|
实验环境:
server主机
?? ?selinux关闭(重启虚拟机reboot)
vim /etc/sysconfig/selinux???
disabled?
getenforce(查看selinix状态)
?? ?火墙开启
?? ?dnf安装设定完成
client主机
?? ?172.25.254.29
?? ?selinux关闭
?? ?本地文件仓库配置完成
?? ?安装lftp?? ?##ftp协议文本浏览器
#####################1、ftp介绍#####################
ftp:file transfer proto
互联网中最老牌的文件传输协议
######################2、vsftpd安装及启用######################?? ?
dnf install vsftpd -y?? ??? ?##server
dnf install lftp -y?? ??? ?##client
关闭selinux
systemctl disable --now firewalld
vim /etc/vsftpd/vsftpd.conf?? ?##启动匿名用户的访问功能
///
12 anonymous_enable=YES
///
systemctl restart vsftpd
测试安装发布:
ftp://ip
lftp ip?? ??? ??? ?##此访问方式必须能列出资源才算访问成功
?? ??? ????????????? ##使用完成后exit退出
[root@westoslinux ~]# dnf search ftp
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 134 days, 20:29:40 ago on Fri 26 Mar 2021 01:57:35 PM CST.
========================= Name & Summary Matched: ftp ==========================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
lftp-scripts.noarch : Scripts for lftp
vsftpd.x86_64 : Very Secure Ftp Daemon
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
python3-requests-ftp.noarch : FTP transport adapter for python3-requests
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
syslinux-tftpboot.noarch : SYSLINUX modules in /tftpboot, available for network
: booting
============================== Name Matched: ftp ===============================
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
============================= Summary Matched: ftp =============================
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
[root@westoslinux ~]# dnf install vsftpd.x86_64 lftp.x86_64 -y ##下载
[root@westoslinux ~]# systemctl enable --now vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
[root@westoslinux ~]# netstat -antlupe | grep vsftpd ##查看端口
tcp6 0 0 :::21 :::* LISTEN 0 48226 2933/vsftpd
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf ##编辑
12 anonymous_enable=YES ##启动匿名用户的访问功能
[root@westoslinux ~]# systemctl restart vsftpd ##重启服务
[root@westoslinux ~]# lftp 172.25.254.129 ##查看
lftp 172.25.254.129:~> ls
drwxr-xr-x 2 0 0 6 Feb 17 2020 pub
lftp 172.25.254.129:/>
[root@westoslinux ~]# lftp 172.25.254.129 -u westos
Password:
lftp westos@172.25.254.129:~> ls
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Desktop
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Documents
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Downloads
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Music
drwxr-xr-x 3 1000 1000 24 Mar 26 06:05 Pictures
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Public
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Templates
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Videos
#########################
3.vsftpd基本信息
服务名称:????????vsftpd.service
配置目录:????????/etc/vsftpd
主配置文件:????????/etc/vsftpd/vsftpd.conf
默认发布目录:????????/var/ftp
报错信息:
550????????##程序本身拒绝
553????????##文件系统权限限制
500????????##权限过大
530????????##认证失败
##################
4.匿名用户访问控制
[root@westoslinux ~]# lftp 172.25.254.129
lftp 172.25.254.129:~> ls
Interrupt
lftp 172.25.254.129:~>
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf ##编辑
12 anonymous_enable=YES ##启动匿名用户的访问功能
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf
[root@westoslinux ~]# lftp 172.25.254.129 ##可以匿名访问
lftp 172.25.254.129:~> ls
drwxr-xr-x 2 0 0 6 Feb 17 2020 pub
?
登陆控制??????????? anonymous_enable=YES|NO
家目录控制????????anon_root=/westosdir
上传控制????????????????????? anon_upload_enable=YES|NO
chmod 775 /var/ftp/pub
chgrp ftp /var/ftp/pub
lftp 192.168.0.100
cd pub
put /etc/passwd
目录建立控制??????????? anon_mkdir_write_enable=YES|NO
删除重命令控制????????anon_other_write_enable=YES|NO
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf
30 anon_upload_enable=YES
31 anon_other_write_enable=YES
32 #
33 # Uncomment this if you want the anonymous FTP user to be able to create
34 # new directories.
35 anon_mkdir_write_enable=YES
36 #
[root@westoslinux ~]# systemctl restart vsftpd
[root@westoslinux ~]# chmod 775 /var/ftp/pub/ ##添加权限
[root@westoslinux ~]# ls -ld /var/ftp/pub/
drwxrwxr-x 2 root root 6 Feb 17 2020 /var/ftp/pub/
[root@westoslinux ~]# chgrp ftp /var/ftp/pub/ ##更改组
[root@westoslinux ~]# lftp 172.25.254.129
lftp 172.25.254.129:/> cd pub/
lftp 172.25.254.129:/pub> mkdir zzz ##创建
mkdir ok, `zzz' created
lftp 172.25.254.129:/pub> ls
-rw------- 1 14 50 2664 Aug 08 02:57 passwd
drwx------ 2 14 50 6 Aug 08 03:02 zzz
lftp 172.25.254.129:/pub> rm -r zzz ##删除
rm ok, `zzz' removed
lftp 172.25.254.129:/pub> put /etc/passwd ##上传
2664 bytes transferred
lftp 172.25.254.129:/pub> ls
-rw------- 1 14 50 2664 Aug 08 03:28 passwd
下载控制
anon_world_readable_only=NO????????????????##匿名用户可以下载不能读的文件
匿名用户上传文件权限设定
anon_umask=xxx
anon_umask=022????????##当设定chown_username之后上传文权限将不是用此参数设定
匿名用户上传文件的用户身份设定
chown_upload=YES
chown_username=westos
chown_upload_mode=0644
登陆数量控制:
max_clients=2????????????????##在配置文件添加重启服务即可
上传速率控制
anon_max_rate=102400?????? ##在配置文件添加重启服务即可
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf
29 # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_ful l_access
30 anon_umask=022 ##当设定chown_username之后上传文权限将不是用此参数设定
31 anon_upload_enable=YES
32 anon_other_write_enable=YES
33 anon_world_readable_only=NO ##匿名用户可以下载不能读的文件
34 #
50 # a different user. Note! Using "root" for uploaded files is not
51 # recommended!
52 chown_uploads=YES 匿名用户上传文件的用户身份设定
53 chown_username=westos
54 chown_upload_mode=0644 ##权限
55 #
[root@westoslinux ~]# systemctl restart vsftpd
[root@westoslinux ~]# lftp 172.25.254.129
lftp 172.25.254.129:~> cd pub
cd ok, cwd=/pub
lftp 172.25.254.129:/pub> ls
-rw------- 1 14 50 2664 Aug 08 03:28 passwd
lftp 172.25.254.129:/pub> put /etc/group
988 bytes transferred
lftp 172.25.254.129:/pub> ls
-rw-r--r-- 1 1000 50 988 Aug 08 03:38 group
-rw------- 1 14 50 2664 Aug 08 03:28 passwd
lftp 172.25.254.129:/pub> put /etc/inittab
490 bytes transferred
lftp 172.25.254.129:/pub> ls
-rw-r--r-- 1 1000 50 988 Aug 08 03:38 group
-rw-r--r-- 1 1000 50 490 Aug 08 03:38 inittab
-rw------- 1 14 50 2664 Aug 08 03:28 passwd
#########################################
5.本地用户的访问
登陆控制
useradd westos
useradd lee
echo lee | passwd --stdin westos
echo lee | passwd --stdin lee
lftp????????172.25.254.129 -u westos
local_enable=YES|NO?? ??? ?#YES为可登录
写权限控制(有)
write_enable=NO|YES?? ??? ?##默认可写,写功能的总开关,关闭后匿名用户也不可写
家目录控制(没有)
local_root=/westosdir
上传文件权限控制(有)
local_umask=077?? ??? ? ??? ##默认上传权限为644,即umask=022
用户登录控制
/etc/vsftpd/ftpusers?? ??? ?? ##永久黑名单(权限最大)
?? ??? ??? ??? ??????????????? ? ? ? ? ?? #即改即生效
/etc/vsftpd/user_list?? ??? ?##临时黑名单(可能会因为设定变成白名单)
?? ??? ??? ?????????????????????????? ? ? #即改即生效
用户登录白名单(没有)
userlist_deny=NO?? ??? ?????????##设定/etc/vsftpd/user_list为白名单
?? ??? ??? ??????????????????????????????????? ?##不在名单中的用户不能登录ftp
[root@westoslinux ~]# useradd lee
[root@westoslinux ~]# echo lee | passwd --stdin lee
Changing password for user lee.
[root@westoslinux ~]# lftp 172.25.254.129 -u lee
Password:
lftp lee@172.25.254.129:~> ls
lftp lee@172.25.254.129:~> exit
[root@westoslinux ~]# su - lee
[lee@westoslinux ~]$ pwd
/home/lee
[lee@westoslinux ~]$ touch leefile{1..5}
[lee@westoslinux ~]$ logout
[root@westoslinux ~]# lftp 172.25.254.129 -u lee
Password:
lftp lee@172.25.254.129:~> ls
-rw-rw-r-- 1 1001 1001 0 Aug 08 06:39 leefile1
-rw-rw-r-- 1 1001 1001 0 Aug 08 06:39 leefile2
-rw-rw-r-- 1 1001 1001 0 Aug 08 06:39 leefile3
-rw-rw-r-- 1 1001 1001 0 Aug 08 06:39 leefile4
-rw-rw-r-- 1 1001 1001 0 Aug 08 06:39 leefile5
lftp lee@172.25.254.129:~> exit
[root@westoslinux ~]# lftp 172.25.254.129 -u westos
Password:
lftp westos@172.25.254.129:~> ls
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Desktop
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Documents
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Downloads
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Music
drwxr-xr-x 3 1000 1000 24 Mar 26 06:05 Pictures
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Public
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Templates
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Videos
[root@westoslinux ~]# vim /etc/vsftpd/user_list ##添加lee
[root@westoslinux ~]# cat /etc/vsftpd/user_list ##查看
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
lee
[root@westoslinux ~]# lftp 172.25.254.129 -u lee ##登陆不上去
Password:
lftp lee@172.25.254.129:~> ls
ls: Login failed: 530 Permission denied.
lftp lee@172.25.254.129:~> exit
[root@westoslinux ~]# lftp 172.25.254.129 -u westos
Password:
lftp westos@172.25.254.129:~> ls
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Desktop
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Documents
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Downloads
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Music
drwxr-xr-x 3 1000 1000 24 Mar 26 06:05 Pictures
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Public
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Templates
drwxr-xr-x 2 1000 1000 6 Mar 26 06:04 Videos
lftp westos@172.25.254.129:~>
锁定用户到自己家目录中(有,是否能切换到/)
默认下用户可以浏览/,不安全,所以将其锁定在自己的家目录
chroot_local_user=YES?? ??? ?##YES=锁定,
chmod u-w /home/*?? ??? ?##显示权限过大时,删除写权限则不被锁定
文件当中指定用户被锁定在自己家目录(黑名单)
chmod u+w /home/*
chroot_local_user=NO?? ??? ?##默认为NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
文件当中指定用户不被锁定(白名单)
chmod u+w /home/*
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
########################################################
6.虚拟用户访问
#1.建立虚拟用户过程########
1.vim /etc/vsftpd/westos_pam??????????????? #建立认证文件模板
user1????????????????
123
user2
123
user3
123
2.? db_load -T -t hash -f? /westos_pam? /westos_pam.db##加密认证文件-T 转换 -t type -f 指定转换文件
3.vim /etc/pam.d/westos
account????????required????????pam_userdb.so????????db=/etc/vsftpd/westos_pam
auth????????required????????????????pam_userdb.so????????db=/etc/vsftpd/westos.pam
4.vim /etc/vsftpd/vsftpd.conf
pam_service_name=westos????????##指定认证策略文件
guest_enable=YES????????????????????????##指定虚拟用户功能开启
guest_username=ftp????????????????##指定虚拟用户在ftp服务器上的用户身份
[root@westoslinux vsftpd]# lftp 172.25.254.129 -u user1
Password:
lftp user1@172.25.254.129:~> ls
drwxrwxr-x 2 0 50 35 Aug 08 03:40 pub
lftp user1@172.25.254.129:/> exit
#####虚拟用户家目录的独立设定#################
mkdir -p /ftphome/westos{1..3}?? ??? ?##与虚拟用户名相同才能使用$
touch /ftphome/westos1/westos1file
touch /ftphome/westos2/westos2file
touch /ftphome/westos3/westos3file
mkdir /ftphome/westos{1..3}/pub
vim /etc/vsftpd/vsftpd.conf
local_root=/ftphome/$USER
user_sub_token=$USER
systemctl restart vsftpd
[root@westoslinux ~]# mkdir -p /ftphome/user{1..3}
[root@westoslinux ~]# touch /ftphome/user1/userfile
[root@westoslinux ~]# touch /ftphome/user1/pub
[root@westoslinux ~]# touch /ftphome/user2/user2file
[root@westoslinux ~]# touch /ftphome/user2/pub
[root@westoslinux ~]# touch /ftphome/user3/user3file
[root@westoslinux ~]# touch /ftphome/user3/pub
[root@westoslinux ~]# ls -l /ftphome/user{1..3}
/ftphome/user1:
total 0
-rw-r--r-- 1 root root 0 Aug 8 15:38 pub
-rw-r--r-- 1 root root 0 Aug 8 15:38 userfile
/ftphome/user2:
total 0
-rw-r--r-- 1 root root 0 Aug 8 15:38 pub
-rw-r--r-- 1 root root 0 Aug 8 15:38 user2file
/ftphome/user3:
total 0
-rw-r--r-- 1 root root 0 Aug 8 15:39 pub
-rw-r--r-- 1 root root 0 Aug 8 15:38 user3file
[root@westoslinux ~]# vim /etc/vsftpd/vsftpd.conf
pam_service_name=westos
userlist_enable=YES
guest_enable=YES
guest_username=ftp
local_root=/ftphome/$USER
user_sub_token=$USER
[root@westoslinux ~]# systemctl restart vsftpd
#########用户配置独立##############
user_config_dir=/etc/vsftpd/westos #在此目录中与用户名称相同的文件为用户配置文件
mkdir????????/etc/vsftpd/westos/user1
vim /etc/vsftpd/westos/user1
anon_upload_enable=YES
设定完成后westos2用户可以上传文件
westos1和westos3不行
|