码迷,mamicode.com
首页 > 其他好文 > 详细

pureftp、vsftp部署及优化

时间:2015-07-23 00:54:10      阅读:168      评论:0      收藏:0      [点我收藏+]

标签:pure-ftp、vsftp部署及优化

pure-ftp部署及优化

pure-ftpd 官网 http://www.pureftpd.org/project/pure-ftpd

ftp服务器上:

[root@ client mnt]# cd /usr/local/src/

[root@ client src]#wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.40.tar.gz

[root@ client src]# tar zxvf pure-ftpd-1.0.40.tar.gz

[root@ client src]# cd pure-ftpd-1.0.40

[root@ client pure-ftpd-1.0.40]# ls

[root@ client pure-ftpd-1.0.40]# ./configure \

--prefix=/usr/local/pureftpd \

--without-inetd \

--with-altlog \

--with-puredb \

--with-throttling \

--with-peruserlimits  \

--with-tls

 

 

[root@ client pure-ftpd-1.0.40]# make

[root@client pure-ftpd-1.0.40]# make install

[root@client pure-ftpd-1.0.40]# ls /usr/local/pureftpd/

bin  sbin  share

[root@client pure-ftpd-1.0.40]# mkdir -p /usr/local/pureftpd/etc/

[root@client pure-ftpd-1.0.40]# cd configuration-file

[root@client configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc/pure-ftpd.conf

[root@client configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin/pure-config.pl

[root@client configuration-file]# chmod 755 /usr/local/pureftpd/sbin/pure-config.pl

[root@client configuration-file]# vim /usr/local/pureftpd/etc/pure-ftpd.conf

ChrootEveryone              yes

BrokenClientsCompatibility  no

MaxClientsNumber            50

Daemonize                   yes

MaxClientsPerIP             8

VerboseLog                  no

DisplayDotFiles             yes

AnonymousOnly               no

NoAnonymous                 no

SyslogFacility              ftp

DontResolve                 yes

MaxIdleTime                 15

PureDB                        /usr/local/pureftpd/etc/pureftpd.pdb

LimitRecursion              3136 8

AnonymousCanCreateDirs      no

MaxLoad                     4

AntiWarez                   yes

Umask                       133:022

MinUID                      100

AllowUserFXP                no

AllowAnonymousFXP           no

ProhibitDotFilesWrite       no

ProhibitDotFilesRead        no

AutoRename                  no

AnonymousCantUpload         no

PIDFile                     /usr/local/pureftpd/var/run/pure-ftpd.pid

MaxDiskUsage               99

CustomerProof              yes

 

[root@client configuration-file]# mkdir /tmp/ftp

[root@client configuration-file]# tail /etc/passwd

tom:x:500:500::/home/tom:/bin/bash

[root@client configuration-file]# chown -R tom:tom /tmp/ftp/

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw useradd ftpuser1  -utom -d /tmp/ftp

Password:

Enter it again:

//创建虚拟用户

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw mkdb

//创建密码文件

[root@client configuration-file]# /usr/local/pureftpd/bin/pure-pw list

ftpuser1            /tmp/ftp/./

//列出用户

 

[root@client configuration-file]# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

//启动

 

[root@client configuration-file]# /etc/init.d/rpcbind stop

[root@client configuration-file]# /etc/init.d/nfs stop

 

[root@client configuration-file]# ps aux |grep pure

root     31728  0.0  0.0   9248   600 ?        Ss   17:27   0:00 pure-ftpd (SERVER)                                        

root     31730  0.0  0.0   4356   748 pts/0    S+   17:28   0:00 grep pure

[root@client configuration-file]# netstat -lnp |grep ftp

tcp     0    0 0.0.0.0:21             0.0.0.0:*        LISTEN      31728/pure-ftpd (SE

tcp     0      0 :::21             :::*               LISTEN     31728/pure-ftpd (SE

 

 

[root@client configuration-file]# lftp ftpuser1@192.168.137.21

Password:

lftp ftpuser1@192.168.137.21:~> ls

drwxr-xr-x    2 500        tom              4096 Jul 21 16:28 .

drwxr-xr-x    2 500        tom              4096 Jul 21 16:28 ..

lftp ftpuser1@192.168.137.21:~> mkdir 123

mkdir ok, `123‘ created

lftp ftpuser1@192.168.137.21:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:36 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:36 ..

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

lftp ftpuser1@192.168.137.21:/> quit

 

[root@client configuration-file]# ls /tmp/ftp/

123

[root@client configuration-file]# tail /var/log/messages

[root@client configuration-file]# cd /tmp/ftp/

[root@client ftp]# touch 12.txt

[root@client ftp]# vim 12.txt

12123

 

另一台客户端登入:

[root@wangchao ~]#  lftp ftpuser1@192.168.137.21

Password:

lftp ftpuser1@192.168.137.21:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:38 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:38 ..

-rw-r--r--    1 0          0                   6 Jul 21 16:38 12.txt

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

lftp ftpuser1@192.168.137.21:/> ?             //查看有哪些命令

lftp ftpuser1@192.168.137.21:/> get 12.txt

6 bytes transferred

lftp ftpuser1@192.168.137.21:/> quit

[root@wangchao ~]# cat 12.txt

12123

[root@wangchao ~]# vim 11.txt

555555555

[root@wangchao ~]#  lftp ftpuser1@192.168.137.21

lftp ftpuser1@192.168.137.21:~> put 11.txt

10 bytes transferred

lftp ftpuser1@192.168.137.21:/> ls

drwxr-xr-x    3 500        tom              4096 Jul 21 16:48 .

drwxr-xr-x    3 500        tom              4096 Jul 21 16:48 ..

-rw-r--r--    1 500        tom                10 Jul 20 19:28 11.txt

-rw-r--r--    1 0          0                   6 Jul 21 16:38 12.txt

drwxr-xr-x    2 500        tom              4096 Jul 21 16:36 123

//上传成功

 

 

 

服务端:

[root@client ftp]# ls

11.txt  123  12.txt

[root@client ftp]# cat 11.txt                //查看上传的文件成功了

555555555

 

 

 

vsftp部署及优化

[root@client ftp]# yum install -y vsftp

[root@client ftp]# killall pure-ftpd

[root@client ftp]# /etc/init.d/vsftpd start

[root@client ftp]# lftp tom@192.168.137.21

Password:

lftp tom@192.168.137.21:~> ls

lftp tom@192.168.137.21:~>

//无文件

 

[root@client ~]# ls /home/tom/                      //因为他的家目录下无任何文件

You have new mail in /var/spool/mail/root

[root@client ~]# touch /home/tom/112.txt

[root@client ~]# mkdir /home/tom/aabb

[root@client tom]# ls

112.txt  aabb

 

 

客户端登入:

//查看已创建了文件

[root@wangchao ~]# lftp tom@192.168.137.21

lftp tom@192.168.137.21:~> ls

-rw-r--r--    1 0        0               0 Jul 21 09:06 112.txt

drwxr-xr-x    2 0        0            4096 Jul 21 09:06 aabb

lftp tom@192.168.137.21:~> cd /etc/

cd ok, cwd=/etc

lftp tom@192.168.137.21:/etc>

lftp tom@192.168.137.21:/etc> ls                          

//进入etc目录下,此操作权限过大,存在安全隐患

 

服务端配置:

[root@client tom]# vim /etc/vsftpd/vsftpd.conf

chroot_local_user=YES

[root@client tom]# /etc/init.d/vsftpd restart

 

 

 

 

客户端登入:

[root@wangchao ~]# lftp tom@192.168.137.21

Password:

lftp tom@192.168.137.21:~> cd /etc/

cd: Access failed: 550 Failed to change directory. (/etc)

lftp tom@192.168.137.21:/> cd /tmp/

cd: Access failed: 550 Failed to change directory. (/tmp)

lftp tom@192.168.137.21:/> pwd

ftp://tom@192.168.137.21/

lftp tom@192.168.137.21:/> ls

-rw-r--r--    1 0        0               0 Jul 21 09:06 112.txt

drwxr-xr-x    2 0        0            4096 Jul 21 09:06 aabb

//访问仅限在该目录下

 

 

 

 

 

建虚拟用户

[root@client tom]# useradd virftp -s /sbin/nologin

[root@client tom]# vim /etc/vsftpd/vsftpd_login           //创建用户密码文件

test1

111222

test2

aaa111

[root@client tom]# chmod 600 /etc/vsftpd/vsftpd_login

[root@client tom]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db

 

创建虚拟账号

[root@client tom]# mkdir /etc/vsftpd/vsftpd_user_conf

[root@client tom]# cd !$

cd /etc/vsftpd/vsftpd_user_conf

[root@client vsftpd_user_conf]# vim test1

local_root=/home/virftp/test1

anonymous_enable=NO

write_enable=YES

local_umask=022

anon_upload_enable=NO

anon_mkdir_write_enable=NO

idle_session_timeout=600

data_connection_timeout=120

max_clients=10

max_per_ip=5

local_max_rate=50000

 

 

 

[root@client vsftpd_user_conf]# mkdir /home/virftp/test1     //创建该家目录

[root@client vsftpd_user_conf]# chown -R virftp:virftp !$

chown -R virftp:virftp /home/virftp/test1

[root@client vsftpd_user_conf]# vim /etc/pam.d/vsftpd

auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

 

//最开头两行添加,如果是64位系统改为/lib64/security/pam_userdb.so/lib64/security/pam_userdb.so

 

[root@client vsftpd_user_conf]# cat /etc/pam.d/vsftpd        //确保文件中写的目录存在

[root@client vsftpd_user_conf]# ls /lib/security/pam_userdb.so

/lib/security/pam_userdb.so                            //存在

 

[root@client vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf

anonymous_enable=NO                      //匿名用户不能登入

local_enable=YES                           //本地系统用户可登入

anon_upload_enable=NO                    //匿名不可上传

anon_mkdir_write_enable=NO               //匿名不可创建

 

chroot_local_user=YES

guest_enable=YES                          //使虚拟用户可登入

guest_username=virftp                      // guest用户为virftp

virtual_use_local_privs=YES

user_config_dir=/etc/vsftpd/vsftpd_user_conf        //指定虚拟用户所在配置文件

 

[root@client vsftpd_user_conf]# /etc/init.d/vsftpd restart

[root@client vsftpd_user_conf]# cat /etc/vsftpd/vsftpd_login

test1

111222

test2

aaa111

[root@client vsftpd_user_conf]# lftp test1@127.0.0.1

Password:

lftp test1@127.0.0.1:~> ls

lftp test1@127.0.0.1:/> pwd

ftp://test1@127.0.0.1/

[root@client vsftpd_user_conf]# cd /home/virftp/test1/

[root@client test1]# ls

[root@client test1]# touch 2.txt

[root@client test1]# mkdir 123

[root@client test1]# lftp test1@127.0.0.1

Password:

lftp test1@127.0.0.1:~> ls

drwxr-xr-x    2 0        0            4096 Jul 21 10:13 123

-rw-r--r--    1 0        0               0 Jul 21 10:13 2.txt

//查看创建文件成功

 

 

本文出自 “Linux学习笔记” 博客,请务必保留此出处http://9656134.blog.51cto.com/9646134/1677227

pureftp、vsftp部署及优化

标签:pure-ftp、vsftp部署及优化

原文地址:http://9656134.blog.51cto.com/9646134/1677227

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!