问题:

三个部门分别上传自己的交易数据,为了数据的安全,均限制了下载、删除功能;

财务部进行对账,可以查看和下载其他三部门的数据。

采用 vsftpd 虚拟用户实现。

图例:

vsftpd 小案例一枚_第1张图片

脚本:

自己粗略的写了个脚本,方便以后使用。

#!/bin/bash
#
#generated by kevin@orient
#email to [email protected]
#this project just use vsftpd to set up sharing folders.
echo -e "\n"
echo -e "\e[1;31m There are 6 steps need to be done! \e[0m"
echo -e "\n"
#first step
echo -e "\e[1;32m First step(1/6): Get the variables(获取变量) \e[0m"
ftpdir=/etc/vsftpd
pubdir=/var/ftp
chrootfile=/etc/vsftpd/chroot_list
read -s -p "Please input the CCB's password: " ccbpass
echo -e "\n"
read -s -p "Please input the BC's password: " bcpass
echo -e "\n"
read -s -p "Please input the ABC's password: " abcpass
echo -e "\n"
read -s -p "Please input the ShangTong's password: " stpass
echo -e "\n"
#second step
echo -e "\e[1;32m Second step(2/6): Create the users and groups(创建用户和组) \e[0m"
#users and groups
`which groupadd` ftpuser
`which useradd` -s /sbin/nologin vsftpd
`which useradd` -G ftpuser -d /var/ftp/ccb -s /sbin/nologin ftp_ccb
`which useradd` -G ftpuser -d /var/ftp/bc -s /sbin/nologin ftp_bc
`which useradd` -G ftpuser -d /var/ftp/abc -s /sbin/nologin ftp_abc
`which useradd` -G ftpuser,ftp_ccb,ftp_bc,ftp_abc -d /var/ftp/st -s /sbin/nologin ftp_st
#third step
echo -e "\e[1;32m Third step(3/6): Package Dependencies(安装相关软件) \e[0m"
#Package Dependencies
yum install vsftpd pam db4 db4-devel db4-utils -y
#step four
echo -e "\e[1;32m Fourth step(4/6): Selinux and Iptables(SELINUX和防火墙) \e[0m"
#selinux iptables service
chkconfig vsftpd on
setenforce 0
iptables -F && service iptables save
#step five
echo -e "\e[1;32m Fifth step(5/6): Create userdb(创建用户数据) \e[0m"
#db_load
cat > /etc/vsftpd/vuser.txt << EOF
ccb
$ccbpass
bc
$bcpass
abc
$abcpass
st
$stpass
EOF
db_load -T -t hash -f /etc/vsftpd/vuser.txt /etc/vsftpd/vuser.db
chmod 600 $ftpdir/vuser.txt
if [ -f /lib64/security/pam_userdb.so ];then
 cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
 echo "auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" > /etc/pam.d/vsftpd
 echo "account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" >> /etc/pam.d/vsftpd
else
 echo "auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" > /etc/pam.d/vsftpd
        echo "account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" >> /etc/pam.d/vsftpd
fi
#step six
echo -e "\e[1;32m First step(6/6): Configuration(配置数据) \e[0m"
echo "ccb" > $chrootfile
echo "bc" >> $chrootfile
echo "abc" >> $chrootfile
echo "st" >> $chrootfile
sed -e "s/anonymous_enable=YES/anonymous_enable=NO/g" $ftpdir/vsftpd.conf
cat >> $ftpdir/vsftpd.conf << EOF
#added
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=vsftpd
async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=YES
chroot_list_file=$ftpdir/chroot_list
guest_enable=yes
virtual_use_local_privs=YES
user_config_dir=$ftpdir/vuser_config
EOF
#log dir
touch /var/log/vsftpd.log
`which chown` vsftpd.vsftpd /var/log/vsftpd.log
#make configure
mkdir $ftpdir/vuser_config
cd $ftpdir/vuser_config
cat > abc << EOF
download_enable=NO
guest_enable=YES
guest_username=ftp_abc
local_root=/var/ftp/abc
max_clients=10
max_per_ip=5
local_max_rate=100000
cmds_allowed=ABOR,APPE,CWD,CDUP,FEAT,LIST,MKD,MDTM,PASS,PASV,PWD,QUIT,RETR,REST,STOR,STRU,TYPE,USER
EOF
sed -e "s/abc/bc/g" abc > bc
sed -e "s/abc/ccb/g" abc > ccb
sed -e "s/abc/st/g" abc > st
sed -i "s/\/var\/ftp\/st/\/var\/ftp/g" st
sed -i "1d" st
#dirs of ftp
chmod 750 $pubdir/{abc,bc,ccb}
#vsftpd service start
service vsftpd restart
echo -e "\n"
if [ $? -eq 0 ];then
 echo -e "\e[1;32m Successful installed!i(安装成功!)\e[0m"
else
 echo -e echo -e "\e[1;31m Warning! Error!(安装失败!)\e[0m"
 exit 1
fi
echo -e "\n"
 

写下做个记录方便以后查看,脚本中代码执行时间长的语句(这里指的是useradd创建指定家目录用户)执行不成功,只有再次执行脚本才能创建好。希望知道怎么解决的哥们儿给个意见,暂不考虑写到条件语句中限制下一步操作,这里先谢谢了,QQ345258361