FTP server VSFTPd and virtual users MySQL on Ubuntu 18.04 LTS

1 更新软件库

1
[[email protected] ~]# sudo apt update

2 安装VSFTPD和MySQL

1
[[email protected] ~]# apt-get -y install vsftpd libpam-mysql mysql-server mysql-client

3 创建vsftp数据库及相关账号、密码、权限

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[[email protected] ~]# mysql --defaults-file=/etc/mysql/debian.cnf
 
CREATE DATABASE vsftpd;
 
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
 
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
 
FLUSH PRIVILEGES;
 
#请替换以上字串ftpdpass为vsftpd数据库账号密码
 
USE vsftpd;
 
CREATE TABLE `accounts` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 30 ) NOT NULL ,
`pass` VARCHAR( 50 ) NOT NULL ,
UNIQUE (
`username`
)
);
 
quit;

4 开始配置vsftpd
首先,创建一个名为vsftpd的非特权用户其home目录路径为/home/vsftpd,属于组nogroup,不给shell权限,命令如下:

1
[[email protected] ~]# useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

备份原始配置文件,然后用vi命令重新编辑内容:

1
2
3
[[email protected] ~]# cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
[[email protected] ~]# cat /dev/null > /etc/vsftpd.conf
[[email protected] ~]# vi /etc/vsftpd.conf

#vi命令的使用方法请自行网络搜索,配置内容如下:
#The file should have the following contents:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd_user_conf
allow_writeable_chroot=YES
pasv_enable=YES
pasv_address=your_public_ip_address
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

#使用user_config_dir参数你可以为每一个用户配置文件指定一个目录,此功能是可选的,但是,我们还是先创建该目录:

1
[[email protected] ~]# mkdir /etc/vsftpd_user_conf

#配置PAM使用MySQL数据库来验证虚拟FTP账户。 vsftpd的PAM配置在/etc/pam.d/vsftpd文件中,我们备份原始文件并创建一个新文件,命令如下:

1
2
3
[[email protected] ~]# cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig
 
[[email protected] ~]# cat /dev/null > /etc/pam.d/vsftpd

#然后用vi命令重新编辑内容:

1
[[email protected] ~]# vi /etc/pam.d/vsftpd

#配置内容如下:
#The file should have the following contents:

1
2
auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2
account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2

#wq!保存退出,然后重启vsftpd服务:

1
[[email protected] ~]# service vsftpd restart

#以下5、6步骤为增加TLS连接功能,若不需要可跳过5、6步骤

5 为TLS连接方式创建SSL证书

1
2
3
4
5
[[email protected] ~]# mkdir -p /etc/ssl/private
 
[[email protected] ~]# chmod 700 /etc/ssl/private
 
[[email protected] ~]# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

6 修改vsftpd配置文件,启用TLS

1
[[email protected] ~]# vi /etc/vsftpd.conf

#配置内容如下:
#add the following options:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Turn on SSL
ssl_enable=YES
 
# Allow anonymous users to use secured SSL connections
allow_anon_ssl=YES
 
# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=YES
 
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=YES
 
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
 
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
 
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
 
# Disable SSL session reuse (required by WinSCP)
require_ssl_reuse=NO
 
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH
 
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
[...]

#wq!保存退出,然后重启vsftpd服务:

1
[[email protected] ~]# service vsftpd restart

7 进入数据库创建第一个虚拟账户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[[email protected] ~]# mysql --defaults-file=/etc/mysql/debian.cnf
 
USE vsftpd;
 
#创建testuser账号,密码为secret,请替换这两项字串为你想要的值即可
INSERT INTO accounts (username, pass) VALUES('testuser', PASSWORD('secret'));
 
quit;
 
#testuser账号的home目录是/home/vsftpd/testuser;
#如果该目录不存在,vsftpd不会自动创建该目录。 
#因此,我们需手动创建它并修改其归vsftpd用户和nogroup组:
 
[[email protected] ~]# mkdir /home/vsftpd/testuser
[[email protected] ~]# chown vsftpd:nogroup /home/vsftpd/testuser
[[email protected] ~]# chmod a-w /home/vsftpd/testuser
[[email protected] ~]# chmod u+w /home/vsftpd/testuser

8 安装配置完成
现在你可以打开我的电脑,在地址栏输入ftp://yourftpip 登录存取数据了,推荐使用FileZilla等专业ftp客户端软件登录FTP服务器。