Vsftpd

部署vsftpd服务程序

[root@linuxprobe ~]# yum install vsftpd
[root@linuxprobe ~]# systemctl restart vsftpd
[root@linuxprobe ~]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'

[root@linuxprobe ~]# iptables -F
[root@linuxprobe ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

[root@linuxprobe vsftpd]# ls
ftpusers  user_list  vsftpd.conf  vsftpd_conf_migrate.sh
[root@linuxprobe vsftpd]# mv vsftpd.conf vsftpd
vsftpd.conf             vsftpd_conf_migrate.sh  
[root@linuxprobe vsftpd]# mv vsftpd.conf vsftpd.conf_bak
[root@linuxprobe vsftpd]# cat vsftpd.conf_bak | grep -v "#" > vsftpd.conf 
[root@linuxprobe vsftpd]# cat vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

 客户端工具：

[root@linuxprobe vsftpd]# yum install ftp -y
        # ftp是Linux系统中以命令行界面的方式来管理FTP传输服务的客户端工具

 

---

匿名访问模式

[root@linuxprobe vsftpd]# vim /etc/vsftpd/vsftpd.conf
  1 anonymous_enable=YES
  2 anon_umask=022
  3 anon_upload_enable=YES
  4 anon_mkdir_write_enable=YES
  5 anon_other_write_enable=YES
  6 local_enable=YES
  7 write_enable=YES
  8 local_umask=022
  9 dirmessage_enable=YES
 10 xferlog_enable=YES
 11 connect_from_port_20=YES
 12 xferlog_std_format=YES
 13 listen=NO
 14 listen_ipv6=YES
 15 
 16 pam_service_name=vsftpd
 17 userlist_enable=YES
 18 tcp_wrappers=YES
[root@linuxprobe vsftpd]# systemctl restart vsftpd

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> mkdir files
550 Create directory operation failed.
ftp> exit
221 Goodbye.

[root@linuxprobe ~]# ls -ld /var/ftp/pub
drwxr-xr-x. 2 root root 6 Jun 10  2014 /var/ftp/pub
[root@linuxprobe ~]# chown -Rf ftp /var/ftp/pub
[root@linuxprobe ~]# ls -ld /var/ftp/pub
drwxr-xr-x. 2 ftp root 6 Jun 10  2014 /var/ftp/pub
[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> mkdir files
550 Create directory operation failed.
ftp> exit
221 Goodbye.

[root@linuxprobe ~]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@linuxprobe ~]# setsebool -P ftpd_full_access=on

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> mkdir files
257 "/pub/files" created
ftp> rename files database
350 Ready for RNTO.
250 Rename successful.
ftp> exit
221 Goodbye.

---

 本地用户模式：

[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf
  1 anonymous_enable=NO
  2 local_enable=YES
  3 write_enable=YES
  4 local_umask=022
  5 dirmessage_enable=YES
  6 xferlog_enable=YES
  7 connect_from_port_20=YES
  8 xferlog_std_format=YES
  9 listen=NO
 10 listen_ipv6=YES
 11 
 12 pam_service_name=vsftpd
 13 userlist_enable=YES
 14 tcp_wrappers=YES
[root@linuxprobe ~]# systemctl restart vsftpd

[root@linuxprobe ~]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@linuxprobe ~]# setsebool -P ftpd_full_access=on

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): root
530 Permission denied.
Login failed.
ftp> exit
221 Goodbye.

[root@linuxprobe ~]# vim /etc/vsftpd/user_list 1 # vsftpd userlist
2 # If userlist_deny=NO, only allow users in this file
3 # If userlist_deny=YES (default), never allow users in this file, and
4 # do not even prompt for a password.
5 # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
6 # for users that are denied.
7 root
8 bin
9 daemon
10 adm
11 lp
12 sync
13 shutdown
14 halt
15 mail
16 news
17 uucp
18 operator
19 games
20 nobody
[root@linuxprobe ~]# vim /etc/vsftpd/ftpusers 
# Users that are not allowed to login via ftp
1 root
2 bin
3 daemon
4 adm
5 lp
6 sync
7 shutdown
8 halt
9 mail
10 news
11 uucp
12 operator
13 games
14 nobody

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): linuxprobe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files
257 "/home/linuxprobe/files" created
ftp> rename files database
350 Ready for RNTO.
250 Rename successful.
ftp> rmdir database
250 Remove directory operation successful.
ftp> exit
221 Goodbye.

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): linuxprobe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files
257 "/home/linuxprobe/files" created
ftp> rename files database
350 Ready for RNTO.
250 Rename successful.
ftp> rmdir database
250 Remove directory operation successful.
ftp> exit
221 Goodbye.

---

虚拟用户模式：

[root@linuxprobe ~]# cd /etc/vsftpd
[root@linuxprobe vsftpd]# vim vuser.list
 1 zhangsan
 2 redhat
 3 lisi
 4 redhat
[root@linuxprobe vsftpd]# db_load -T -t hash -f vuser.list vuser.db
[root@linuxprobe vsftpd]# file vuser.db
vuser.db: Berkeley DB (Hash, version 9, native byte-order)
[root@linuxprobe vsftpd]# chmod 600 vuser.db
[root@linuxprobe vsftpd]# rm -f vuser.list

[root@linuxprobe ~]# useradd -d /var/ftproot -s /sbin/nologin virtual
[root@linuxprobe ~]# ls -ld /var/ftproot
drwx------. 3 virtual virtual 74 Jan 15 16:23 /var/ftproot
[root@linuxprobe ~]# chmod -Rf 755 /var/ftproot

[root@linuxprobe ~]# vim /etc/pam.d/vsftpd.vu
auth    required        pam_userdb.so db=/etc/vsftpd/vuser
account required        pam_userdb.so db=/etc/usftpd/vuser

[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf
  1 anonymous_enable=NO
  2 local_enable=YES
  3 guest_enable=YES
  4 guest_username=virtual
  5 allow_writeable_chroot=YES
  6 write_enable=YES
  7 local_umask=022
  8 dirmessage_enable=YES
  9 xferlog_enable=YES
 10 connect_from_port_20=YES
 11 xferlog_std_format=YES
 12 listen=NO
 13 listen_ipv6=YES
 14 
 15 pam_service_name=vsftpd.vu
 16 userlist_enable=YES
 17 tcp_wrappers=YES

[root@linuxprobe ~]# mkdir /etc/vsftpd/vusers_dir/
[root@linuxprobe ~]# cd /etc/vsftpd/vusers_dir/
[root@linuxprobe vusers_dir]# touch lisi
[root@linuxprobe vusers_dir]# vim zhangsan
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf
  1 anonymous_enable=NO
  2 local_enable=YES
  3 guest_enable=YES
  4 guest_username=virtual
  5 allow_writeable_chroot=YES
  6 write_enable=YES
  7 local_umask=022
  8 dirmessage_enable=YES
  9 xferlog_enable=YES
 10 connect_from_port_20=YES
 11 xferlog_std_format=YES
 12 listen=NO
 13 listen_ipv6=YES
 14 
 15 pam_service_name=vsftpd.vu
 16 userlist_enable=YES
 17 tcp_wrappers=YES
 18 user_config_dir=/etc/vsftpd/vusers_dir
[root@linuxprobe ~]# systemctl restart vsftpd

[root@linuxprobe ~]# getsebool -a | grep ftp
ftp_home_dir –> off
ftpd_anon_write –> off
ftpd_connect_all_unreserved –> off
ftpd_connect_db –> off
ftpd_full_access –> off
ftpd_use_cifs –> off
ftpd_use_fusefs –> off
ftpd_use_nfs –> off
ftpd_use_passive_mode –> off
httpd_can_connect_ftp –> off
httpd_enable_ftp_server –> off
sftpd_anon_write –> off
sftpd_enable_homedirs –> off
sftpd_full_access –> off
sftpd_write_ssh_home –> off
tftp_anon_write –> off
tftp_home_dir –> off
[root@linuxprobe ~]# setsebool -P ftpd_full_access=on

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): lisi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files
550 Permission denied.
ftp> exit
221 Goodbye.

[root@linuxprobe ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): zhangsan
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files
257 "/files" created
ftp> rename files database
350 Ready for RNTO.
250 Rename successful.
ftp> rmdir database
250 Remove directory operation successful.
ftp> exit
221 Goodbye.