1. 创建虚拟用户数据库文件
1.1 先创建存放虚拟用户名称和密码的文本文件(奇数行为用户名偶数行为对应的用户密码)
[root@www ~]# vim /etc/vuserdb.txt
wangzhuo
123456
gongyue
123456
1.2 将文本文件生成虚拟用户数据库文件:
[root@www ~]# db_load -T -t hash -f /etc/vuserdb.txt /etc/vsftpd/vsftpd.db
db_load命令将文本文件转换为hash格式的数据库文件,-T表示允许非伯克利数据库应用程序将文本文件加入到数据库中,-t指定数据库格式,-f指定用来生成数据库的文本文件;
1.3 为了安全更改虚拟用户数据库文件权限
[root@www ~]# chmod 600 /etc/vsftpd/vsftpd.db
2. 创建虚拟用户使用的PAM认证文件
[root@www ~]# vim /etc/pam.d/vsftpd.virtual
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd.db #.db可以省略不写
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd.db
3. 创建虚拟用户所对应的真实用户和所登录的目录并设置相应权限:
[root@www ~]# useradd -d /var/myvirtual myvirtual
[root@www ~]# chmod 744 /var/myvirtual/
4. 编辑vsftpd.conf文件:
添加:
guest_enable=YES
guest_username=myvirtual
修改为:
pam_service_name=vsftpd.virtual(一定要和第2不创建的PAM认证文件名相同)
5. 重启服务测试:
[root@www ~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
gongyue用户登录:
[root@www pam.d]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): gongyue
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
wangzhuo用户登录:
[root@www pam.d]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): wangzhuo
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
6. 配置不同的虚拟用户具有不同的权限
wangzhuo用户只能下载;
gongyue用户能下载上传删除和穿件目录;
6.1 编辑vsftpd.conf文件添加:
user_config_dir=/etc/vsftpd/virtual.users
6.2 创建该目录并且在该目录下创建虚拟用户的权限限制文件:
[root@www ~]# mkdir /etc/vsftpd/virtual.users
[root@www virtual.users]# vim wangzhuo
anon_upload_enable=NO
[root@www virtual.users]# vim gongyue
anon_upload_enable=YES
anon_mkdri_write_enable=YES
anon_other_write_enable=YES
6.3 重启服务测试:
[root@www virtual.users]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@www myvirtual]# cp /root/install.log /var/myvirtual/
wangzhuo用户权限测试:
[root@www ~]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): wangzhuo
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put inittab
local: inittab remote: inittab
227 Entering Passive Mode (192,168,85,128,168,179).
550 Permission denied.
ftp> ls
227 Entering Passive Mode (192,168,85,128,155,153).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 39935 Sep 10 13:00 install.log
-rw------- 1 502 502 969 Sep 10 12:55 yum.conf
226 Directory send OK.
ftp> get install.log
local: install.log remote: install.log
227 Entering Passive Mode (192,168,85,128,129,215).
150 Opening BINARY mode data connection for install.log (39935 bytes).
226 Transfer complete.
39935 bytes received in 0.00464 secs (8604.83 Kbytes/sec)
gongyue用户权限测试:
[root@www ~]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): gongyue
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put inittab
local: inittab remote: inittab
227 Entering Passive Mode (192,168,85,128,222,55).
150 Ok to send data.
226 Transfer complete.
884 bytes sent in 0.0264 secs (33.52 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,85,128,117,8).
150 Here comes the directory listing.
-rw------- 1 502 502 884 Sep 10 13:44 inittab
-rw-r--r-- 1 0 0 39935 Sep 10 13:00 install.log
-rw------- 1 502 502 969 Sep 10 12:55 yum.conf
226 Directory send OK.
ftp> get install.log
local: install.log remote: install.log
227 Entering Passive Mode (192,168,85,128,106,143).
150 Opening BINARY mode data connection for install.log (39935 bytes).
226 Transfer complete.
39935 bytes received in 0.00325 secs (12276.36 Kbytes/sec)
ftp> mkdir test
257 "/test" created
ftp> delete inittab
250 Delete operation successful.
阅读(1079) | 评论(0) | 转发(0) |