VSFTP简介
VSFTP是一个基于GPL发布的类Unix系统上使用的FTP服务器软件,它的全称是Very Secure FTP。
软件安装
yum install vsftpd mariadb-server mariadb-devel pam-devel -y
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
tar xf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure --with-pam=/usr --with-mysql=/usr --with-pam-mods-dir=/usr/lib64/security
make -j 4 && make install
配置数据库
配置my.cnf
vim /etc/my.cnf
[mysqld]
innodb_file_per_table = 1
skip_name_resolve=1
log_bin=mysql-bin
启动mariadb
systemctl start mariadb.service
systemctl enable mariadb.service
建立数据用户授权
mysql
grant all on vsftpd.* to 'vsftpd'@'l27.0.0.1' identified by 'vsftpd';
grant all on vsftpd.* to 'vsftpd'@'localhost' identified by 'vsftpd';
建数据库
mysql -uvsftpd -pvsftpd -hlocalhost
create database vsftpd;
建立表
use vsftpd;
create table users(id int unsigned not null auto_increment primary key, name varchar(100) not null,password char(48) not null,unique key(name));
desc users;
建FTP登录授权账号
insert into users (name,password) values ('ftp1',password('ftp1')), ('ftp2',password('ftp2'));
配置Vsftp
创建系统用户vuser
mkdir -pv /ftproot
useradd -d /ftproot/vuser vuser
创建目录授权
mkdir -pv /ftproot/vuser/{pub,upload}
chmod a-w /ftproot/vuser
配置vsftpd.vusers
vim /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
crypt=0:表示口令使用明文方式保存在数据库中
crypt=1:表示口令使用UNIX的DES加密方式加密后保存在数据库中
crypt=2:表示口令使用MySQL的password()函数加密后保存在数据库中
crypt=3:表示口令使用MD5散列值的方式保存在数据库中
配置vsftpd.conf
cp /etc/vsftpd/vsftpd.conf{,.back}
vim /etc/vsftpd/vsftpd.conf
guest_enable=YES #开启虚拟用户
guest_username=vuser #FTP虚拟用户对应的系统用户,需要创建系统用户
pam_service_name=vsftpd.vusers #PAM认证文件 这里是手动建立的pam认证文件名
user_config_dir=/etc/vsftpd/vusers_config/
虚拟用户权限
chown vuser.vuser /ftproot/vuser/upload
mkdir -pv /etc/vsftpd/vusers_config
touch /etc/vsftpd/vusers_config/{ftp1,ftp2}
vim /etc/vsftpd/vusers_config/ftp1
anon_upload_enable=YES
vim /etc/vsftpd/vusers_config/ftp2
anon_upload_enable=YES
anon_mkdir_write_enable=YES
启动vsftpd服务
systemctl start vsftpd.service
systemctl enable vsftpd.service
登录验证
ftp1
ftp 10.120.123.11
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp1
331 Please specify the password.
Password:
230 Login successful.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> put issue
local: issue remote: issue
ftp> ls
227 Entering Passive Mode (10,120,123,11,130,37).
150 Here comes the directory listing.
-rw------- 1 1000 1000 23 Apr 20 08:24 issue
-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.
ftp> mkdir 123
550 Permission denied.
ftp> rm issue
550 Permission denied.
ftp2
ftp 10.120.123.11
Connected to 10.120.123.11 (10.120.123.11).
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode (10,120,123,11,36,210).
150 Ok to send data.
226 Transfer complete.
465 bytes sent in 7e-05 secs (6642.86 Kbytes/sec)
ftp> mkdir ftp2
257 "/upload/jerry" created
ftp> ls
227 Entering Passive Mode (10,120,123,11,27,190).
150 Here comes the directory listing.
-rw------- 1 1000 1000 465 Apr 20 08:29 fstab
-rw------- 1 1000 1000 23 Apr 20 08:24 issue
drwx------ 2 1000 1000 6 Apr 20 08:30 ftp2
-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.
配置防火墙
加载模块p_conntrack_ftp、ip_nat_ftp
vim /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"
IPTABLES_MODULES="ip_nat_ftp
vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
启动防火墙
systemctl restart iptables.service