搭建vsftpd实现虚拟用户访问控制
- 场景实例:
- 创建admin虚拟用户,允许上传下载删除重命名任何文件
- user1虚拟用户,允许上传下载不允许删除和重命名文件
- 匿名用户可以看到pub空间,但不能上传下载删除任何文件
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
[root@localhost vsftpd]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# yum -y install vsftpd
[root@localhost ~]# cd /etc/vsftpd/
[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@localhost vsftpd]# vim vu.list
[root@localhost vsftpd]# cat vu.list
admin
Qwer123.
user1
swdx123.
[root@localhost vsftpd]# db_load -T -t hash -f /etc/vsftpd/vu.list /etc/vsftpd/vu.db
[root@localhost vsftpd]# chmod 600 /etc/vsftpd/vu.*
[root@localhost vsftpd]# useradd -d /home/ftproot -s /sbin/nologin vftp
[root@localhost var]# chmod -R 755 /var/ftp/
[root@localhost var]# chmod -R 755 /home/ftproot/
[root@localhost var]# cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
[root@localhost var]# vim /etc/pam.d/vsftpd
[root@localhost vsftpd]# cat /etc/pam.d/vsftpd
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/vu
account required pam_userdb.so db=/etc/vsftpd/vu
[root@localhost var]# cd /etc/vsftpd/
[root@localhost vsftpd]# vim vsftpd.conf
注意以下参数和我一样就行
anonymous_enable=YES
chroot_local_user=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
guest_enable=YES
guest_username=vftp
user_config_dir=/etc/vsftpd/vusers_dir
dirlist_enable=YES
pasv_enable=YES
allow_writeable_chroot=YES
pasv_min_port=40000
pasv_max_port=50000
reverse_lookup_enable=NO
[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh vu.db vu.list
[root@localhost vsftpd]# mkdir /etc/vsftpd/vusers_dir
[root@localhost vsftpd]# cd vusers_dir/
[root@localhost vusers_dir]# ls
[root@localhost vusers_dir]#
[root@localhost vusers_dir]# vim admin
[root@localhost vusers_dir]# cat admin
local_root=/home/ftproot/
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
[root@localhost vusers_dir]# vim user1
[root@localhost vusers_dir]# cat user1
local_root=/home/ftproot/
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
[root@localhost vsftpd]# systemctl restart vsftpd.service
[root@localhost vsftpd]# cd /home/
[root@localhost home]# ls
ftproot
标签:enable,etc,访问控制,vsftpd,YES,root,localhost,搭建
From: https://www.cnblogs.com/soap-bubble/p/18114449