VSFTPD 权限控制

关于VSFTPD的用户,可分为三类用户:

1.匿名帐户: anonymous。 权限使用anon_XXX控制。

2.本地帐户:完全取决于本地帐户的权限。

3.虚拟账户:vsftpd手册里说权限和匿名帐户相同,但是测试发现与anonymous的部分行为不同,比较琐碎。


关于vsftpd的用法参见:

1.FAQ: https://security.appspot.com/vsftpd/FAQ.txt

2.上一篇配置说明:http://blog.csdn.net/yunhuang2010/article/details/6950830

3。conf文件:

#

listen=YES
connect_from_port_20=YES

# limit max clients
max_clients=100

anonymous_enable=YES

#anonymous user root
anon_root=/ftp/pub

# if it is set, anonymous users will be permitted
# to perform write operations other than upload
# and create directory, such as deletion and renaming
# *****  can rename and delete files
anon_other_write_enable=YES

# enbale upload, virtual user treated as anonymous user,
# so it also require to set Yes when virtaul user needs upload
# *****  can upload files
anon_upload_enable=YES

# enable anonymous to mkdir, also require write_enable=Yes
# *****  can mkdir and delete folders
anon_mkdir_write_enable=YES

# when enabled, anonymous users will only be allowed to download files
anon_world_readable_only=NO

# If enabled, all anonymously uploaded files will have the
# ownership changed to the user specified in the setting chown_username
chown_uploads=YES
chown_username=ftp-admin

# must enable to allow local user(include virtual user) to login
local_enable=YES

#
local_umask=022

#
write_enable=YES

#
local_root=/ftp/$USER

user_sub_token=$USER

# This  is  the  name of the user that is used by vsftp
# when it wants to be totally unprivileged
# nopriv_user=vsftpd
nopriv_user=ftp

# chroot
chroot_local_user=YES

# point new configuration file for each user, some options
# can not affect by this because they are whole-control ones
# such as listen_address, banner_file, max_per_ip,
# max_clients, xferlog_file, etc
user_config_dir=/etc/vsftpd_user_conf

# virtual user, If enabled, all non-anonymous logins are classed as "guest" logins.
guest_enable=YES
guest_username=vsftpd

# If enabled, virtual users will use the same privileges as local  users.  By  default,
# virtual users will use the same privileges as anonymous users, which tends to be more
# restrictive (especially in terms of write access)
virtual_use_local_privs=YES

secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

dirmessage_enable=YES
banner_file=/etc/vsftpd_banner


syslog_enable=NO
log_ftp_protocol=YES
xferlog_std_format=NO
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd/vsftpd.log
xferlog_file=/var/log/vsftpd/xferlog.log

data_connection_timeout=15

virtual_use_local_privs=YES
什么意思? 设为YES所有虚拟用户使用用户vsftpd的权限;设为NO,所有虚拟用户使用anonymous权限?


你可能感兴趣的:(VSFTPD 权限控制)