部署vsftpd服务程序
[root@linuxprobe ~]# yum install vsftpd [root@linuxprobe ~]# systemctl restart vsftpd [root@linuxprobe ~]# systemctl enable vsftpd ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
[root@linuxprobe ~]# iptables -F [root@linuxprobe ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@linuxprobe vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh [root@linuxprobe vsftpd]# mv vsftpd.conf vsftpd vsftpd.conf vsftpd_conf_migrate.sh [root@linuxprobe vsftpd]# mv vsftpd.conf vsftpd.conf_bak [root@linuxprobe vsftpd]# cat vsftpd.conf_bak | grep -v "#" > vsftpd.conf [root@linuxprobe vsftpd]# cat vsftpd.conf anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
客户端工具:
[root@linuxprobe vsftpd]# yum install ftp -y
# ftp是Linux系统中以命令行界面的方式来管理FTP传输服务的客户端工具
匿名访问模式
[root@linuxprobe vsftpd]# vim /etc/vsftpd/vsftpd.conf 1 anonymous_enable=YES 2 anon_umask=022 3 anon_upload_enable=YES 4 anon_mkdir_write_enable=YES 5 anon_other_write_enable=YES 6 local_enable=YES 7 write_enable=YES 8 local_umask=022 9 dirmessage_enable=YES 10 xferlog_enable=YES 11 connect_from_port_20=YES 12 xferlog_std_format=YES 13 listen=NO 14 listen_ipv6=YES 15 16 pam_service_name=vsftpd 17 userlist_enable=YES 18 tcp_wrappers=YES [root@linuxprobe vsftpd]# systemctl restart vsftpd
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd pub 250 Directory successfully changed. ftp> mkdir files 550 Create directory operation failed. ftp> exit 221 Goodbye.
[root@linuxprobe ~]# ls -ld /var/ftp/pub drwxr-xr-x. 2 root root 6 Jun 10 2014 /var/ftp/pub [root@linuxprobe ~]# chown -Rf ftp /var/ftp/pub [root@linuxprobe ~]# ls -ld /var/ftp/pub drwxr-xr-x. 2 ftp root 6 Jun 10 2014 /var/ftp/pub [root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd pub 250 Directory successfully changed. ftp> mkdir files 550 Create directory operation failed. ftp> exit 221 Goodbye.
[root@linuxprobe ~]# getsebool -a | grep ftp ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off tftp_home_dir --> off [root@linuxprobe ~]# setsebool -P ftpd_full_access=on
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd pub 250 Directory successfully changed. ftp> mkdir files 257 "/pub/files" created ftp> rename files database 350 Ready for RNTO. 250 Rename successful. ftp> exit 221 Goodbye.
本地用户模式:
[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf 1 anonymous_enable=NO 2 local_enable=YES 3 write_enable=YES 4 local_umask=022 5 dirmessage_enable=YES 6 xferlog_enable=YES 7 connect_from_port_20=YES 8 xferlog_std_format=YES 9 listen=NO 10 listen_ipv6=YES 11 12 pam_service_name=vsftpd 13 userlist_enable=YES 14 tcp_wrappers=YES [root@linuxprobe ~]# systemctl restart vsftpd
[root@linuxprobe ~]# getsebool -a | grep ftp ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off tftp_home_dir --> off [root@linuxprobe ~]# setsebool -P ftpd_full_access=on
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): root 530 Permission denied. Login failed. ftp> exit 221 Goodbye.
[root@linuxprobe ~]# vim /etc/vsftpd/user_list 1 # vsftpd userlist 2 # If userlist_deny=NO, only allow users in this file 3 # If userlist_deny=YES (default), never allow users in this file, and 4 # do not even prompt for a password. 5 # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers 6 # for users that are denied. 7 root 8 bin 9 daemon 10 adm 11 lp 12 sync 13 shutdown 14 halt 15 mail 16 news 17 uucp 18 operator 19 games 20 nobody [root@linuxprobe ~]# vim /etc/vsftpd/ftpusers # Users that are not allowed to login via ftp 1 root 2 bin 3 daemon 4 adm 5 lp 6 sync 7 shutdown 8 halt 9 mail 10 news 11 uucp 12 operator 13 games 14 nobody
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): linuxprobe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> mkdir files 257 "/home/linuxprobe/files" created ftp> rename files database 350 Ready for RNTO. 250 Rename successful. ftp> rmdir database 250 Remove directory operation successful. ftp> exit 221 Goodbye.
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): linuxprobe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> mkdir files 257 "/home/linuxprobe/files" created ftp> rename files database 350 Ready for RNTO. 250 Rename successful. ftp> rmdir database 250 Remove directory operation successful. ftp> exit 221 Goodbye.
虚拟用户模式:
[root@linuxprobe ~]# cd /etc/vsftpd [root@linuxprobe vsftpd]# vim vuser.list 1 zhangsan 2 redhat 3 lisi 4 redhat [root@linuxprobe vsftpd]# db_load -T -t hash -f vuser.list vuser.db [root@linuxprobe vsftpd]# file vuser.db vuser.db: Berkeley DB (Hash, version 9, native byte-order) [root@linuxprobe vsftpd]# chmod 600 vuser.db [root@linuxprobe vsftpd]# rm -f vuser.list
[root@linuxprobe ~]# useradd -d /var/ftproot -s /sbin/nologin virtual [root@linuxprobe ~]# ls -ld /var/ftproot drwx------. 3 virtual virtual 74 Jan 15 16:23 /var/ftproot [root@linuxprobe ~]# chmod -Rf 755 /var/ftproot
[root@linuxprobe ~]# vim /etc/pam.d/vsftpd.vu auth required pam_userdb.so db=/etc/vsftpd/vuser account required pam_userdb.so db=/etc/usftpd/vuser
[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf 1 anonymous_enable=NO 2 local_enable=YES 3 guest_enable=YES 4 guest_username=virtual 5 allow_writeable_chroot=YES 6 write_enable=YES 7 local_umask=022 8 dirmessage_enable=YES 9 xferlog_enable=YES 10 connect_from_port_20=YES 11 xferlog_std_format=YES 12 listen=NO 13 listen_ipv6=YES 14 15 pam_service_name=vsftpd.vu 16 userlist_enable=YES 17 tcp_wrappers=YES
[root@linuxprobe ~]# mkdir /etc/vsftpd/vusers_dir/ [root@linuxprobe ~]# cd /etc/vsftpd/vusers_dir/ [root@linuxprobe vusers_dir]# touch lisi [root@linuxprobe vusers_dir]# vim zhangsan anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
[root@linuxprobe ~]# vim /etc/vsftpd/vsftpd.conf 1 anonymous_enable=NO 2 local_enable=YES 3 guest_enable=YES 4 guest_username=virtual 5 allow_writeable_chroot=YES 6 write_enable=YES 7 local_umask=022 8 dirmessage_enable=YES 9 xferlog_enable=YES 10 connect_from_port_20=YES 11 xferlog_std_format=YES 12 listen=NO 13 listen_ipv6=YES 14 15 pam_service_name=vsftpd.vu 16 userlist_enable=YES 17 tcp_wrappers=YES 18 user_config_dir=/etc/vsftpd/vusers_dir [root@linuxprobe ~]# systemctl restart vsftpd
[root@linuxprobe ~]# getsebool -a | grep ftp ftp_home_dir –> off ftpd_anon_write –> off ftpd_connect_all_unreserved –> off ftpd_connect_db –> off ftpd_full_access –> off ftpd_use_cifs –> off ftpd_use_fusefs –> off ftpd_use_nfs –> off ftpd_use_passive_mode –> off httpd_can_connect_ftp –> off httpd_enable_ftp_server –> off sftpd_anon_write –> off sftpd_enable_homedirs –> off sftpd_full_access –> off sftpd_write_ssh_home –> off tftp_anon_write –> off tftp_home_dir –> off [root@linuxprobe ~]# setsebool -P ftpd_full_access=on
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): lisi 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> mkdir files 550 Permission denied. ftp> exit 221 Goodbye.
[root@linuxprobe ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): zhangsan 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> mkdir files 257 "/files" created ftp> rename files database 350 Ready for RNTO. 250 Rename successful. ftp> rmdir database 250 Remove directory operation successful. ftp> exit 221 Goodbye.