftp1
anon_upload_enable=YESvim /etc/vsftpd/vusers_config/ftp2
anon_upload_enable=YES
anon_mkdir_write_enable=YES啓動vsftpd服務
systemctl start vsftpd.service
systemctl enable vsftpd.service登錄驗證
ftp1
ftp 10.120.123.11
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp1
331 Please specify the password.
Password:
230 Login successful.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> put issue
local: issue remote: issue
ftp> ls
227 Entering Passive Mode (10,120,123,11,130,37).
150 Here comes the directory listing.
-rw------- 1 1000 1000 23 Apr 20 08:24 issue
-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.
ftp> mkdir 123
550 Permission denied.
ftp> rm issue
550 Permission denied.ftp2
ftp 10.120.123.11
Connected to 10.120.123.11 (10.120.123.11).
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode (10,120,123,11,36,210).
150 Ok to send data.
226 Transfer complete.
465 bytes sent in 7e-05 secs (6642.86 Kbytes/sec)
ftp> mkdir ftp2
257 "/upload/jerry" created
ftp> ls
227 Entering Passive Mode (10,120,123,11,27,190).
150 Here comes the directory listing.
-rw------- 1 1000 1000 465 Apr 20 08:29 fstab
-rw------- 1 1000 1000 23 Apr 20 08:24 issue
drwx------ 2 1000 1000 6 Apr 20 08:30 ftp2
-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.配置防火牆
加載模塊p_conntrack_ftp、ip_nat_ftp
vim /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"
IPTABLES_MODULES="ip_nat_ftpvim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT啓動防火牆
systemctl restart iptables.service