VSFTP简介
VSFTP是一个基于GPL发布的类Unix系统上使用的FTP服务器软件,它的全称是Very Secure FTP。
yum install vsftpd mariadb-server mariadb-devel pam-devel -ywget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gztar xf pam_mysql-0.7RC1.tar.gz cd pam_mysql-0.7RC1./configure --with-pam=/usr --with-mysql=/usr --with-pam-mods-dir=/usr/lib64/securitymake -j 4 && make install
配置my.cnf
vim /etc/my.cnf[mysqld]innodb_file_per_table = 1skip_name_resolve=1log_bin=mysql-bin
启动mariadb
systemctl start mariadb.servicesystemctl enable mariadb.service
建立数据用户授权
mysqlgrant all on vsftpd.* to ‘vsftpd‘@‘l27.0.0.1‘ identified by ‘vsftpd‘;grant all on vsftpd.* to ‘vsftpd‘@‘localhost‘ identified by ‘vsftpd‘;
建数据库
mysql -uvsftpd -pvsftpd -hlocalhostcreate database vsftpd;
建立表
use vsftpd;create table users(id int unsigned not null auto_increment primary key, name varchar(100) not null,password char(48) not null,unique key(name));desc users;
建FTP登录授权账号
insert into users (name,password) values (‘ftp1‘,password(‘ftp1‘)), (‘ftp2‘,password(‘ftp2‘));
创建系统用户vuser
mkdir -pv /ftprootuseradd -d /ftproot/vuser vuser
创建目录授权
mkdir -pv /ftproot/vuser/{pub,upload}chmod a-w /ftproot/vuser
配置vsftpd.vusers
vim /etc/pam.d/vsftpd.vusersauth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
crypt=0:表示口令使用明文方式保存在数据库中
crypt=1:表示口令使用UNIX的DES加密方式加密后保存在数据库中
crypt=2:表示口令使用MySQL的password()函数加密后保存在数据库中
crypt=3:表示口令使用MD5散列值的方式保存在数据库中
配置vsftpd.conf
cp /etc/vsftpd/vsftpd.conf{,.back}vim /etc/vsftpd/vsftpd.conf guest_enable=YES #开启虚拟用户guest_username=vuser #FTP虚拟用户对应的系统用户,需要创建系统用户pam_service_name=vsftpd.vusers #PAM认证文件 这里是手动建立的pam认证文件名user_config_dir=/etc/vsftpd/vusers_config/
虚拟用户权限
chown vuser.vuser /ftproot/vuser/uploadmkdir -pv /etc/vsftpd/vusers_configtouch /etc/vsftpd/vusers_config/{ftp1,ftp2}
vim /etc/vsftpd/vusers_config/ftp1anon_upload_enable=YES
vim /etc/vsftpd/vusers_config/ftp2anon_upload_enable=YESanon_mkdir_write_enable=YES
启动vsftpd服务
systemctl start vsftpd.servicesystemctl enable vsftpd.service
登录验证
ftp1
ftp 10.120.123.11220 (vsFTPd 3.0.2)Name (10.120.123.11:root): ftp1331 Please specify the password.Password:230 Login successful.ftp> cd upload250 Directory successfully changed.ftp> lcd /etcLocal directory now /etcftp> put issuelocal: issue remote: issueftp> ls227 Entering Passive Mode (10,120,123,11,130,37).150 Here comes the directory listing.-rw------- 1 1000 1000 23 Apr 20 08:24 issue-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi226 Directory send OK.ftp> mkdir 123550 Permission denied.ftp> rm issue550 Permission denied.
ftp2
ftp 10.120.123.11Connected to 10.120.123.11 (10.120.123.11).220 (vsFTPd 3.0.2)Name (10.120.123.11:root): ftp2331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> cd upload250 Directory successfully changed.ftp> put fstablocal: fstab remote: fstab227 Entering Passive Mode (10,120,123,11,36,210).150 Ok to send data.226 Transfer complete.465 bytes sent in 7e-05 secs (6642.86 Kbytes/sec)ftp> mkdir ftp2257 "/upload/jerry" createdftp> ls227 Entering Passive Mode (10,120,123,11,27,190).150 Here comes the directory listing.-rw------- 1 1000 1000 465 Apr 20 08:29 fstab-rw------- 1 1000 1000 23 Apr 20 08:24 issuedrwx------ 2 1000 1000 6 Apr 20 08:30 ftp2-rw------- 1 1000 1000 3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi226 Directory send OK.
加载模块p_conntrack_ftp、ip_nat_ftp
vim /etc/sysconfig/iptables-configIPTABLES_MODULES="ip_conntrack_ftp"IPTABLES_MODULES="ip_nat_ftp
vim /etc/sysconfig/iptables-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
启动防火墙
systemctl restart iptables.service