FTP服务器的配置实验
 
匿名用户访问
[root@server1 ~]# vim /etc/vsftpd/vsftpd.conf
 
 
[root@server1 ~]# chmod a+w /var/ftp/pub/
[root@server1 ~]# setsebool -P allow_ftpd_anon_write=1
[root@server1 ~]# setsebool -P allow_ftpd_full_access=1
[root@server1 ~]# /etc/init.d/vsftpd restart
测试结果
创建文件夹
删除文件
没有禁锢家目录
 
禁锢家目录
 
禁锢指定用户的目录
禁锢wangfc用户的目录
 
公共账号
·upload主要完成文件上传的功能具有上传创建文件的权限
·download主要完成下载文件功能
.admin主要完成管理
[root@server1 ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
pasv_enable=YES
pam_service_name=vsftpd.vu
pasv_min_port=3001
pasv_max_port=3100
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vsftpd_user_conf
 
[root@server1 ~]# cat <<! >logins.txt
> upload
> 123
> download
> 123
> admin
> 123
> !
[root@server1 ~]# cat logins.txt
upload
123
download
123
admin
123
 
[root@server1
[root@server1 ~]# chmod 600 /etc/vsftpd/vsftpd_login_db
[root@server1 ~]# ll /etc/vsftpd/vsftpd_login_db
-rw-------. 1 root root 12288  8 21 17:46 /etc/vsftpd/vsftpd_login_db
 ~]# db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login_db
 
[root@server1 ~]# mkdir /home/ftpsite
[root@server1 ~]# useradd -d /home/ftpsite/ vuser
[root@server1 ~]# chmod 700 /home/ftpsite/
 
[root@server1 ~]# vim  /etc/pam.d/vsftpd.vu
 
 
 
单独的虚拟用户配置文件
 
[root@server1 vsftpd]# mkdir vsftpd_user_conf
[root@server1 vsftpd_user_conf]# vim download
anon_world_readable_only=NO    
write_enable=YES
anon_max_rate=30000
[root@server1 vsftpd_user_conf]# vim upload
anon_upload_enable=YES
anon_max_rate=20000
anon_mkdir_write_enable=YES
 
[root@server1 vsftpd_user_conf]# vim admin
anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_max_rate=30000
 
[root@server1 ~]# /etc/init.d/vsftpd restart
 
SSL+FTP
[root@server1 ~]#cd /etc/pki/tls/certs/
[root@server1 certs]# openssl req -new -x509 -nodes -out /etc/vsftpd/vsftpd.pem -keyout /etc/vsftpd/vsftpd.pem
Generating a 2048 bit RSA private key
..........+++
...........................................................................................................................................................+++
writing new private key to '/etc/vsftpd/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:YN
Locality Name (eg, city) [Default City]:KM
Organization Name (eg, company) [Default Company Ltd]:Kmhc
Organizational Unit Name (eg, section) []:kmhc
Common Name (eg, your name or your server's hostname) []:server1.example.com
Email Address []:root@email.com
[root@server1 ~]# cd /etc/vsftpd/
[root@server1 vsftpd]# chmod 600 vsftpd.pem
 
vsftpd添加设置SSL安全传输
使用命令whereis openssl发现已安装SSL,所以就未进行安装部份,直接进入下面创建证书:
#openssl req -new -x509 -nodes -out /etc/vsftpd/vsftpd.pem -keyout /etc/vsftpd/vsftpd.pem
按步骤填写相关内容后,生成vsftpd.pem证书
修改vsftpd.conf文件,加入一些内容:
ssl_enable=YES
ssl_sslv2=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
重起vsftpd即可。