#!/bin/bash
#vsftp install
. /etc/rc.d/init.d/functions
NUM=`rpm -q centos-release | awk -F '-' '{print $3}'`
users=/etc/vsftpd/vftpuser.txt
login=/etc/vsftpd/vftpuser.db
generate_db="db_load -T -t hash -f $users $login"
virtual_user_config=/etc/vsftpd/vuser_conf
virtual_user_home=/data/www
guest_username=ftpwww
Centos7_firewall(){
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload
}
Centos6_iptables(){
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
service iptables save
}
install_vsftpd(){
if [[ $NUM -eq 6 ]];then
Centos6_iptables
elif [[ $NUM -eq 7 ]];then
Centos7_firewall
fi
setenforce 0
yum -y install db4-utils
yum -y install vsftpd
if [[ $NUM -eq 7 ]];then
systemctl enable vsftpd
elif [[ $NUM -eq 6 ]];then
chkconfig vsftpd on
fi
useradd -s /sbin/nologin ${guest_username}
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
cat >/etc/vsftpd/vsftpd.conf<<EOF
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
pasv_enable=YES
pasv_min_port=60000
pasv_max_port=61000
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
guest_enable=YES
guest_username=${guest_username}
user_config_dir=/etc/vsftpd/vuser_conf
#allow_writeable_chroot=YES
EOF
mkdir /etc/vsftpd/vuser_conf
mkdir /etc/vsftpd/chroot_list
echo 'auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vftpuser' > /etc/pam.d/vsftpd
echo 'account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vftpuser' >> /etc/pam.d/vsftpd
touch /etc/vsftpd/vftpuser.txt
if [[ $NUM -eq 7 ]];then
systemctl restart vsftpd
elif [[ $NUM -eq 6 ]];then
service vsftpd restart
fi
[ $? -eq 0 ]&&action $"Install vsftp:" /bin/true||action $"Install vsftp:" /bin/false
iptables -A INPUT -p tcp --dport 60000:61000 -j ACCEPT
iptables-save >>/etc/sysconfig/iptables
}
add_user(){
mkdir -p /data/www/$1
not_enough_parameter=56
retval=0
if [ "$#" -ne 2 ]; then
echo "usage:`basename $0` <useradd> <user_name> <password>."
exit $not_enough_parameter
fi
if grep -q "$1" "$users"; then
passwd=$(sed -n "/$1/{n;p;}" "$users")
if [ "$passwd" = "$2" ]; then
echo "the user $1 already exists."
exit $retval
else
echo "updating $1's password ... "
sed -i "/$1/{n;s/$passwd/$2/;}" "$users"
eval "$generate_db"
exit $retval
fi
fi
for i in "$1" "$2"
do
echo "$i" >> "$users"
done
eval "$generate_db"
cat >> "$virtual_user_config"/"$1" <<EOF
local_root=$virtual_user_home/$1
write_enable=YES
download_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_umask=022
EOF
mkdir "$virtual_user_home"/"$1"
chown $guest_username "$virtual_user_home"/"$1"
echo "==========$users============"
cat $users
}
case "$1" in
'install')
install_vsftpd
echo '----------------------------'
echo '----------------------------'
rpm -q vsftpd
echo " "
whereis vsftpd
;;
'useradd')
add_user $2 $3
echo '----------------------------'
echo '----------------------------'
rpm -q vsftpd
echo " "
whereis vsftpd
;;
*)
echo "usage: $0 {install|useradd}"
exit 1
;;
esac