pure-ftp部署及优化
pure-ftpd 官网 http://www.pureftpd.org/project/pure-ftpd
ftp服务器上:
[root@ client mnt]# cd /usr/local/src/
[root@ client src]#wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.40.tar.gz
[root@ client src]# tar zxvf pure-ftpd-1.0.40.tar.gz
[root@ client src]# cd pure-ftpd-1.0.40
[root@ client pure-ftpd-1.0.40]# ls
[root@ client pure-ftpd-1.0.40]# ./configure \
--prefix=/usr/local/pureftpd \
--without-inetd \
--with-altlog \
--with-puredb \
--with-throttling \
--with-peruserlimits \
--with-tls
[root@ client pure-ftpd-1.0.40]# make
[root@client pure-ftpd-1.0.40]# make install
[root@client pure-ftpd-1.0.40]# ls /usr/local/pureftpd/
bin sbin share
[root@client pure-ftpd-1.0.40]# mkdir -p /usr/local/pureftpd/etc/
[root@client pure-ftpd-1.0.40]# cd configuration-file
[root@client configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc/pure-ftpd.conf
[root@client configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin/pure-config.pl
[root@client configuration-file]# chmod 755 /usr/local/pureftpd/sbin/pure-config.pl
[root@client configuration-file]# vim /usr/local/pureftpd/etc/pure-ftpd.conf
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous no
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
LimitRecursion 3136 8
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133:022
MinUID 100
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload no
PIDFile /usr/local/pureftpd/var/run/pure-ftpd.pid
MaxDiskUsage 99
CustomerProof yes
[root@client configuration-file]# mkdir /tmp/ftp
[root@client configuration-file]# tail /etc/passwd
tom:x:500:500::/home/tom:/bin/bash
[root@client configuration-file]# chown -R tom:tom /tmp/ftp/
[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw useradd ftpuser1 -utom -d /tmp/ftp
Password:
Enter it again:
//创建虚拟用户
[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw mkdb
//创建密码文件
[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw list
ftpuser1 /tmp/ftp/./
//列出用户
[root@client configuration-file]# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
//启动
[root@client configuration-file]# /etc/init.d/rpcbind stop
[root@client configuration-file]# /etc/init.d/nfs stop
[root@client configuration-file]# ps aux |grep pure
root 31728 0.0 0.0 9248 600 ? Ss 17:27 0:00 pure-ftpd (SERVER)
root 31730 0.0 0.0 4356 748 pts/0 S+ 17:28 0:00 grep pure
[root@client configuration-file]# netstat -lnp |grep ftp
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 31728/pure-ftpd (SE
tcp 0 0 :::21 :::* LISTEN 31728/pure-ftpd (SE
[root@client configuration-file]# lftp [email protected]
Password:
lftp [email protected]:~> ls
drwxr-xr-x 2 500 tom 4096 Jul 21 16:28 .
drwxr-xr-x 2 500 tom 4096 Jul 21 16:28 ..
lftp [email protected]:~> mkdir 123
mkdir ok, `123' created
lftp [email protected]:/> ls
drwxr-xr-x 3 500 tom 4096 Jul 21 16:36 .
drwxr-xr-x 3 500 tom 4096 Jul 21 16:36 ..
drwxr-xr-x 2 500 tom 4096 Jul 21 16:36 123
lftp [email protected]:/> quit
[root@client configuration-file]# ls /tmp/ftp/
123
[root@client configuration-file]# tail /var/log/messages
[root@client configuration-file]# cd /tmp/ftp/
[root@client ftp]# touch 12.txt
[root@client ftp]# vim 12.txt
12123
另一台客户端登入:
[root@wangchao ~]# lftp [email protected]
Password:
lftp [email protected]:/> ls
drwxr-xr-x 3 500 tom 4096 Jul 21 16:38 .
drwxr-xr-x 3 500 tom 4096 Jul 21 16:38 ..
-rw-r--r-- 1 0 0 6 Jul 21 16:38 12.txt
drwxr-xr-x 2 500 tom 4096 Jul 21 16:36 123
lftp [email protected]:/> ? //查看有哪些命令
lftp [email protected]:/> get 12.txt
6 bytes transferred
lftp [email protected]:/> quit
[root@wangchao ~]# cat 12.txt
12123
[root@wangchao ~]# vim 11.txt
555555555
[root@wangchao ~]# lftp [email protected]
lftp [email protected]:~> put 11.txt
10 bytes transferred
lftp [email protected]:/> ls
drwxr-xr-x 3 500 tom 4096 Jul 21 16:48 .
drwxr-xr-x 3 500 tom 4096 Jul 21 16:48 ..
-rw-r--r-- 1 500 tom 10 Jul 20 19:28 11.txt
-rw-r--r-- 1 0 0 6 Jul 21 16:38 12.txt
drwxr-xr-x 2 500 tom 4096 Jul 21 16:36 123
//上传成功
服务端:
[root@client ftp]# ls
11.txt 123 12.txt
[root@client ftp]# cat 11.txt //查看上传的文件成功了
555555555
vsftp部署及优化
[root@client ftp]# yum install -y vsftp
[root@client ftp]# killall pure-ftpd
[root@client ftp]# /etc/init.d/vsftpd start
[root@client ftp]# lftp [email protected]
Password:
lftp [email protected]:~> ls
lftp [email protected]:~>
//无文件
[root@client ~]# ls /home/tom/ //因为他的家目录下无任何文件
You have new mail in /var/spool/mail/root
[root@client ~]# touch /home/tom/112.txt
[root@client ~]# mkdir /home/tom/aabb
[root@client tom]# ls
112.txt aabb
客户端登入:
//查看已创建了文件
[root@wangchao ~]# lftp [email protected]
lftp [email protected]:~> ls
-rw-r--r-- 1 0 0 0 Jul 21 09:06 112.txt
drwxr-xr-x 2 0 0 4096 Jul 21 09:06 aabb
lftp [email protected]:~> cd /etc/
cd ok, cwd=/etc
lftp [email protected]:/etc>
lftp [email protected]:/etc> ls
//进入etc目录下,此操作权限过大,存在安全隐患
服务端配置:
[root@client tom]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
[root@client tom]# /etc/init.d/vsftpd restart
客户端登入:
[root@wangchao ~]# lftp [email protected]
Password:
lftp [email protected]:~> cd /etc/
cd: Access failed: 550 Failed to change directory. (/etc)
lftp [email protected]:/> cd /tmp/
cd: Access failed: 550 Failed to change directory. (/tmp)
lftp [email protected]:/> pwd
ftp://[email protected]/
lftp [email protected]:/> ls
-rw-r--r-- 1 0 0 0 Jul 21 09:06 112.txt
drwxr-xr-x 2 0 0 4096 Jul 21 09:06 aabb
//访问仅限在该目录下
建虚拟用户
[root@client tom]# useradd virftp -s /sbin/nologin
[root@client tom]# vim /etc/vsftpd/vsftpd_login //创建用户密码文件
test1
111222
test2
aaa111
[root@client tom]# chmod 600 /etc/vsftpd/vsftpd_login
[root@client tom]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
创建虚拟账号
[root@client tom]# mkdir /etc/vsftpd/vsftpd_user_conf
[root@client tom]# cd !$
cd /etc/vsftpd/vsftpd_user_conf
[root@client vsftpd_user_conf]# vim test1
local_root=/home/virftp/test1
anonymous_enable=NO
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
max_per_ip=5
local_max_rate=50000
[root@client vsftpd_user_conf]# mkdir /home/virftp/test1 //创建该家目录
[root@client vsftpd_user_conf]# chown -R virftp:virftp !$
chown -R virftp:virftp /home/virftp/test1
[root@client vsftpd_user_conf]# vim /etc/pam.d/vsftpd
auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
//最开头两行添加,如果是64位系统改为/lib64/security/pam_userdb.so、/lib64/security/pam_userdb.so
[root@client vsftpd_user_conf]# cat /etc/pam.d/vsftpd //确保文件中写的目录存在
[root@client vsftpd_user_conf]# ls /lib/security/pam_userdb.so
/lib/security/pam_userdb.so //存在
[root@client vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO //匿名用户不能登入
local_enable=YES //本地系统用户可登入
anon_upload_enable=NO //匿名不可上传
anon_mkdir_write_enable=NO //匿名不可创建
chroot_local_user=YES
guest_enable=YES //使虚拟用户可登入
guest_username=virftp // guest用户为virftp
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf //指定虚拟用户所在配置文件
[root@client vsftpd_user_conf]# /etc/init.d/vsftpd restart
[root@client vsftpd_user_conf]# cat /etc/vsftpd/vsftpd_login
test1
111222
test2
aaa111
[root@client vsftpd_user_conf]# lftp [email protected]
Password:
lftp [email protected]:~> ls
lftp [email protected]:/> pwd
ftp://[email protected]/
[root@client vsftpd_user_conf]# cd /home/virftp/test1/
[root@client test1]# ls
[root@client test1]# touch 2.txt
[root@client test1]# mkdir 123
[root@client test1]# lftp [email protected]
Password:
lftp [email protected]:~> ls
drwxr-xr-x 2 0 0 4096 Jul 21 10:13 123
-rw-r--r-- 1 0 0 0 Jul 21 10:13 2.txt
//查看创建文件成功