pure-ftp部署及优化

pure-ftpd 官网 http://www.pureftpd.org/project/pure-ftpd

ftp服务器上:

[root@ client mnt]# cd /usr/local/src/

[root@ client src]#wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.40.tar.gz

[root@ client src]# tar zxvf pure-ftpd-1.0.40.tar.gz

[root@ client src]# cd pure-ftpd-1.0.40

[root@ client pure-ftpd-1.0.40]# ls

[root@ client pure-ftpd-1.0.40]# ./configure \

--prefix=/usr/local/pureftpd \

--without-inetd \

--with-altlog \

--with-puredb \

--with-throttling \

--with-peruserlimits  \

--with-tls

 

 

[root@ client pure-ftpd-1.0.40]# make

[root@client pure-ftpd-1.0.40]# make install

[root@client pure-ftpd-1.0.40]# ls /usr/local/pureftpd/

bin  sbin  share

[root@client pure-ftpd-1.0.40]# mkdir -p /usr/local/pureftpd/etc/

[root@client pure-ftpd-1.0.40]# cd configuration-file

[root@client configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc/pure-ftpd.conf

[root@client configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin/pure-config.pl

[root@client configuration-file]# chmod 755 /usr/local/pureftpd/sbin/pure-config.pl

[root@client configuration-file]# vim /usr/local/pureftpd/etc/pure-ftpd.conf

ChrootEveryone              yes

BrokenClientsCompatibility  no

MaxClientsNumber            50

Daemonize                   yes

MaxClientsPerIP             8

VerboseLog                  no

DisplayDotFiles             yes

AnonymousOnly               no

NoAnonymous                 no

SyslogFacility              ftp

DontResolve                 yes

MaxIdleTime                 15

PureDB                        /usr/local/pureftpd/etc/pureftpd.pdb

LimitRecursion              3136 8

AnonymousCanCreateDirs      no

MaxLoad                     4

AntiWarez                   yes

Umask                       133:022

MinUID                      100

AllowUserFXP                no

AllowAnonymousFXP           no

ProhibitDotFilesWrite       no

ProhibitDotFilesRead        no

AutoRename                  no

AnonymousCantUpload         no

PIDFile                     /usr/local/pureftpd/var/run/pure-ftpd.pid

MaxDiskUsage               99

CustomerProof              yes

 

[root@client configuration-file]# mkdir /tmp/ftp

[root@client configuration-file]# tail /etc/passwd

tom:x:500:500::/home/tom:/bin/bash

[root@client configuration-file]# chown -R tom:tom /tmp/ftp/

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw useradd ftpuser1  -utom -d /tmp/ftp

Password:

Enter it again:

//创建虚拟用户

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw mkdb

//创建密码文件

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw list

ftpuser1            /tmp/ftp/./

//列出用户

 

[root@client configuration-file]# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

//启动

 

[root@client configuration-file]# /etc/init.d/rpcbind stop

[root@client configuration-file]# /etc/init.d/nfs stop

 

[root@client configuration-file]# ps aux |grep pure

root     31728  0.0  0.0   9248   600 ?        Ss   17:27   0:00 pure-ftpd (SERVER)                                        

root     31730  0.0  0.0   4356   748 pts/0    S+   17:28   0:00 grep pure

[root@client configuration-file]# netstat -lnp |grep ftp

tcp     0    0 0.0.0.0:21             0.0.0.0:*        LISTEN      31728/pure-ftpd (SE

tcp     0      0 :::21             :::*               LISTEN     31728/pure-ftpd (SE

 

 

[root@client configuration-file]# lftp [email protected]

Password:

lftp [email protected]:~> ls

drwxr-xr-x    2 500        tom              4096 Jul 21 16:28 .

drwxr-xr-x    2 500        tom              4096 Jul 21 16:28 ..

lftp [email protected]:~> mkdir 123

mkdir ok, `123' created

lftp [email protected]:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:36 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:36 ..

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

lftp [email protected]:/> quit

 

[root@client configuration-file]# ls /tmp/ftp/

123

[root@client configuration-file]# tail /var/log/messages

[root@client configuration-file]# cd /tmp/ftp/

[root@client ftp]# touch 12.txt

[root@client ftp]# vim 12.txt

12123

 

另一台客户端登入:

[root@wangchao ~]#  lftp [email protected]

Password:

lftp [email protected]:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:38 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:38 ..

-rw-r--r--    1 0          0                   6 Jul 21 16:38 12.txt

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

lftp [email protected]:/> ?             //查看有哪些命令

lftp [email protected]:/> get 12.txt

6 bytes transferred

lftp [email protected]:/> quit

[root@wangchao ~]# cat 12.txt

12123

[root@wangchao ~]# vim 11.txt

555555555

[root@wangchao ~]#  lftp [email protected]

lftp [email protected]:~> put 11.txt

10 bytes transferred

lftp [email protected]:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:48 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:48 ..

-rw-r--r--    1 500        tom                10 Jul 20 19:28 11.txt

-rw-r--r--    1 0          0                   6 Jul 21 16:38 12.txt

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

//上传成功

 

 

 

服务端:

[root@client ftp]# ls

11.txt  123  12.txt

[root@client ftp]# cat 11.txt                //查看上传的文件成功了

555555555

 

 

 

vsftp部署及优化

[root@client ftp]# yum install -y vsftp

[root@client ftp]# killall pure-ftpd

[root@client ftp]# /etc/init.d/vsftpd start

[root@client ftp]# lftp [email protected]

Password:

lftp [email protected]:~> ls

lftp [email protected]:~>

//无文件

 

[root@client ~]# ls /home/tom/                      //因为他的家目录下无任何文件

You have new mail in /var/spool/mail/root

[root@client ~]# touch /home/tom/112.txt

[root@client ~]# mkdir /home/tom/aabb

[root@client tom]# ls

112.txt  aabb

 

 

客户端登入:

//查看已创建了文件

[root@wangchao ~]# lftp [email protected]

lftp [email protected]:~> ls

-rw-r--r--    1 0        0               0 Jul 21 09:06 112.txt

drwxr-xr-x    2 0        0            4096 Jul 21 09:06 aabb

lftp [email protected]:~> cd /etc/

cd ok, cwd=/etc

lftp [email protected]:/etc>

lftp [email protected]:/etc> ls                          

//进入etc目录下,此操作权限过大,存在安全隐患

 

服务端配置:

[root@client tom]# vim /etc/vsftpd/vsftpd.conf

chroot_local_user=YES

[root@client tom]# /etc/init.d/vsftpd restart

 

 

 

 

客户端登入:

[root@wangchao ~]# lftp [email protected]

Password:

lftp [email protected]:~> cd /etc/

cd: Access failed: 550 Failed to change directory. (/etc)

lftp [email protected]:/> cd /tmp/

cd: Access failed: 550 Failed to change directory. (/tmp)

lftp [email protected]:/> pwd

ftp://[email protected]/

lftp [email protected]:/> ls

-rw-r--r--    1 0        0               0 Jul 21 09:06 112.txt

drwxr-xr-x    2 0        0            4096 Jul 21 09:06 aabb

//访问仅限在该目录下

 

 

 

 

 

建虚拟用户

[root@client tom]# useradd virftp -s /sbin/nologin

[root@client tom]# vim /etc/vsftpd/vsftpd_login           //创建用户密码文件

test1

111222

test2

aaa111

[root@client tom]# chmod 600 /etc/vsftpd/vsftpd_login

[root@client tom]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db

 

创建虚拟账号

[root@client tom]# mkdir /etc/vsftpd/vsftpd_user_conf

[root@client tom]# cd !$

cd /etc/vsftpd/vsftpd_user_conf

[root@client vsftpd_user_conf]# vim test1

local_root=/home/virftp/test1

anonymous_enable=NO

write_enable=YES

local_umask=022

anon_upload_enable=NO

anon_mkdir_write_enable=NO

idle_session_timeout=600

data_connection_timeout=120

max_clients=10

max_per_ip=5

local_max_rate=50000

 

 

 

[root@client vsftpd_user_conf]# mkdir /home/virftp/test1     //创建该家目录

[root@client vsftpd_user_conf]# chown -R virftp:virftp !$

chown -R virftp:virftp /home/virftp/test1

[root@client vsftpd_user_conf]# vim /etc/pam.d/vsftpd

auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

 

//最开头两行添加,如果是64位系统改为/lib64/security/pam_userdb.so/lib64/security/pam_userdb.so

 

[root@client vsftpd_user_conf]# cat /etc/pam.d/vsftpd        //确保文件中写的目录存在

[root@client vsftpd_user_conf]# ls /lib/security/pam_userdb.so

/lib/security/pam_userdb.so                            //存在

 

[root@client vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf

anonymous_enable=NO                      //匿名用户不能登入

local_enable=YES                           //本地系统用户可登入

anon_upload_enable=NO                    //匿名不可上传

anon_mkdir_write_enable=NO               //匿名不可创建

 

chroot_local_user=YES

guest_enable=YES                          //使虚拟用户可登入

guest_username=virftp                      // guest用户为virftp

virtual_use_local_privs=YES

user_config_dir=/etc/vsftpd/vsftpd_user_conf        //指定虚拟用户所在配置文件

 

[root@client vsftpd_user_conf]# /etc/init.d/vsftpd restart

[root@client vsftpd_user_conf]# cat /etc/vsftpd/vsftpd_login

test1

111222

test2

aaa111

[root@client vsftpd_user_conf]# lftp [email protected]

Password:

lftp [email protected]:~> ls

lftp [email protected]:/> pwd

ftp://[email protected]/

[root@client vsftpd_user_conf]# cd /home/virftp/test1/

[root@client test1]# ls

[root@client test1]# touch 2.txt

[root@client test1]# mkdir 123

[root@client test1]# lftp [email protected]

Password:

lftp [email protected]:~> ls

drwxr-xr-x    2 0        0            4096 Jul 21 10:13 123

-rw-r--r--    1 0        0               0 Jul 21 10:13 2.txt

//查看创建文件成功