말괄량이현이
2014. 4. 17. 14:38
/etc/vsftpd/vsftpd.conf 파일에 일반적으로 설정값을 적용하게되는데
일반유저만 따로 설정을 할수 있는 방법은 아래와 같습니다.
참조 : https://sites.google.com/site/zzztech30/vsftpd-with-multiple-users-home-dir-with-different-permission
VsFTPD With Multiple Users Home dir with different permission
#yum install vsftpd* //for install the FTP Server packege
#vim /etc/vsftpd/vsftpd.conf //Mention below screen shoot entry in vsftpd.conf file
anonymous_enable=NO //Disable anonymous user local_enable=YES //Enable local user for login chroot_local_user=YES //for not shown user home dir path user_config_dir=/etc/vsftpd/vsftpd-virtual-user/ //virtual user config dir virtual_use_local_privs=YES //use local user as a virtual user dual_log_enable=YES //For enable dual log /var/log/vsftpd.log connect_from_port_20=YES //FTP port no listen=YES //Read port no. pam_service_name=vsftpd //PAM Authentication enable tcp_wrappers=YES //TCP warapper enableFor Change FTP Port
listen_port=27 //Add this line in vsftpd.conf file for port change
How to use Passive FTP
If you use FTP server in Passive Mode, Please enter these below line's in vsftpd.conf file pasv_enable=yes //Enable FTP Server to Passive Modepasv_max_port=55000 //Passive FTP Maximum DATA port pasv_min_port=50000 //Passive FTP Minimum DATA port port_enable=YES //Enable Passive FTP DATA port pasv_address=54.251.136.7 //Public ip of machine where ftp server is running
Create Dir for Virtual User in Vsftpd Root Dir
#mkdir /etc/vsftpd/vsftpd-virtual-user/
#cd /etc/vsftpd/vsftpd-virtual-user/
#vim vsftpd_user //enter your virtual user name and save
vivek //virtual user kamal //virtual user
Then create your virtual username file like vivek and kamal for special permission and set local_root
#vim /etc/vsftpd/vsftpd-virtual-user/ vivek and #vim /etc/vsftpd/vsftpd-virtual-user/kamal
local_root=/home/kamal //Virtual user HOME dir
cmds_allowed=USER,PASS,SYST,FEAT,OPTS,PWD,TYPE,PASV,LIST,STOR,CWD,MKD,SIZE,MDTM,CDUP,RETR,RNFR,RNTO //Allow FTP CMD in this virtual user
local_umask=022 //SET umask value for virtual user
write_enable=YES //Write Enable for virtual user
If you want to set All users login to one dir then enter line in vsftpd.conf file “ local_root=/your/dir/path”
AND
If you want to set All users login to own home dir then no need to mention “ local_root=/your/dir/path” entry in any file
AND
If you want to set only a users login to other dir (like kamal’s home dir is /data/k but you want set, its login on /home/kamal) then enter line in specific virtual user file /etc/vsftpd/vsftpd-virtual-user/kamal file “ local_root=/home/kamal” Set Pam Authentication in vsftpd
# vim /etc/pam.d/vsftpd
#service vsftpd start
If disable Any FTP user Account Please Enter username in "#vim /etc/vsftpd/ftpusers"
all FTP commands and save it on the system for reference:
# # List of FTP commands # # ABOR - Abort an active file transfer. # ACCT - Account information. # ADAT - Authentication/Security Data (RFC 2228) # ALLO - Allocate sufficient disk space to receive a file. # APPE - Append. # AUTH - Authentication/Security Mechanism (RFC 2228) # CCC - Clear Command Channel (RFC 2228) # CDUP - Change to Parent Directory. # CONF - Confidentiality Protection Command (RFC 697) # CWD - Change working directory. # DELE - Delete file. # ENC - Privacy Protected Channel (RFC 2228) # EPRT - Specifies an extended address and port to which the server should connect. (RFC 2428) # EPSV - Enter extended passive mode. (RFC 2428) # FEAT - Get the feature list implemented by the server. (RFC 2389) # HELP - Returns usage documentation on a command if specified, else a general help document is returned. # LAND - Language Negotiation (RFC 2640) # LIST - Returns information of a file or directory if specified, else information of the current working directory is returned. # LPRT - Specifies a long address and port to which the server should connect. (RFC 1639) # LPSV - Enter long passive mode. (RFC 1639) # MDTM - Return the last-modified time of a specified file. (RFC 3659) # MIC - Integrity Protected Command (RFC 2228) # MKD - Make directory. # MLST - Lists the contents of a directory if a directory is named. (RFC 3659) # MODE - Sets the transfer mode (Stream, Block, or Compressed). # NLST - Returns a list of file names in a specified directory. # NOOP - No operation (dummy packet; used mostly on keepalives). # OPTS - Select options for a feature. (RFC 2389) # PASS - Authentication password. # PASV - Enter passive mode. # PBSZ - Protection Buffer Size (RFC 2228) # PORT - Specifies an address and port to which the server should connect. # PWD - Print working directory. Returns the current directory of the host. # QUIT - Disconnect. # REIN - Re initializes the connection. # REST - Restart transfer from the specified point. # RETR - Retrieve (download) a remote file. # RMD - Remove a directory. # RNFR - Rename from. # RNTO - Rename to. # SITE - Sends site specific commands to remote server. # SIZE - Return the size of a file. (RFC 3659) # SMNT - Mount file structure. # STAT - Returns the current status. # STOR - Store (upload) a file. # STOU - Store file uniquely. # STRU - Set file transfer structure. # SYST - Return system type. # TYPE - Sets the transfer mode (ASCII/Binary). # USER - Authentication username.
FINISHED |