English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận hệ điều hành *nix vsftp with virtual user  XML
  [Article]   vsftp with virtual user 29/07/2006 04:39:14 (+0700) | #1 | 10747
[Avatar]
 tranvanminh
HVA Friend
Joined: 04/06/2003 06:36:35
Messages: 516
Location: West coast
Offline
[Profile] [PM]
vsftpd - very secure file transfer daemon

-------------------------------------------------

Làm thế nào khi muốn chạy ftp server mà không muốn FTP user có login shell, system account và dạo chơi trên cái HDD của server ? chroot ? quá phức tạp.
Câu trả lời là vsftpd và virtual user

Yêu cầu:
----------
Cần có Linux PAM module.

Cài đặt PAM Modules:
---------------------------
Download tại kernel.org

chairuou@slackware10:~/download$ wget http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.77.tar.gz

Giải nén:

chairuou@slackware10:~/download$ tar zxvf Linux-PAM-0.77.tar.gz
chairuou@slackware10:~/download/Linux-PAM-0.77$ ./configure
chairuou@slackware10:~/download/Linux-PAM-0.77$ make
chairuou@slackware10:~/download/Linux-PAM-0.77$ make install

kiểm tra lại:

chairuou@slackware10:~/download/Linux-PAM-0.77$ ls -l /lib/security

Cài đặt vsftpd:
------------------

Download tại ftp://vsftpd.beasts.org/users/cevans/vs … 0.1.tar.gz
Tạo user để chạy vsftpd

root@slackware10:~/useradd -d /no/where -s /bin/false nobody

Tạo thư mục /usr/share/empty

root@slackware10:~/mkdir /usr/share/empty

Giải nén:

chairuou@slackware10:~/download/tar zxvf vsftpd-2.0.1.tar.gz
chairuou@slackware10:~/download/cd vsftpd-2.0.1
chairuou@slackware10:~/download/vsftpd-2.0.1/make
chairuou@slackware10:~/download/vsftpd-2.0.1/su
root@slackware10:~/download/vsftpd-2.0.1/make install
root@slackware10:~/download/vsftpd-2.0.1/cp vsftpd.conf /etc/vsftpd.conf

Cài đặt virtual user:
-----------------------

root@slackware10:/#useradd my_ftp -s /bin/false -d /var/ftp_pub
root@slackware10:/#passwd my_ftp my_password
root@slackware10:/#vi /etc/vsftpd.conf

#----------------------
# vsftpd config file
#----------------------
anonymous_enable=NO # turn off anonymous login
local_enable=YES # turn on local user account login, need for mapping virtual user
write_enable=YES # user writeable
anon_upload_enable=NO # no anonymous upload
anon_mkdir_write_enable=NO # no anonymous MAKE DIR
anon_other_write_enable=NO # anonymous write disable
chroot_local_user=YES # local user chroot
guest_enable=YES # required for virtual user
guest_username=my_ftp # real user using for mapping virtually
listen=YES # don't use inetd/xinetd to run
listen_port=21 # FTP Port
pasv_min_port=30000 # Min/Max port to use in PASS mode
pasv_max_port=30999
virtual_use_local_privs=YES # required for virtuall user mapping permission from real user
xferlog_enable=YES # Log related settings
vsftpd_log_file=/var/log/vsftpd.log 


Tạo virtual user database
------------------------------
Cần tạo 1 file text với cấu trúc như sau :

user
password
user
password 


Ví dụ:
-------

$vi vuser.txt
ftp1
password1
ftp2
password2 


Dùng lệnh sau:

root@slackware10:/#db_load -T -t hash -f vuser.txt /etc/vsftpd_login.db
root@slackware10:/#chmod 600 /etc/vsftpd_login.db


Tạo 1 file vsftpd.pam có nội dung như sau:

auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
 

Sau đó copy file này vào /etc/pam.d
Mã:

root@slackware10:/#cp vsftpd.pam /etc/pam.d/ftp

---------------------------------------

Tác giả : chairuou
Nguồn : http://forum.vnoss.org/viewtopic.php?id=240
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|