Linux ftp介绍
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux ftp介绍相关的知识,希望对你有一定的参考价值。
FTP工作模式分主动跟被动两种
匿名用户跟系统用户配置
1、安装
[[email protected] pam.d]# yum install vsftpd
[[email protected] pam.d]# rpm -qc vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
#更多查看
[[email protected] pam.d]# rpm -ql vsftpd
#家目录
[[email protected] pam.d]# grep ‘ftp‘ /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin2、启动
[[email protected] pam.d]# systemctl start vsftpd
[[email protected] pam.d]# ps -ef|grep vsftpd
root 3090 1 0 14:19 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[[email protected] pam.d]# ss -antup|grep vs
tcp LISTEN 0 32 :::21 :::* users:(("vsftpd",pid=3090,fd=3))3、客户端安装 匿名登入
[[email protected] test]# yum install lftp
#vsftpd以ftp用户的身份运行进程,默认认用户即为ftp用户,匿名用户的默认路径即ftp用户的家目录/var/ftp
# ftp, anonymous
#匿名
[[email protected] test]# lftp -u ftp 172.16.86.202
Password:
lftp [email protected]:~> ls
drwxr-xr-x 2 0 0 6 Aug 03 2017 pub
#匿名
[[email protected] test]# lftp -u anonymous 172.16.86.202
Password:
lftp [email protected]:~>lftp命令介绍
4、认证方式查看 默认用系统用户验证方式
[[email protected] ~]# cat /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed #黑名单,由于报文是明文。防止root等用户登入
auth required pam_shells.so
auth include password-auth #cat /etc/pam.d/password-auth 跟服务器账号登入认证同一个
account include password-auth
session required pam_loginuid.so
session include password-auth[[email protected] ~]# useradd zander
[[email protected] ~]# echo ‘zander‘|passwd zander --stdin
[[email protected] test]# lftp -u zander 172.16.86.202
Password:
lftp [email protected]:~> ls -a
drwx------ 2 1000 1000 62 May 20 06:59 .
drwxr-xr-x 3 0 0 20 May 20 06:59 ..
-rw-r--r-- 1 1000 1000 18 Aug 02 2017 .bash_logout
-rw-r--r-- 1 1000 1000 193 Aug 02 2017 .bash_profile
-rw-r--r-- 1 1000 1000 231 Aug 02 2017 .bashrc
lftp [email protected]:~> pwd
ftp://[email protected]/%2Fhome/zander
lftp [email protected]:~> put a.txt
838 bytes transferred5、配置文件
[[email protected] ~]# man vsftpd.conf
[[email protected] pam.d]# cp /etc/vsftpd/vsftpd.conf{,.bak}
[[email protected] pam.d]# vim /etc/vsftpd/vsftpd.conf
#匿名使用方法 __________________________________________________________________________________
#[[email protected] ftp]# ll -d /var/ftp
#匿名登入都在此目录下,这个目录属于root。不能修改权限,若想要匿名能读写,则在这个目录下面创建子目录
#drwxr-xr-x 4 root root 28 5月 20 15:19 /var/ftp
#[[email protected] ftp]# mkdir /var/ftp/ftp
#[[email protected] ftp]# chown ftp.ftp /var/ftp/ftp #配合下面设置
anonymous_enable=YES # 是否启用匿名账号 登入后下载
#anon_upload_enable=YES # 上传文件
#anon_mkdir_write_enable=YES # 创建上传目录
#anon_other_write_enable=YES # 删除文件目录
#系统用户配置__________________________________________________________________________________
local_enable=YES #是否启用本地用户
write_enable=YES #写权限包含所有读写删
local_umask=022
chroot_local_user=YES #禁锢所有本地用户 于其家目录;需要事先去除用户对家目录的写权限; 跟下面两项不能同时使用 [[email protected] ftp]# chmod a-w /home/zander 如果开些锁住功能没有减去写权限,则登入失败
#上面下面两项不要同时使用
#chroot_list_enable=YES #禁锢局部
#chroot_list_file=/etc/vsftpd/chroot_list
#定义黑名单
#/etc/vsftpd/ftpusers 在这个文件下的系统用户是不能登入的,因为ftp报文传输是明文
#[[email protected] ftp]# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
#root
#bin
#....
#定义白名单
#启用/etc/vsftpd/user_list文件来控制可登录用户;
userlist_enable=YES
userlist_deny=YES 默认是黑名单
YES:意味着此为黑名单;
NO:白名单;
#上传下载速率__________________________________________________________________________________
anon_max_rate=0
local_max_rate=0
#并发连接数限制__________________________________________________________________________________
max_clients=2000
max_per_ip=50虚拟用户配置
1、编译pam_mysql
[[email protected] pam_mysql-0.7RC1]# yum -y install pam-devel
[[email protected] packages]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
[[email protected] packages]# tar xf pam_mysql-0.7RC1.tar.gz
[[email protected] pam_mysql-0.7RC1]# ./configure --with-pam=/usr --with-mysql=/www/server/mysql --with-pam-mods-dir=/usr/lib64/security
[[email protected] pam_mysql-0.7RC1]# make && make install
[[email protected] vuser]# head /var/log/secure
May 20 20:42:19 localhost vsftpd[24322]: PAM unable to dlopen(/usr/lib64/security/pam_mysql.so): /usr/lib64/security/pam_mysql.so: undefined symbol: make_scrambled_password
#上述官网包有点问题
[[email protected] pam_mysql-0.7RC1]# wget http://repo.iotti.biz/CentOS/7/x86_64/pam_mysql-0.8.1-0.22.el7.lux.x86_64.rpm
[[email protected] pam_mysql-0.7RC1]# yum install pam_mysql-0.8.1-0.22.el7.lux.x86_64.rpm
[[email protected] pam_mysql-0.7RC1]# ls /usr/lib64/security/pam_mysql.so
/usr/lib64/security/pam_mysql.so2、初始化数据库
mysql> create database vsftpd;
mysql> create table users (id int AUTO_INCREMENT NOT NULL,name char(100) NOT NULL,password char(100) NOT NULL,unique key(name),primary key(id));
mysql> insert into users (name,password) values(‘tom‘,PASSWORD(‘tom‘)),(‘jack‘,PASSWORD(‘jack‘));
mysql> grant select on vsftpd.* to [email protected]‘127.0.0.1‘ identified by ‘111111‘;
mysql> FLUSH PRIVILEGES;
mysql> select * from users;
+----+------+-------------------------------------------+
| id | name | password |
+----+------+-------------------------------------------+
| 1 | tom | *71FF744436C7EA1B954F6276121DB5D2BF68FC07 |
| 2 | jack | *9BCDC990E611B8D852EFAF1E3919AB6AC8C8A9F0 |
+----+------+-------------------------------------------+
2 rows in set (0.00 sec)3、创建虚拟用户映射
[[email protected] ~]# mkdir /ftproot
[[email protected] ~]# useradd -d /ftproot/vuser vuser
[[email protected] ~]# mkdir /ftproot/vuser/pub
[[email protected] ~]# chown vuser.vuser /ftproot/vuser/pub
[[email protected] mysql]# chmod a-w /ftproot/vuser
#注意vuser目录下是没有写权限的,只能在这个目录下建立能写的目录4、配置文件
[[email protected] ~]# vim /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=111111 host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=111111 host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[[email protected] vsftpd]# vim vsftpd.conf
pam_service_name=vsftpd.vusers
guest_enable=YES
guest_username=vuser #映射上面创建的用户
user_config_dir=/etc/vsftpd/vusers_config/
[[email protected] vuser]# mkdir /etc/vsftpd/vusers_config/
[[email protected] vuser]# vim /etc/vsftpd/vusers_config/tom
anon_upload_enable=YES
anon_mkdir_write_enable=YES
以上是关于Linux ftp介绍的主要内容,如果未能解决你的问题,请参考以下文章