1 更新软件库
1 | [[email protected] ~]# sudo apt update |
2 安装VSFTPD和MySQL
1 | [[email protected] ~]# apt-get -y install vsftpd libpam-mysql mysql-server mysql-client |
3 创建vsftp数据库及相关账号、密码、权限
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [[email protected] ~]# mysql --defaults-file=/etc/mysql/debian.cnf CREATE DATABASE vsftpd; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass'; FLUSH PRIVILEGES; #请替换以上字串ftpdpass为vsftpd数据库账号密码 USE vsftpd; CREATE TABLE `accounts` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` VARCHAR( 30 ) NOT NULL , `pass` VARCHAR( 50 ) NOT NULL , UNIQUE ( `username` ) ); quit; |
4 开始配置vsftpd
首先,创建一个名为vsftpd的非特权用户其home目录路径为/home/vsftpd,属于组nogroup,不给shell权限,命令如下:
1 | [[email protected] ~]# useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd |
备份原始配置文件,然后用vi命令重新编辑内容:
1 2 3 | [[email protected] ~]# cp /etc/vsftpd.conf /etc/vsftpd.conf_orig [[email protected] ~]# cat /dev/null > /etc/vsftpd.conf [[email protected] ~]# vi /etc/vsftpd.conf |
#vi命令的使用方法请自行网络搜索,配置内容如下:
#The file should have the following contents:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES nopriv_user=vsftpd chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/vsftpd.pem guest_enable=YES guest_username=vsftpd local_root=/home/vsftpd/$USER user_sub_token=$USER virtual_use_local_privs=YES user_config_dir=/etc/vsftpd_user_conf allow_writeable_chroot=YES pasv_enable=YES pasv_address=your_public_ip_address pasv_enable=YES pasv_min_port=40000 pasv_max_port=50000 |
#使用user_config_dir参数你可以为每一个用户配置文件指定一个目录,此功能是可选的,但是,我们还是先创建该目录:
1 | [[email protected] ~]# mkdir /etc/vsftpd_user_conf |
#配置PAM使用MySQL数据库来验证虚拟FTP账户。 vsftpd的PAM配置在/etc/pam.d/vsftpd文件中,我们备份原始文件并创建一个新文件,命令如下:
1 2 3 | [[email protected] ~]# cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig [[email protected] ~]# cat /dev/null > /etc/pam.d/vsftpd |
#然后用vi命令重新编辑内容:
1 | [[email protected] ~]# vi /etc/pam.d/vsftpd |
#配置内容如下:
#The file should have the following contents:
1 2 | auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 |
#wq!保存退出,然后重启vsftpd服务:
1 | [[email protected] ~]# service vsftpd restart |
#以下5、6步骤为增加TLS连接功能,若不需要可跳过5、6步骤
5 为TLS连接方式创建SSL证书
1 2 3 4 5 | [[email protected] ~]# mkdir -p /etc/ssl/private [[email protected] ~]# chmod 700 /etc/ssl/private [[email protected] ~]# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem |
6 修改vsftpd配置文件,启用TLS
1 | [[email protected] ~]# vi /etc/vsftpd.conf |
#配置内容如下:
#add the following options:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | # Turn on SSL ssl_enable=YES # Allow anonymous users to use secured SSL connections allow_anon_ssl=YES # All non-anonymous logins are forced to use a secure SSL connection in order to # send and receive data on data connections. force_local_data_ssl=YES # All non-anonymous logins are forced to use a secure SSL connection in order to send the password. force_local_logins_ssl=YES # Permit TLS v1 protocol connections. TLS v1 connections are preferred ssl_tlsv1=YES # Permit SSL v2 protocol connections. TLS v1 connections are preferred ssl_sslv2=NO # permit SSL v3 protocol connections. TLS v1 connections are preferred ssl_sslv3=NO # Disable SSL session reuse (required by WinSCP) require_ssl_reuse=NO # Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla) ssl_ciphers=HIGH # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/private/vsftpd.pem [...] |
#wq!保存退出,然后重启vsftpd服务:
1 | [[email protected] ~]# service vsftpd restart |
7 进入数据库创建第一个虚拟账户
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [[email protected] ~]# mysql --defaults-file=/etc/mysql/debian.cnf USE vsftpd; #创建testuser账号,密码为secret,请替换这两项字串为你想要的值即可 INSERT INTO accounts (username, pass) VALUES('testuser', PASSWORD('secret')); quit; #testuser账号的home目录是/home/vsftpd/testuser; #如果该目录不存在,vsftpd不会自动创建该目录。 #因此,我们需手动创建它并修改其归vsftpd用户和nogroup组: [[email protected] ~]# mkdir /home/vsftpd/testuser [[email protected] ~]# chown vsftpd:nogroup /home/vsftpd/testuser [[email protected] ~]# chmod a-w /home/vsftpd/testuser [[email protected] ~]# chmod u+w /home/vsftpd/testuser |
8 安装配置完成
现在你可以打开我的电脑,在地址栏输入ftp://yourftpip 登录存取数据了,推荐使用FileZilla等专业ftp客户端软件登录FTP服务器。