In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains the principle and usage of FTP virtual users. Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let Xiaobian take you to learn "the principle and usage of FTP virtual users"!
Virtual User Principle
Because under linux, after using vsftp to create a user, the default ftp access will access the corresponding user's home directory. If you want multiple users to access a directory at the same time, and have different permissions to the same directory, for example, some users can only view, not modify, or some users can only download these permissions, these settings can only be set by virtual users in vsftp, ordinary users cannot achieve this effect.
Therefore, by establishing a common system user, establishing a home directory, and then mapping all virtual users to the corresponding common system user home directory, and then controlling the permissions of each virtual user, the above effect is achieved.
new user
New user marility, user lock in/var/www/ruibiaofangxuan directory
mkdir /var/www/ruibiaofangxuanuseradd -d /var/www/ruibiaofangxuan marilitychown marility.marility /var/www/ruibiaofangxuanchmod u-w /var/www/ruibiaofangxuan
Generate random passwords for virtual users
[root@marility ~]# tr -cd '[:alnum:]' < /dev/urandom | fold -w32 |head -n1eFEBgVTfWJ66OhQ3rTuGB4kt5k5r0aMW
vsftp profile settings
[root@marility vsftpd]# grep ^[^#] /etc/vsftpd/vsftpd.confanonymous_enable=NO ##Disable anonymous userslocal_enable=YES ##Open local account, virtual account needs to be mapped to local account write_enable=YES local_umask=022 ##local user umask value anon_umask=022 ##virtual user umask value setting dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_file=/var/log/xferlog ##log path xferlog_std_format=YESascii_upload_enable=YES ##Allow uploading ascii format files ascii_download_enable=YESftpd_banner=Welcome to blah FTP service.chroot_local_user=YES ##Imprison users at home directory chroot_list_enable=NO ##Do not enable local disabled directory, do not need to open a local list filter when using virtual users listen=YES ##Listen_ipv6 =NOallow_writable_chroot=YES ##You can write because you need to remove the user write permission to imprison the home directory tcp_wrappers=YESguest_enable=YES ##Enable virtual account function guest_username=marility ##Which local user does the virtual account map to pam_service_name=ftp ##Load mechanism of which file in pam.d user_config_dir=/etc/vsftpd/config ##Single permissions for virtual users [root@marility vsftpd]# cat /etc/vsftpd/vuser_listruibiaofangxuan ##Account eFEBgVTfWJ66OhQ3rTuGB4kt5k5r0aMW ##rubiaofangxuan's password admini ##Account adminw ##admini password
Convert password files to db format
[root@marility vsftpd]# db_load -T -t hash -f vuser_list /etc/vsftpd/vuser_list.db
yum -y install db4-utils
The requested URL/etc/vftpd/vuser_list.db was not found on this server.
User password settings and db resolution settings
[root@marility vsftpd]# cat /etc/pam.d/ftpauth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_listaccount required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_list
auth is the authentication of a user's username and password.
Accout means verifying what permissions and restrictions a user's account has.
The following/lib/security/pam_userdb.so indicates that the audit will call pam_userdb.so library function.
Note that this function will be located differently depending on the number of bits in the system, and can be viewed via rpm -ql pam
At the same time, the file pointed to by db actually points to vuser_list.db, but the db suffix is omitted by default, so the above db point cannot be written as vuser_list.db when configured.
Set permissions for virtual users
[root@marility vsftpd]# cat /etc/vsftpd/config/admini anon_world_readable_only=NO ##Turn off read-only anon_upload_enable=YES ##Allow uploads anon_mkdir_write_enable=YES ##Allow new directories anon_other_write_enable=YES ##Allow directory/file name modification, delete local_root=/var/www/ruibiaofangxuan/home ##home directory mapping [root@marility vsftpd]# cat /etc/vsftpd/config/ruibiaofangxuan anon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=NOanon_other_write_enable=NOlocal_root=/var/www/ruibiaofangxuan/home
For security reasons, you need to imprison users in your home directory, so you will turn on the chroot_local_user=YES function in vsftpd.conf, and you need to turn off the user's write permission to your home directory.
After this setting, the virtual user cannot write data to the mapped user's home directory
The requested URL/var/www/ruibiaofangxuan/was not found on this server.
Also change the parent group of this directory to marility, and use chmod to change permissions
In the/etc/vsftpd/config file, set the mapping path local_root of the two users to the created directory
systemctl restart vsftpd systemctl enable vsftpd
Restart the service
That is, ordinary users can only download and upload data, while admini users have all permissions and are also locked in/var/www/ruibiaofangxuan.
At this point, I believe that we have a deeper understanding of the "FTP virtual user principle and usage", may wish to actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.