4.2.2本地用户模式

1.配置本地用户模式模式,重新启动服务

[root@dsrw ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=no
local_enable=YES
write_enable=YES
local_umask=022
[root@dsrw ~]# systemctl restart vsftpd
[root@dsrw ~]# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
Unmask:“权限掩码”或“权限补码”
实际权限=默认权限−umask
普通文件的默认权限是666,目录的默认权限是777,”,根据公式,普通文件的实际权限是644,文件实际权限是755。

2.文件(ftpusers和user_list)

两个文件内用户名,不允许登录到FTP服务器上
[root@dsrw ~]# cat /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@dsrw ~]# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
Nobody

3.SELinux域策略设置允许FTP

[root@dsrw ~]# setsebool -P ftpd_full_access=on
[root@dsrw ~]# getsebool -a|grep ftp
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off

4.用root用户和dsrw用户测试

[root@dsrw ~]# ftp 192.168.10.2
Connected to 192.168.10.2 (192.168.10.2).
220 (vsFTPd 3.0.3)
Name (192.168.10.2:root): root
530 Permission denied.
Login failed.
ftp> exit
221 Goodbye.
[root@dsrw ~]# ftp 192.168.10.2
Connected to 192.168.10.2 (192.168.10.2).
220 (vsFTPd 3.0.3)
Name (192.168.10.2:root): dsrw
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

5.主配置文件中userlist_deny的参数值改成NO,那么user_list列表就变成了强制白名单。

[root@dsrw ~]# vim /etc/vsftpd/vsftpd.conf
userlist_enable=NO
[root@dsrw ~]# systemctl restart vsftpd
[root@dsrw ~]# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
© 版权声明
THE END
喜欢就支持一下吧
点赞9 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容