Virtual user setup vsftp requirement 1: Only upload and download are allowed, cannot be deleted, cannot be changed name yum install pam*yum install db4* -yyum install vsftpdchkconfig vsftpd oniptables -I INPUT -s 43.243.139.212 -p tcp --dport 21 -j ACCEPTiptables -I INPUT -s 43.243.139.212 -p tcp --dport 20 -j ACCEPTiptables -I INPUT -p tcp - dport 30000:31000 -j ACCEPTuseradd duoniucd /etc/vsftpd[[emailprotected] vsftpd]# cat vsftpd.confallow_writeable_chroot=YES (add if you cannot log in) anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022 xferlog_enable=YES vsftpd.logxferlog_std_format=YES connect_from_port_20=YESidle_session_timeout=600listen=YES pam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESpasv_min_port=30000pasv_max_port=31000 guest_mailconfig[virtualprotecteduser_conf/etc/etc_user_enable=YES onguest_username=31000virtualprotect_user_enable=YES onguest_username] vsftpd]# chmod 755 virtualuser_conf[[email protected] virtualuser_conf]# c d /etc/vsftpd/virtualuser_conf[[emailprotected] virtualuser_conf]# cat dn local_root=/web/www/wx14/cms_html/htmlwrite_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_mkdir_write_enable= YES[emailvftp]#cd [[email protected] vsftpd]# cat virtualuser_passwd.txtdnm2i3sc[[emailprotected] vsftpd]# db_load -T -t hash -f /etc/vsftpd/virtualuser_passwd.txt /etc/vsftpd/virtualuser_passwd.db [vsftpd]# ]# cat /etc/pam.d/vsftpdauth required pam_userdb.so db=/etc/vsftpd/virtualuser_passwdaccount required pam_userdb.so db=/etc/vsftpd/virtualuser_passwd[[emailprotected] vsftpd]# cd /web/www/wx14 /cms_html/html[[email protected] html]# chown duoniu.duoniu .[[email protected] html]# cat /etc/passwdduoniu:x:500:500::/web/www/wx14/cms_html/html:/ bin/bash Requirement 2: Only allow read-only permission to download [[emailprotected] vsftpd]# cat /etc/vsftpd/vsftpd.conf anonymous_enable=NOlocal_enable=YESwrite_enable=NOlocal_umask=022 xferlog_enable=YESxferlog_file=/etc/vsftpd/vsftpd. logx ferlog_std_format=YES connect_from_port_20=YESidle_session_timeout=600listen=YES pam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESpasv_min_port=30000pasv_max_port=31000 guest_enable=YESguest_username=31000 guest_enable=YESguest_username=duoniuuserconf/etc/etc/virtual_conf email protected] virtualuser_conf]# cat dn local_root=/web/www/wx14/pay.178.comwrite_enable=NOanon_world_readable_only=NOanon_upload_enable=NOanon_mkdir_write_enable=NO Requirement 3: Only read and download files are allowed under the account that originally had ftp[[email protected] ] vsftpd]# pwd/etc/vsftpd[[email protected] vsftpd]# cat account.txt lianyunstargame2018dnm2i3sc[[email protected] users]# pwd/etc/vsftpd/users[[emailprotected] users]# lsdn lianyun[[email protected] users]# cat dn local_root=/web/www/wx17/game.stargame.comwrite_enable=NOanon_world_readable_only=NOanon_upload_enable=NOanon_mkdir_write_enable=NO delete the original accout.db file and recreate it: [[emailprotected] vsftpd]# pwd/ etc/vsftpd[[emailprotected] vsftpd]#db_load -T -th ash -f /etc/vsftpd/account.txt /etc/vsftpd/account.db
Virtual User building vsftp requirements 1: Only allow uploads and downloads, cannot delete, cannot change the name yum install pam*yum install db4* -yyum install vsftpdchkconfig vsftpd oniptables -I INPUT -s 43.243.139.212 -p tcp --dport 21 -j ACCEPTiptables -I INPUT -s 43.243.139.212 -p tcp --dport 20 -j ACCEPTiptables -I INPUT -p tcp --dport 30000:31000 -j ACCEPTuseradd duoniucd /etc/vsftpd[[emailprotected] vsftpd]# cat vsftpd.confallow_writeable_chroot=YES ( can not log on, then add) anonymous_enable = NOlocal_enable = YESwrite_enable = YESlocal_umask = 022 xferlog_enable = YESxferlog_file = / etc / vsftpd / vsftpd.logxferlog_std_format = YES connect_from_port_20 = YESidle_session_timeout = 600listen = YES pam_service_name = vsftpduserlist_enable = YEStcp_wrappers = YESpasv_min_port = 30000pasv_max_port = 31000 guest_enable = YESguest_username = duoniuuser_config_dir=/etc/vsftpd/virtualuser_conf[[emailprotected] vsftpd]# mkdir virtualuser_conf[[emailprotected] vsftpd]# chmod 755 virtualuser _conf[[email Protected] virtualuser_conf]# cd /etc/vsftpd/virtualuser_conf[[email Protected] virtualuser_conf]# cat dn local_root=/web/www/wx14/cms_html/htmlwrite_enable=YESanon_worldprotect_readable_only=NOanon_upload_enable=YESmail ] vsftpd]# cd /etc/vsftpd[[emailprotected] vsftpd]# cat virtualuser_passwd.txtdnm2i3sc[[emailprotected] vsftpd]# db_load -T -t hash -f /etc/vsftpd/virtualuser_passwd.txt /etc/vsftpd/ virtualuser_passwd.db [[emailprotected] vsftpd]# cat /etc/pam.d/vsftpdauth required pam_userdb.so db=/etc/vsftpd/virtualuser_passwdaccount required pam_userdb.so db=/etc/vsftpd/virtualuser_passwd[emailprotect] ]# cd /web/www/wx14/cms_html/html[[emailprotected] html]# chown duoniu.duoniu .[[emailprotected] html]# cat /etc/passwdduoniu:x:500:500::/web/ www/wx14/cms_html/html:/bin/bash Requirement 2: Only read-only permission is allowed to download [[emailprotected] vsftpd]# cat /etc/vsftpd/vsftpd.conf anonymous_enable=NOlocal_enable=YESwrite_enable=NOlocal_umask=022 xferlog_en able=YESxferlog_file=/etc/vsftpd/vsftpd.logxferlog_std_format=YES connect_from_port_20=YESidle_session_timeout=600listen=YES pam_service_name=vsftpduserlist_enable=YEStcp_wrappers=userconf_protecteduserlist_enable=YEStcp_wrappers=YESguest_conf_virtual_max_min_port=30000pasv ]# pwd/etc/vsftpd/virtualuser_conf[[emailprotected] virtualuser_conf]# cat dn local_root=/web/www/wx14/pay.178.comwrite_enable=NOanon_world_readable_only=NOanon_upload_enable=NOanon_mkdir_write_enable=NO account in the original requirement three: Only read and download files are allowed under [[emailprotected] vsftpd]# pwd/etc/vsftpd[[emailprotected] vsftpd]# cat account.txt lianyunstargame2018dnm2i3sc[[emailprotected] users]# pwd/etc/vsftpd/users[[ emailprotected] users]# lsdn lianyun[[emailprotected] users]# cat dn local_root=/web/www/wx17/game.stargame.comwrite_enable=NOanon_world_readable_only=NOanon_upload_enable=NOanon_mkdir_write_enable=NO delete the original accout.db file and recreate it :[[Email Protected] vsftpd]# pwd/etc/vsft pd[[email protected] vsftpd]#db_load -T -t hash -f /etc/vsftpd/account.txt /etc/vsftpd/account.db