189 8069 5689

【linux】vstp搭建

1.上传VSTP文件到/opt
2.上传vsftpd 到/etc/pam.d

  1. #%PAM-1.0
  2. auth sufficient /lib64/security/pam_userdb.so db=/opt/vsftpd/etc/virtusers
  3. account sufficient /lib64/security/pam_userdb.so db=/opt/vsftpd/etc/virtusers
  4. session optional pam_keyinit.so force revoke
  5. auth required pam_listfile.so item=user sense=deny file=/opt/vsftpd/etc/vsftpd.user_list onerr=succeed
  6. auth required pam_shells.so
  7. auth include system-auth
  8. account include system-auth
  9. session include system-auth
  10. session required pam_loginuid.so
3.上传vstpd到/etc/init.d
 
  1. #!/bin/bash
  2. #
  3. # vsftpd This shell script takes care of starting and stopping
  4. # standalone vsftpd.
  5. #
  6. # chkconfig: - 60 50
  7. # description: Vsftpd is a ftp daemon, which is the program \
  8. # that answers incoming ftp service requests.
  9. # processname: vsftpd
  10. # config: /etc/vsftpd/vsftpd.conf
  11. # Source function library.
  12. . /etc/rc.d/init.d/functions
  13. # Source networking configuration.
  14. . /etc/sysconfig/network
  15. RETVAL=0
  16. prog="vsftpd"
  17. start() {
  18. # Start daemons.
  19. site=`basename /opt/vsftpd/etc/vsftpd.conf`
  20. echo -n $"Starting $prog for $site: "
  21. daemon /opt/vsftpd/sbin/vsftpd /opt/vsftpd/etc/vsftpd.conf &
  22. RETVAL=$?
  23. [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
  24. echo
  25. return $RETVAL
  26. }
  27. stop() {
  28. # Stop daemons.
  29. echo -n $"Shutting down $prog: "
  30. killproc $prog
  31. RETVAL=$?
  32. echo
  33. [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
  34. return $RETVAL
  35. }
  36. # See how we were called.
  37. case "$1" in
  38. start)
  39. start
  40. ;;
  41. stop)
  42. stop
  43. ;;
  44. restart|reload)
  45. stop
  46. start
  47. RETVAL=$?
  48. ;;
  49. condrestart)
  50. if [ -f /var/lock/subsys/$prog ]; then
  51. stop
  52. start
  53. RETVAL=$?
  54. fi
  55. ;;
  56. status)
  57. status $prog
  58. RETVAL=$?
  59. ;;
  60. *)
  61. echo $"Usage: $0 {start|stop|restart|condrestart|status}"
  62. exit 2
  63. esac
  64. exit $RETVAL
vstpd配置文件:/opt/vsftpd/etc/vsftpd.conf

  1. # The default compiled in settings are fairly paranoid. This sample file
  2. # loosens things up a bit, to make the ftp daemon more usable.
  3. # Please see vsftpd.conf.5 for all compiled in defaults.
  4. #
  5. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  6. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  7. # capabilities.
  8. #
  9. # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
  10. anonymous_enable=YES
  11. #
  12. # Uncomment this to allow local user to log in.
  13. local_enable=YES
  14. #
  15. # Uncomment this to enable any form of FTP write command.
  16. write_enable=YES
  17. #
  18. # Default umask for local users is 077. You may wish to change this to 022,
  19. # if your users expect that (022 is used by most other ftpd's)
  20. local_umask=022
  21. #
  22. # Uncomment this to allow the anonymous FTP user to upload files. This only
  23. # has an effect if the above global write enable is activated. Also, you will
  24. # obviously need to create a directory writable by the FTP user.
  25. #anon_upload_enable=YES
  26. #
  27. # Uncomment this if you want the anonymous FTP user to be able to create
  28. # new directories.
  29. #anon_mkdir_write_enable=YES
  30. #
  31. # Activate directory messages - messages given to remote users when they
  32. # go into a certain directory.
  33. dirmessage_enable=YES
  34. #
  35. # The target log file can be vsftpd_log_file or xferlog_file.
  36. # This depends on setting xferlog_std_format parameter
  37. xferlog_enable=YES
  38. #
  39. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  40. connect_from_port_20=YES
  41. #
  42. # If you want, you can arrange for uploaded anonymous files to be owned by
  43. # a different user. Note! Using "root" for uploaded files is not
  44. # recommended!
  45. chown_uploads=NO
  46. #chown_username=whoever
  47. #
  48. # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
  49. # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
  50. xferlog_file=/opt/vsftpd/log/vsftp.log
  51. #
  52. # Switches between logging into vsftpd_log_file and xferlog_file files.
  53. # NO writes to vsftpd_log_file, YES to xferlog_file
  54. xferlog_std_format=YES
  55. #
  56. # You may change the default value for timing out an idle session.
  57. #idle_session_timeout=600
  58. #
  59. # You may change the default value for timing out a data connection.
  60. #data_connection_timeout=120
  61. #
  62. # It is recommended that you define on your system a unique user which the
  63. # ftp server can use as a totally isolated and unprivileged user.
  64. nopriv_user=nobody
  65. #
  66. # Enable this and the server will recognise asynchronous ABOR requests. Not
  67. # recommended for security (the code is non-trivial). Not enabling it,
  68. # however, may confuse older FTP clients.
  69. #async_abor_enable=YES
  70. #
  71. # By default the server will pretend to allow ASCII mode but in fact ignore
  72. # the request. Turn on the below options to have the server actually do ASCII
  73. # mangling on files when in ASCII mode.
  74. # Beware that on some FTP servers, ASCII support allows a denial of service
  75. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  76. # predicted this attack and has always been safe, reporting the size of the
  77. # raw file.
  78. # ASCII mangling is a horrible feature of the protocol.
  79. #ascii_upload_enable=YES
  80. #ascii_download_enable=YES
  81. #
  82. # You may fully customise the login banner string:
  83. #ftpd_banner=Welcome to blah FTP service.
  84. #
  85. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  86. # useful for combatting certain DoS attacks.
  87. #deny_email_enable=YES
  88. # (default follows)
  89. #banned_email_file=/etc/vsftpd/banned_emails
  90. #
  91. # You may specify an explicit list of local users to chroot() to their home
  92. # directory. If chroot_local_user is YES, then this list becomes a list of
  93. # users to NOT chroot().
  94. chroot_list_enable=YES
  95. # (default follows)
  96. chroot_list_file=/opt/vsftpd/etc/chroot_list
  97. #
  98. # You may activate the "-R" option to the builtin ls. This is disabled by
  99. # default to avoid remote users being able to cause excessive I/O on large
  100. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  101. # the presence of the "-R" option, so there is a strong case for enabling it.
  102. #ls_recurse_enable=YES
  103. #
  104. # When "listen" directive is enabled, vsftpd runs in standalone mode and
  105. # listens on IPv4 sockets. This directive cannot be used in conjunction
  106. # with the listen_ipv6 directive.
  107. listen=YES
  108. #
  109. # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  110. # sockets, you must run two copies of vsftpd whith two configuration files.
  111. # Make sure, that one of the listen options is commented !!
  112. #listen_ipv6=YES
  113. #local_root=/ynd20_ftp
  114. pam_service_name=vsftpd
  115. userlist_enable=YES
  116. userlist_file=/opt/vsftpd/etc/vsftpd.user_list
  117. tcp_wrappers=YES
  118. chroot_local_user=YES
  119. user_config_dir=/opt/vsftpd/user_conf
  120. guest_enable=YES
  121. guest_username=pso(用户)
  122. virtual_use_local_privs=YES
  123. anon_other_write_enable=NO
  124. cmds_allowed=ABOR,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,RMD,RNFR,RNTO,SITE,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP
  125. ,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST
用户添加:/opt/vsftpd/user_conf
新建一个用户名为文件名的文件,比如dsp

  1. local_root=/eInvoice #共享目录
  2. anonymous_enable=NO
  3. write_enable=YES
  4. local_umask=022
  5. anon_upload_enable=NO
  6. anon_mkdir_write_enable=NO
  7. idle_session_timeout=600
  8. data_connection_timeout=120
  9. max_clients=10
  10. max_per_ip=5
  11. local_max_rate=50000 #上传速度 50000=50KB/s
  12. cmds_allowed=ABOR,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,RMD,RNFR,RNTO,SITE,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP
  13. ,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST,DELE
用户名,密码文件:
/opt/vsftpd/etc/virtusers
单行账号,双行密码
  1. dsp
  2. dsp@123
查看密码文件命令:strings virtusers.db 
生成密码文件数据库: db_load -T -t hash -f virtusers virtusers.db
vstp重启:service vsftpd restart



当前标题:【linux】vstp搭建
转载来源:http://cdxtjz.cn/article/jjcpos.html

其他资讯