Continue to configure VSFTP today, mainly want to add some user controls, implement different permissions of different users
Implement different permissions from three users:
A. UPLOAD users, you can upload downloads, you can create a new folder, but you can't delete files and folders, you cannot rename the original files and folders;
B. Download users can only download;
C.Admin users, administrators, can be uploaded, can be downloaded, can create new folders, can delete and change files and folder names.
These users cannot log in to the system and lock in their own catalog when using FTP connections.
Create a list of users logins.txt contents
Upload
PWD
Download
PWD
admin
PWD
Note, this text file format is: single behavior user name, even behavior password
Establish a visitor's password library file and modify its permissions
DB_LOAD -T -T HASH -F /TMP/LOGINS.TXT / Etc/vsftpd/vsftpd_login.db
Create ftp.vu in /etc/pam.d/ Add the following information
Auth Required /Lib/security/pam_userdb.so db = / etc / vsftpd / vsftpd_login
Account Required /Lib/security/pam_userdb.so db = / etc / vsftpd / vsftpd_login
In / var / ftp / create a directory and change its properties and its homeowner
UserAdd -d / var / ftp / test virtule
CHMOD 700 / VAR / FTP / TEST
Add Test_File test files in the catalog
Create a Virtual file directory / etc / vsftpd / user_conf and create a configuration file named by a username in the file directory
Download Upload Admin
Download content
Anon_World_Readable_only = no (Open Download Permissions for Download User - Only Download; Note Don't write to Yes, otherwise you will not list files and directories)
UPLOAD content
Anon_World_Readable_only = no
Write_enable = yes (increasing write permissions)
Anon_upload_enable = yes (add upload authority)
Anon_mkdir_write_enable = yes (add permission to create a directory)
Admin content
Anon_World_Readable_only = no
Write_enable = yes (increasing write permissions)
Anon_upload_enable = yes (add upload authority)
Anon_mkdir_write_enable = yes (add permission to create a directory)
Anon_other_write_enable = yes (add permission to delete / rename the administrator user)
Insert the following configuration statement in the /etc/vsftpd/vsftpd.conf file
Guest_enable = YES (Enable virtual users)
Guest_Username = Virtual (map virtual users to local Virtual users)
PAM_SERVICE_NAME = ftp.vu (specifying the PAM configuration file for ftp.vu)
User_config_dir = / etc / vsftpd / user_conf (Specify the storage path of different virtual user profiles)
Restart VSFTPDService vsftpd Restart
Everything OK
PS: My vsftpd.conf # Example config file /etc/vsftpd.conf## The default compiled in settings are fairly paranoid This sample file # loosens things up a bit, to make the ftp daemon more usable # Please see vsftpd. .conf.5 for all compiled in defaults ## READ THIS:. This example file is NOT an exhaustive list of vsftpd options # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities ##.. Allow anonymous FTP (Beware - allowed by default if you comment this out)? .anonymous_enable = YES ## Uncomment this to allow local users to log in.local_enable = YES ## Uncomment this to enable any form of FTP write command.write_enable = YES ## Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask = 022 ## Uncomment this to allow the anonymous FTP user to upload Files. This Only # HAS An Effect If The Above Global Write Enable is activated. Also, you will # Obviously recombine to create a directory Writable by the FTP user.anon_upload_enable = NO ## Uncomment this if you want the anonymous FTP user to be able to create # new directories.anon_mkdir_write_enable = NO ## Activate directory messages - messages given to remote users when they # go into a certain directory .dirmessage_enable = YES ## Activate logging of uploads / downloads.xferlog_enable = YES ## Make sure PORT transfer connections originate from port 20 (ftp-data) .connect_from_port_20 = YES ## If you want, you can arrange for uploaded anonymous files to Be owned by # a Different User. Note! Using "root" for uploaded files is not # recomment! # chown_uploads = yes # chown_username =
whoever ## You may override where the log file goes if you like. The default is shown # below. # xferlog_file = / var / log / vsftpd.log ## If you want, you can have your log file in standard ftpd xferlog formatxferlog_std_format = YES ## you may change the default value for timing out an idle session.idle_session_timeout = 600 ## you may change the default value for timing out a data connection.data_connection_timeout = 120 ## It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. # nopriv_user = ftpsecure ## Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. # async_abor_enable = YES ## By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on Files when in ascii mode. # Beware That Turning on ASCI i_download_enable enables malicious remote parties # to consume your I / O resources, by issuing the command "SIZE / big / file" in # ASCII mode. # These ASCII options are split into upload and download because you may wish # to enable ASCII uploads ( to prevent uploaded scripts etc. from breaking), # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be # on the client anyway .. # ascii_upload_enable = YES # ascii_download_enable = YES ## You may fully customise the login banner string : ftpd_banner = Welcome to my ftp service. ## You specifying a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain dos attacks. # de Neny_email_enable =
YES # (default follows) # banned_email_file = / etc / vsftpd.banned_emails ## You may specify an explicit list of local users to chroot () to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot (). # chroot_list_enable = YES # (default follows) # chroot_list_file = / etc / vsftpd.chroot_list ## You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users Being Able To Cause Excessive I / O On Large # Sites. HOWEVER, Some Broken FTP Clients Such AS "NCFTP" and "mirror" Assume # The Presence of the "-r" option, soled. # ls_recurse_enable = yespam_service_name = vsftpduserlist_enable = yes # enable for standalone model = yestcp_wrappers = yes
anon_world_readable_only = noaccept_timeout = 60connect_timeout = 60max_clients = 100max_per_ip = 4anon_max_rate = 50000local_max_rate = 100000pasv_min_port = 50000pasv_max_port = 60000anon_other_write_enable = nochroot_local_user = yesguest_enable = yesguest_username = virtualpam_service_name = ftp.vuuser_config_dir = / etc / vsftpd / virtual I adminanon_world_readable_only = nowrite_enable = yesanon_upload_enable = yesanon_other_write_enable = yesanon_mkdir_write_enable = YESANON_MAX_RATE = 8000000
