歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

虛擬用戶的VSFTPD服務器

需求描述

1,添加三個FTP虛擬用戶devadm、sales、saleadm
2,設置用戶訪問及文件權限控制:
開放匿名訪問,任何用戶可以從/var/ftp/soft/目錄下載資料
用戶devadm可以對/var/ftp/soft/目錄進行管理
用戶sales可以從/var/market/目錄下載資料
用戶saleadm可以對/var/market/目錄進行管理
所有上傳的文件,均去除非屬主位的寫(w)權限
對服務器中沒有明確授權的其他目錄,均禁止以上用戶訪問
3,下載、上傳流量及帶寬控制:
最多允許150個並發用戶連接,每IP並發連接數不超過5個
匿名用戶及sales用戶的下載帶寬限制為100KB/秒
devadm、saleadm用戶的下載、上傳帶寬限制為500KB/秒

實現思路

注意虛擬FTP用戶數據庫的建立過程
通過配置項anon_max_rate限制傳輸速率
通過配置項anon_root設置匿名FTP用戶的默認主目錄
通過配置項local_root為個別虛擬用戶設置主目錄

實驗步驟

一,FTP服務器配置

1,配置靜態IP
[root@ftpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:c5:42:b1
IPADDR=192.168.1.10
NETMASK=255.255.255.0
[root@ftpserver ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@ftpserver ~]# chkconfig network on

2,安裝所需軟件
[root@ftpserver ~]# rpm -q vsftpd
package vsftpd is not installed
[root@ftpserver ~]# mount /dev/cdrom /media/
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@ftpserver ~]# rpm -ivh /media/Server/vsftpd-2.0.5-16.el5.i386.rpm
warning: /media/Server/vsftpd-2.0.5-16.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID
37017186
Preparing... ########################################### [100%]
1:vsftpd ########################################### [100%]
[root@ftpserver ~]# rpm -ivh /media/Server/db4-utils-4.3.29-10.el5.i386.rpm //建立數據庫文件需要用到db_load命令工具
warning: /media/Server/db4-utils-4.3.29-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key
ID 37017186
Preparing... ########################################### [100%]
1:db4-utils ########################################### [100%]

3,建立虛擬用戶數據庫
[root@ftpserver ~]# vi /etc/vsftpd/vusers.list
devadm
123
sales
456
saleadm
789
[root@ftpserver ~]# cd /etc/vsftpd/
[root@ftpserver vsftpd]# db_load -T -t hash -f vusers.list vusers.db //在db_load 命令中,“ -f ”選項用於指定用戶名/密碼列表文件,”-T“
選項允許非Berkeley DB的應用程序使用從文本格式轉換的DB數據文件,“ -t hash ”選項指定讀取數據文件的基本方法。
[root@ftpserver vsftpd]# file vusers.db
vusers.db: Berkeley DB (Hash, version 8, native byte-order)
[root@ftpserver vsftpd]# chmod 600 /etc/vsftpd/vusers.* //降低文件權限以提高安全性

4,建立映射用戶及FTP目錄
[root@ftpserver ~]# mkdir /var/ftp/soft
[root@ftpserver ~]# cat /etc/*.conf > /var/ftp/soft/test.list
[root@ftpserver ~]# cat /etc/* > /var/ftp/soft/etc.file
[root@ftpserver ~]# chown ftp /var/ftp/soft/
[root@ftpserver ~]# chmod o+w /var/ftp/soft/
[root@ftpserver ~]# ls -ld /var/ftp/soft/
drwxr-xrwx 2 ftp root 4096 01-16 23:25 /var/ftp/sof
[root@ftpserver ~]# useradd -d /var/market/ -s /sbin/nologin virtual
[root@ftpserver ~]# chmod 755 /var/market/fangan.file
[root@ftpserver ~]# ls -ld /var/market/
drwxrwxr-x 3 virtual virtual 4096 01-16 23:39 /var/market/
[root@ftpserver ~]# ls -lh /boot/ >/var/market

5,設置用於虛擬用戶的PAM文件
[root@ftpserver vsftpd]# cat /etc/pam.d/vsftpd.vu
auth required pam_userdb.so db=/etc/vsftpd/vusers
account required pam_userdb.so db=/etc/vsftpd/vusers

6,修改vsftpd.conf配置文件,添加虛擬用戶支持及其他的要求
[root@ftpserver ~]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=YES //允許匿名用戶訪問
local_enable=YES //使用虛擬用戶需要啟用本地用戶
write_enable=YES
anon_root=/var/ftp/soft //設置匿名用戶的FTP根目錄
chroot_local_user=YES //將用戶禁锢於其宿主目錄中
anon_umask=022 //設置虛擬用戶所上傳的默認權限掩碼
guest_enable=YES //啟用用戶映射功能
guest_username=virtual //將映射用戶指定為virtual
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd.vu //修改使用的PAM文件位置
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/vusers_dir //指定用戶配置目錄位置
max_clients=150
max_per_ip=5
anon_max_rate=102400

7,為各虛擬用戶建立單獨的配置文件,分別賦予權限
[root@ftpserver ~]# mkdir /etc/vsftpd/vusers_dir
[root@ftpserver ~]# cd /etc/vsftpd/vusers_dir/
[root@ftpserver vusers_dir]# vim devadm
local_root=/var/ftp/soft //指定其宿主目錄
anon_upload_enable=YES //上傳文件
anon_mkdir_write_enable=YES //創建目錄
anon_other_write_enable=YES //刪除文件目錄
anon_max_rate=512000 //上傳,下載最大帶寬
[root@ftpserver vusers_dir]# vim saleadm
anon_upload_enable=YES //上傳文件
anon_mkdir_write_enable=YES //創建目錄
anon_other_write_enable=YES //刪除文件目錄
anon_max_rate=512000 //上傳,下載最大帶寬
[root@ftpserver vusers_dir]# touch sales //為sales用戶建立空配置文件(無額外權限設置)

8,重新啟動vsftpd服務
[root@ftp ~]# service vsftpd restart
[root@ftp ~]# chkconfig vsftpd on

二,客戶端驗證

匿名用戶測試
[root@tao ~]# ftp 192.168.1.10
Connected to 192.168.1.10.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.10:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (192,168,1,10,183,58)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 108363 Jan 16 17:12 test.list
226 Directory send OK.
ftp> get test.list
local: test.list remote: test.list
227 Entering Passive Mode (192,168,1,10,122,108)
150 Opening BINARY mode data connection for test.list (108363 bytes).
226 File send OK.
108363 bytes received in 0.43 seconds (2.4e+02 Kbytes/s)

用wget命令可以測試下載速度

 

 

devadm虛擬用戶測試
[root@tao ~]# ftp 192.168.1.10
Connected to 192.168.1.10.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.10:root): devadm
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (192,168,1,10,46,28)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 108363 Jan 16 17:12 test.list
226 Directory send OK.
ftp> put install.log //上傳文件
local: install.log remote: install.log
227 Entering Passive Mode (192,168,1,10,78,163)
150 Ok to send data.
226 File receive OK.
26383 bytes sent in 0.0039 seconds (6.6e+03 Kbytes/s)
ftp> mkdir aaa //創建目錄
257 "/aaa" created
ftp> mkdir bbb //創建目錄
257 "/bbb" created
ftp> rmdir aaa //刪除目錄
250 Remove directory operation successful.
ftp> ls
227 Entering Passive Mode (192,168,1,10,48,7)
150 Here comes the directory listing.
drwxr-xr-x 2 501 501 4096 Jan 16 18:43 bbb
-rw-r--r-- 1 501 501 26383 Jan 16 18:42 install.log
-rw-r--r-- 1 0 0 108363 Jan 16 17:12 test.list
226 Directory send OK.
ftp> get test.list
local: test.list remote: test.list
227 Entering Passive Mode (192,168,1,10,158,196)
150 Opening BINARY mode data connection for test.list (108363 bytes).
226 File send OK.
108363 bytes received in 0.1 seconds (1.1e+03 Kbytes/s)

用wget命令可以測試下載速度

 

 

sales虛擬用戶測試
[root@tao ~]# ftp 192.168.1.10
Connected to 192.168.1.10.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.10:root): sales
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,10,103,148)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 427 Jan 16 15:41 fangan.file
-rw-r--r-- 1 501 501 26383 Jan 16 17:17 install.log
226 Directory send OK.
ftp> pwd
257 "/"
ftp> put aa.txt
local: aa.txt remote: aa.txt
227 Entering Passive Mode (192,168,1,10,222,26)
550 Permission denied. 上傳拒絕
ftp> get fangan.file
local: fangan.file remote: fangan.file
227 Entering Passive Mode (192,168,1,10,113,187)
150 Opening BINARY mode data connection for fangan.file (427 bytes).
226 File send OK.
427 bytes received in 0.00019 seconds (2.2e+03 Kbytes/s)
ftp> quit
221 Goodbye.

saleadm虛擬用戶測試
[root@tao ~]# ls
aa.txt Desktop fangan.file install.log test.list yp.conf
anaconda-ks.cfg etcconf.list ftpconfig.tar.bz2 install.log.syslog vutest.list yum.conf
[root@tao ~]# ftp 192.168.1.10
Connected to 192.168.1.10.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.10:root): saleadm
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (192,168,1,10,184,75)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 427 Jan 16 15:41 fangan.file
-rw-r--r-- 1 501 501 26383 Jan 16 17:17 install.log
226 Directory send OK.
ftp> put aa.txt //上傳文件
local: aa.txt remote: aa.txt
227 Entering Passive Mode (192,168,1,10,123,252)
150 Ok to send data.
226 File receive OK.
ftp> mkdir saleadm //創建目錄
257 "/saleadm" created
ftp> ls
227 Entering Passive Mode (192,168,1,10,62,152)
150 Here comes the directory listing.
-rw-r--r-- 1 501 501 0 Jan 16 18:53 aa.txt
-rw-r--r-- 1 0 0 427 Jan 16 15:41 fangan.file
-rw-r--r-- 1 501 501 26383 Jan 16 17:17 install.log
drwxr-xr-x 2 501 501 4096 Jan 16 18:54 saleadm
226 Directory send OK.
ftp> delete install.log //刪除文件
250 Delete operation successful.
ftp> ls
227 Entering Passive Mode (192,168,1,10,211,68)
150 Here comes the directory listing.
-rw-r--r-- 1 501 501 0 Jan 16 18:53 aa.txt
-rw-r--r-- 1 0 0 427 Jan 16 15:41 fangan.file
drwxr-xr-x 2 501 501 4096 Jan 16 18:54 saleadm
226 Directory send OK.

Copyright © Linux教程網 All Rights Reserved