linux-vsftp磁盘配额管理-034

 

创建ftp服务器,在新硬盘上提供ftp所有的服务,本地账号拥有自己的私有空间,限制为10M,同时在线用户数量100,每用户连接数2,本地速率1M/S,匿名100k/s,ftp服务器只能在上班时间访问(08-20:00)。

配置磁盘配额

1.1格式化新盘

[root@mail ~]# fdisk –l      --查看新硬盘的名称

Disk /dev/sdb: 8589 MB, 8589934592 bytes

 

[root@mail ~]# fdisk /dev/sdb      –--建新分区

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel

Building a new DOS disklabel. Changes will remain in memory only,

until you decide to write them. After that, of course, the previous

content won't be recoverable.

The number of cylinders for this disk is set to 1044.

There is nothing wrong with that, but this is larger than 1024,

and could in certain setups cause problems with:

1) software that runs at boot time (e.g., old versions of LILO)

2) booting and partitioning software from other OSs

   (e.g., DOS FDISK, OS/2 FDISK)

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

 

Command (m for help): m

Command action

   a   toggle a bootable flag

   b   edit bsd disklabel

   c   toggle the dos compatibility flag

   d   delete a partition

   l   list known partition types

   m   print this menu

   n   add a new partition

   o   create a new empty DOS partition table

   p   print the partition table

   q   quit without saving changes

   s   create a new empty Sun disklabel

   t   change a partition's system id

   u   change display/entry units

   v   verify the partition table

   w   write table to disk and exit

   x   extra functionality (experts only)

 

Command (m for help): n

Command action

   e   extended

   p   primary partition (1-4)

p

Partition number (1-4): 1

First cylinder (1-1044, default 1): 1

Last cylinder or +size or +sizeM or +sizeK (1-1044, default 1044): 1044

 

Command (m for help): p

 

Disk /dev/sdb: 8589 MB, 8589934592 bytes

255 heads, 63 sectors/track, 1044 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

 

   Device Boot      Start         End      Blocks   Id  System

/dev/sdb1               1        1044     8385898+  83  Linux

 

Command (m for help): w

The partition table has been altered!

 

Calling ioctl() to re-read partition table.

Syncing disks.

[root@mail ~]# mkfs -t ext3 /dev/sdb1

1.2.添加永久挂载

[root@mail ~]# mkdir /mnt/ftp

[root@mail ~]# vim /etc/fstab 

LABEL=/                 /                       ext3    defaults        1 1

LABEL=/boot             /boot                   ext3    defaults        1 2

tmpfs                   /dev/shm                tmpfs   defaults        0 0

devpts                  /dev/pts                devpts  gid=5,mode=620  0 0

sysfs                   /sys                    sysfs   defaults        0 0

proc                    /proc                   proc    defaults        0 0

LABEL=SWAP-sda3         swap                    swap    defaults        0 0

/dev/sdb1               /mnt/ftp                auto     defaults,usrquota  0 0                              

[root@mail ~]# mount -a     --或者重启

[root@mail ~]# mount

/dev/sda2 on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/sda1 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

/dev/sdb1 on /mnt/ftp type ext3 (rw,usrquota)

 

1.3.检查配额

[root@mail ~]# quotacheck -augvc

quotacheck: Scanning /dev/sdb1 [/mnt/ftp] quotacheck: Cannot stat old user quota file: No such file or directory

quotacheck: Old group file not found. Usage will not be substracted.

done

quotacheck: Checked 3 directories and 2 files

quotacheck: Old file not found.

[root@mail ~]# cd /mnt/ftp

[root@mail ftp]# ll

total 24

-rw------- 1 root root  6144 Aug 29 09:25 aquota.user

drwx------ 2 root root 16384 Aug 29 09:22 lost+found

 

1.4.配额应用

[root@mail ftp]# edquota -u user1

Disk quotas for user user1 (uid 501):

  Filesystem                   blocks       soft       hard     inodes     soft     hard

  /dev/sdb1                         0         10000         10000          0    

    0        0

[root@mail ftp]# edquota -p user1 user2

[root@mail ftp]# edquota -u user2

Disk quotas for user user2 (uid 502):

  Filesystem                   blocks       soft       hard     inodes     soft     hard

  /dev/sdb1                15572      10000      10000         36     0    0 

1.5.启用配额

[root@mail ftp]# quotaon /dev/sdb1

开机启动选项

[root@mail ftp]# vim /etc/rc.d/rc.local 

touch /var/lock/subsys/local

quotaon /dev/sdb1                     

ftp服务器的配置

2.1.创建ftp的公共目录和新的家目录

[root@mail ftp]# pwd

/mnt/ftp

[root@mail ftp]# mkdir public

[root@mail ftp]# cd public/

[root@mail public]# touch test1

[root@mail public]# touch test2

 

[root@mail ftp]# pwd

/mnt/ftp

[root@mail ftp]# mkdir home

 

移动用户家目录

[root@mail home]# ll /home

total 20

drwx------ 3 redhat redhat 4096 Aug 27 14:35 redhat

drwx------ 4 user1  user1  4096 Aug 27 21:02 user1

drwx------ 4 user2  user2  4096 Aug 27 21:29 user2

drwx------ 3 user3  user3  4096 Aug 28 01:28 user3

[root@mail home]# mv * /mnt/ftp/home

 

2.2更改已有本地用户的目录

[root@mail home]# vim /etc/passwd

user1:x:501:501::/mnt/ftp/home/user1:/bin/bash

user2:x:502:502::/mnt/ftp/home/user2:/bin/bash

apache:x:48:48:Apache:/var/www:/sbin/nologin

dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin

user3:x:503:503::/mnt/ftp/home/user3:/bin/bash

"/etc/passwd" 41L, 1902C written                              

2.3.新建本地用户更改目录

[root@mail home]# useradd -D -b /mnt/ftp/home

[root@mail home]# useradd user4  --新建用户家目录存放在新盘上

[root@mail home]# passwd user4

[root@mail ~]# grep user /etc/passwd

rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin

rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin

sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin

user1:x:501:501::/mnt/ftp/home/user1:/bin/bash

user2:x:502:502::/mnt/ftp/home/user2:/bin/bash

user3:x:503:503::/mnt/ftp/home/user3:/bin/bash

user4:x:504:504::/mnt/ftp/home/user4:/bin/bash

[root@mail ~]#

 

 

 

2.4.更改匿名用户登录目录

[root@mail home]# vim /etc/vsftpd/vsftpd.conf 

115 anon_root=/mnt/ftp/public

[root@mail home]# service vsftpd restart

 

2.5.配额的使用

[root@mail home]# dd if=/dev/zero of=f2 bs=1M count=5

5+0 records in

5+0 records out

5242880 bytes (5.2 MB) copied, 0.0430487 seconds, 122 MB/s

[root@mail home]# ll -h

total 5.1M

-rw-r--r-- 1 root root 5.0M Aug 29 09:47 f2

测试:

[root@mail home]# ftp  127.0.0.1

Connected to 127.0.0.1.

220 Welcome to lwy's FTP service.

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user1

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> !dir

f4

ftp> put f4

local: f4 remote: f4

227 Entering Passive Mode (127,0,0,1,194,201)

150 Ok to send data.

226 File receive OK.

5242880 bytes sent in 0.018 seconds (2.8e+05 Kbytes/s)

ftp> bye

221 Goodbye.

[root@mail home]# mv f4 f3

[root@mail home]# ftp  127.0.0.1

Connected to 127.0.0.1.

220 Welcome to lwy's FTP service.

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user1

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> !dir

f3

ftp> put f3

local: f3 remote: f3

227 Entering Passive Mode (127,0,0,1,143,97)

150 Ok to send data.

451 Failure writing to local file.

ftp> bye

221 Goodbye.

 

[root@mail home]# quota user1

Disk quotas for user user1 (uid 501): 

     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace

      /dev/sdb1   10000*  10000   10000              30       0       0        

[root@mail home]#

2.6.用户访问ftp的限制

[root@mail ~]# vim /etc/vsftpd/vsftpd.conf 

115 anon_root=/mnt/ftp/public  --匿名用户访问ftp的目录

116 max_clients=100  --最大用户连接数100

117 max_per_ip=2  --用户主机最大连接数是2

118 local_max_rate=1000000   --本地速率1m/s

119 anon_max_rate=100000  --匿名用户100k/s

"/etc/vsftpd/vsftpd.conf" 122L, 4532C written                 

[root@mail ~]# service vsftpd restart

Shutting down vsftpd:                                      [  OK  ]

Starting vsftpd for vsftpd:                                [  OK  ]

[root@mail ~]#

 

ftp限制测试

3.1本地用户速率测试

[root@mail home]# ftp 127.0.0.1 

Connected to 127.0.0.1.

220 Welcome to lwy's FTP service.

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user2

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> dir

227 Entering Passive Mode (127,0,0,1,118,191)

150 Here comes the directory listing.

-rw-r--r--    1 502      502             0 Aug 29 02:13 f2

-rw-r--r--    1 502      502       5242880 Aug 29 01:57 f3

-rw-r--r--    1 502      502       5242880 Aug 29 01:58 f4

drwx------    4 502      502          4096 Aug 27 14:42 mail

-rw-------    1 502      502          3283 Aug 27 12:22 mbox

226 Directory send OK.

ftp> get f3

local: f3 remote: f3

227 Entering Passive Mode (127,0,0,1,125,50)

150 Opening BINARY mode data connection for f3 (5242880 bytes).

226 File send OK.

5242880 bytes received in 5.3 seconds (9.7e+02 Kbytes/s)

ftp>

 

 

3.2匿名用户测试

[root@mail ~]# dd if=/dev/zero of=file bs=1M count=5

5+0 records in

5+0 records out

5242880 bytes (5.2 MB) copied, 0.0371746 seconds, 141 MB/s

[root@mail ~]# cp -p file /mnt/ftp/public/

[root@mail ~]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 Welcome to lwy's FTP service.

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): anonymous    

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> !dir

anaconda-ks.cfg  Desktop  file  install.log  install.log.syslog  mbox

ftp> die

?Invalid command

ftp> dir

227 Entering Passive Mode (127,0,0,1,23,254)

150 Here comes the directory listing.

-rw-r--r--    1 0        0         5242880 Aug 29 02:38 file

-rw-r--r--    1 0        0               0 Aug 29 01:29 test1

-rw-r--r--    1 0        0               0 Aug 29 01:29 test2

226 Directory send OK.

ftp> get file

local: file remote: file

227 Entering Passive Mode (127,0,0,1,252,141)

150 Opening BINARY mode data connection for file (5242880 bytes).

226 File send OK.

5242880 bytes received in 52 seconds (99 Kbytes/s)

ftp>

3.3用户连接数测试

 

超级守护进程

通过守护进程限制访问ftp的时间

[root@mail xinetd.d]# vim /etc/vsftpd/vsftpd.conf 

109 listen=no

 

[root@mail xinetd.d]# pwd

/etc/xinetd.d

[root@mail xinetd.d]# cp tftp vsftp

[root@mail xinetd.d]# vim /etc/xinetd.d/vsftpd 

service ftp

{

        id                      =vsftpd

        socket_type             = stream

        protocol                = tcp

        wait                    = no

        user                    = root

        server                  = /usr/sbin/vsftpd

        server_args             = /etc/vsftpd/vsftpd.conf

        disable                 = no

       accesss_times            =8:00-20:00

}

 

[root@mail xinetd.d]# service vsftpd restart

Shutting down vsftpd:                                      [FAILED]

Starting vsftpd for vsftpd: 500 OOPS: vsftpd: not configured for standalone, must be started from inetd

                                                           [FAILED]

[root@mail xinetd.d]# service xinetd restart

Stopping xinetd:                                           [  OK  ]

Starting xinetd:                                           [  OK  ]

 [root@mail xinetd.d]# ftp 127.0.0.1

Connected to 127.0.0.1.

220 Welcome to lwy's FTP service.

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (127.0.0.1:root): user1

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> bye

221 Goodbye.

 

 

你可能感兴趣的:(linux,vsftp,职场,休闲)