vsftp ——- ftp服务
被动模式 生产配置 锁定家目录
禁止是否 sftp协议 匿名登录
[root@prod-nfs-server01 ~]# cat /etc/passwd|grep ewftpewftp:x:1101:1101::/data/lttsdata:/sbin/nologin[root@prod-nfs-server01 ~]#
[root@prod-nfs-server01 ~]#[root@prod-nfs-server01 ~]# grep ^[^#] /etc/vsftpd/vsftpd.confanonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESchroot_local_user=YESlisten=NOlisten_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESallow_writeable_chroot=YESpasv_enable=YESpasv_min_port=1025pasv_max_port=1035[root@prod-nfs-server01 ~]#
防火墙设置
firewall-cmd --zone=public --add-port=21/tcp --permanentfirewall-cmd --zone=public --add-port=1025-1035/tcp --permanentfirewall-cmd --reload
安装ftp服务器端:
[root@riyimei ~]# yum install -y vsftpdLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.combase | 3.6 kB 00:00:00epel | 4.7 kB 00:00:00extras | 2.9 kB 00:00:00updates | 2.9 kB 00:00:00(1/7): epel/x86_64/group_gz | 95 kB 00:00:00(2/7): base/7/x86_64/group_gz | 153 kB 00:00:00(3/7): extras/7/x86_64/primary_db | 205 kB 00:00:00(4/7): epel/x86_64/updateinfo | 1.0 MB 00:00:00(5/7): updates/7/x86_64/primary_db | 3.0 MB 00:00:01(6/7): base/7/x86_64/primary_db | 6.1 MB 00:00:01(7/7): epel/x86_64/primary_db | 6.9 MB 00:00:01Resolving Dependencies--> Running transaction check---> Package vsftpd.x86_64 0:3.0.2-27.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved=======================================================================================================================================Package Arch Version Repository Size=======================================================================================================================================Installing:vsftpd x86_64 3.0.2-27.el7 base 172 kTransaction Summary=======================================================================================================================================Install 1 PackageTotal download size: 172 kInstalled size: 353 kDownloading packages:vsftpd-3.0.2-27.el7.x86_64.rpm | 172 kB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : vsftpd-3.0.2-27.el7.x86_64 1/1Verifying : vsftpd-3.0.2-27.el7.x86_64 1/1Installed:vsftpd.x86_64 0:3.0.2-27.el7Complete![root@riyimei ~]#
创建虚拟用户
useradd -s /sbin/nologin virftp
查看配置文件位置
[root@riyimei ~]# rpm -qa vsftpdvsftpd-3.0.2-27.el7.x86_64[root@riyimei ~]# rpm -ql vsftpd/etc/logrotate.d/vsftpd/etc/pam.d/vsftpd/etc/vsftpd/etc/vsftpd/ftpusers/etc/vsftpd/user_list/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd_conf_migrate.sh/usr/lib/systemd/system-generators/vsftpd-generator/usr/lib/systemd/system/vsftpd.service/usr/lib/systemd/system/vsftpd.target/usr/lib/systemd/system/vsftpd@.service/usr/sbin/vsftpd/usr/share/doc/vsftpd-3.0.2/usr/share/doc/vsftpd-3.0.2/AUDIT/usr/share/doc/vsftpd-3.0.2/BENCHMARKS/usr/share/doc/vsftpd-3.0.2/BUGS/usr/share/doc/vsftpd-3.0.2/COPYING/usr/share/doc/vsftpd-3.0.2/Changelog/usr/share/doc/vsftpd-3.0.2/EXAMPLE/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/README.configuration/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/vsftpd.conf/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE/vsftpd.xinetd/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration/usr/share/doc/vsftpd-3.0.2/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/README.configuration/usr/share/doc/vsftpd-3.0.2/EXAMPLE/PER_IP_CONFIG/hosts.allow/usr/share/doc/vsftpd-3.0.2/EXAMPLE/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_HOSTS/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_HOSTS/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/README/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/README.configuration/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/logins.txt/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/vsftpd.conf/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS/vsftpd.pam/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS_2/usr/share/doc/vsftpd-3.0.2/EXAMPLE/VIRTUAL_USERS_2/README/usr/share/doc/vsftpd-3.0.2/FAQ/usr/share/doc/vsftpd-3.0.2/INSTALL/usr/share/doc/vsftpd-3.0.2/LICENSE/usr/share/doc/vsftpd-3.0.2/README/usr/share/doc/vsftpd-3.0.2/README.security/usr/share/doc/vsftpd-3.0.2/REWARD/usr/share/doc/vsftpd-3.0.2/SECURITY/usr/share/doc/vsftpd-3.0.2/SECURITY/DESIGN/usr/share/doc/vsftpd-3.0.2/SECURITY/IMPLEMENTATION/usr/share/doc/vsftpd-3.0.2/SECURITY/OVERVIEW/usr/share/doc/vsftpd-3.0.2/SECURITY/TRUST/usr/share/doc/vsftpd-3.0.2/SIZE/usr/share/doc/vsftpd-3.0.2/SPEED/usr/share/doc/vsftpd-3.0.2/TODO/usr/share/doc/vsftpd-3.0.2/TUNING/usr/share/doc/vsftpd-3.0.2/vsftpd.xinetd/usr/share/man/man5/vsftpd.conf.5.gz/usr/share/man/man8/vsftpd.8.gz/var/ftp/var/ftp/pub[root@riyimei ~]#
编辑虚拟用户密码文件并授权
vim /etc/vsftpd/vsftpd_login
chmod 600 /etc/vsftpd/vsftpd_login
[root@riyimei ~]# cat /etc/vsftpd/vsftpd_loginliwmAAbb0101riyimei!Q2w3e4r[root@riyimei ~]#
把虚拟用户的密码文件转为为数据库文件
db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
[root@riyimei ~]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db[root@riyimei ~]# ll -l /etc/vsftpd/total 36-rw------- 1 root root 125 Apr 1 12:55 ftpusers-rw------- 1 root root 361 Apr 1 12:55 user_list-rw------- 1 root root 5116 Apr 1 12:55 vsftpd.conf-rwxr--r-- 1 root root 338 Apr 1 12:55 vsftpd_conf_migrate.sh-rw------- 1 root root 31 Jul 26 22:18 vsftpd_login-rw-r--r-- 1 root root 12288 Jul 26 22:19 vsftpd_login.db[root@riyimei ~]#
创建虚拟用户的目录和配置文件
mkdir /etc/vsftpd/vsftpd_user_conf
[root@riyimei ~]# mkdir /etc/vsftpd/vsftpd_user_conf[root@riyimei ~]# cd /etc/vsftpd/vsftpd_user_conf[root@riyimei vsftpd_user_conf]# vim liwm[root@riyimei vsftpd_user_conf]# cat liwmlocal_root=/home/virftp/liwm //为虚拟用户testuser1的家目录(读取文件所在处)anonymous_enable=NO // 是否允许匿名用户write_enable=YES //是否可行local_umask=022 //umask的值anon_upload_enable=NO //是否允许匿名用户上传文件anon_mkdir_write_enable=NO //是否允许匿名用户可写、创建用户idle_session_timeout=600 //连接空闲超时时间,超时就重新登录data_connection_timeout=120 //传输文件超时时间max_clients=10 //最大客户端数[root@riyimei vsftpd_user_conf]#
创建虚拟用户家目录并授权
[root@riyimei vsftpd_user_conf]# mkdir /home/virftp/liwm[root@riyimei vsftpd_user_conf]# chown -R virftp:virftp /home/virftp/[root@riyimei vsftpd_user_conf]#
修改认证配置文件
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccount sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
[root@riyimei vsftpd_user_conf]# vim /etc/pam.d/vsftpd[root@riyimei vsftpd_user_conf]# cat /etc/pam.d/vsftpd#%PAM-1.0auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccount sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginsession optional pam_keyinit.so force revokeauth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeedauth required pam_shells.soauth include password-authaccount include password-authsession required pam_loginuid.sosession include password-auth[root@riyimei vsftpd_user_conf]#
修改全局配置文件
/etc/vsftpd/vsftpd.conf
[root@riyimei vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf[root@riyimei vsftpd_user_conf]# grep ^[^#] /etc/vsftpd/vsftpd.confanonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022anon_upload_enable=NOanon_mkdir_write_enable=NOdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESlisten=NOlisten_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESchroot_local_user=YESguest_enable=YES //是否允许虚拟用户映射guest_username=virftp //这个就是虚拟用户映射到的系统用户virftpvirtual_use_local_privs=YES //user_config_dir=/etc/vsftpd/vsftpd_user_conf //创建的虚拟用户的目录allow_writeable_chroot=YES //[root@riyimei vsftpd_user_conf]#
anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022anon_upload_enable=NOanon_mkdir_write_enable=NOdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESlisten=NOlisten_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESchroot_local_user=YESguest_enable=YESguest_username=virftpvirtual_use_local_privs=YESuser_config_dir=/etc/vsftpd/vsftpd_user_confallow_writeable_chroot=YES
启动服务
[root@riyimei vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf[root@riyimei vsftpd_user_conf]# systemctl restart vsftpd[root@riyimei vsftpd_user_conf]# systemctl status vsftpd● vsftpd.service - Vsftpd ftp daemonLoaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)Active: active (running) since Sun 2020-07-26 22:42:36 CST; 1min 2s agoProcess: 2683 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)Main PID: 2684 (vsftpd)CGroup: /system.slice/vsftpd.service└─2684 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.confJul 26 22:42:36 riyimei systemd[1]: Starting Vsftpd ftp daemon...Jul 26 22:42:36 riyimei systemd[1]: Started Vsftpd ftp daemon.[root@riyimei vsftpd_user_conf]#[root@riyimei vsftpd_user_conf]# netstat -lntupActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1061/sshdtcp6 0 0 :::33060 :::* LISTEN 1091/mysqldtcp6 0 0 :::3306 :::* LISTEN 1091/mysqldtcp6 0 0 :::21 :::* LISTEN 2684/vsftpdtcp6 0 0 :::22 :::* LISTEN 1061/sshd[root@riyimei vsftpd_user_conf]#
安装客户端
yum install -y lftp
[root@riyimei ~]# yum install -y lftpLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.comResolving Dependencies--> Running transaction check---> Package lftp.x86_64 0:4.4.8-12.el7_8.1 will be installed--> Processing Dependency: libgnutls.so.28(GNUTLS_1_4)(64bit) for package: lftp-4.4.8-12.el7_8.1.x86_64--> Processing Dependency: libgnutls.so.28()(64bit) for package: lftp-4.4.8-12.el7_8.1.x86_64--> Running transaction check---> Package gnutls.x86_64 0:3.3.29-9.el7_6 will be installed--> Processing Dependency: trousers >= 0.3.11.2 for package: gnutls-3.3.29-9.el7_6.x86_64--> Processing Dependency: libnettle.so.4()(64bit) for package: gnutls-3.3.29-9.el7_6.x86_64--> Processing Dependency: libhogweed.so.2()(64bit) for package: gnutls-3.3.29-9.el7_6.x86_64--> Running transaction check---> Package nettle.x86_64 0:2.7.1-8.el7 will be installed---> Package trousers.x86_64 0:0.3.14-2.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved=======================================================================================================================================Package Arch Version Repository Size=======================================================================================================================================Installing:lftp x86_64 4.4.8-12.el7_8.1 updates 752 kInstalling for dependencies:gnutls x86_64 3.3.29-9.el7_6 base 680 knettle x86_64 2.7.1-8.el7 base 327 ktrousers x86_64 0.3.14-2.el7 base 289 kTransaction Summary=======================================================================================================================================Install 1 Package (+3 Dependent packages)Total download size: 2.0 MInstalled size: 5.9 MDownloading packages:(1/4): gnutls-3.3.29-9.el7_6.x86_64.rpm | 680 kB 00:00:00(2/4): nettle-2.7.1-8.el7.x86_64.rpm | 327 kB 00:00:00(3/4): trousers-0.3.14-2.el7.x86_64.rpm | 289 kB 00:00:00(4/4): lftp-4.4.8-12.el7_8.1.x86_64.rpm | 752 kB 00:00:00---------------------------------------------------------------------------------------------------------------------------------------Total 3.4 MB/s | 2.0 MB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : nettle-2.7.1-8.el7.x86_64 1/4Installing : trousers-0.3.14-2.el7.x86_64 2/4Installing : gnutls-3.3.29-9.el7_6.x86_64 3/4Installing : lftp-4.4.8-12.el7_8.1.x86_64 4/4Verifying : trousers-0.3.14-2.el7.x86_64 1/4Verifying : lftp-4.4.8-12.el7_8.1.x86_64 2/4Verifying : gnutls-3.3.29-9.el7_6.x86_64 3/4Verifying : nettle-2.7.1-8.el7.x86_64 4/4Installed:lftp.x86_64 0:4.4.8-12.el7_8.1Dependency Installed:gnutls.x86_64 0:3.3.29-9.el7_6 nettle.x86_64 0:2.7.1-8.el7 trousers.x86_64 0:0.3.14-2.el7Complete![root@riyimei ~]#
客户端命令
lftp liwm@127.0.0.1:/> help!<shell-command> (commands) alias [<name> [<value>]] attach [PID]bookmark [SUBCMD] cache [SUBCMD] cat [-b] <files> cd <rdir>chmod [OPTS] mode file... close [-a] [re]cls [opts] [path/][pattern]debug [<level>|off] [-o <file>] du [options] <dirs> exit [<code>|bg]get [OPTS] <rfile> [-o <lfile>] glob [OPTS] <cmd> <args> help [<cmd>]history -w file|-r file|-c|-l [cnt] jobs [-v] [<job_no...>] kill all|<job_no> lcd <ldir>lftp [OPTS] <site> ln [-s] <file1> <file2> ls [<args>] mget [OPTS] <files>mirror [OPTS] [remote [local]] mkdir [-p] <dirs> module name [args] more <files>mput [OPTS] <files> mrm <files> mv <file1> <file2> [re]nlist [<args>]open [OPTS] <site> pget [OPTS] <rfile> [-o <lfile>] put [OPTS] <lfile> [-o <rfile>] pwd [-p]queue [OPTS] [<cmd>] quote <cmd> repeat [OPTS] [delay] [command]rm [-r] [-f] <files> rmdir [-f] <dirs> scache [<session_no>]set [OPT] [<var> [<val>]] site <site-cmd> source <file>torrent [-O <dir>] <file|URL>... user <user|URL> [<pass>] wait [<jobno>] zcat <files>zmore <files>lftp liwm@127.0.0.1:/>
[root@FTPSERVER ~]# grep ^[^#] /etc/vsftpd/vsftpd.confanonymous_enable=YESlocal_enable=YESwrite_enable=YESlocal_umask=000dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESchroot_local_user=YESchroot_list_enable=YESlisten=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YES
若有收获,就点个赞吧
0 人点赞
