一.FTP 兩種工作模式主動模式port FTP主動模式:TCP鏈接客戶端訪問FTP,客戶端會開啟一個大于1024的端口N訪問FTP的21端口(控制端口)�����,并通過21端口發(fā)送port命令與N 1的端口�����,服務(wù)端收到命令后會使用20(數(shù)據(jù)端口)主動鏈接客戶端N 1端口進行數(shù)據(jù)傳輸。 被動模式pasv FTP被動模式:TCP鏈接客戶端訪問FTP����,客戶端開啟一個大于1024的端口N訪問FTP的21端口(控制端口),同時會開啟一個N 1的端口���,并通過21端口發(fā)送pasv命令��,F(xiàn)TP同過命令得知處于被動狀態(tài)�����,會開放一個大于1024的端口P����,然后通過命令通知客戶端P數(shù)據(jù)端口�,客戶端然后會通過N 1端口鏈接P端口進行數(shù)據(jù)傳輸。 注: 由于防火墻機制�,主動模式不利于客戶端管理,被動模式不利于服務(wù)端管理�。 主動情況下服務(wù)端數(shù)據(jù)端主動鏈接客戶端可能遭到客戶端防火墻攔截。 被動情況下客戶端主動訪問服務(wù)端數(shù)據(jù)端口可能遭到服務(wù)端防火墻攔截�����。
二.實現(xiàn)基于MYSQL驗證的vsftpd虛擬用戶
[root@centos8 ~]# yum -y install mariadb-server
[root@centos8 ~]# systemctl enable --now mariadb
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@centos8 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> use vsftpd
Database changed
CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
MariaDB [vsftpd]> desc users;
---------- ---------- ------ ----- --------- ----------------
| Field | Type | Null | Key | Default | Extra |
---------- ---------- ------ ----- --------- ----------------
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(50) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
---------- ---------- ------ ----- --------- ----------------
3 rows in set (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser1',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser2',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser3',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> select * from users;
---- ---------- -------------------------------------------
| id | name | password |
---- ---------- -------------------------------------------
| 1 | ftpuser1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | ftpuser2 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 3 | ftpuser3 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
---- ---------- -------------------------------------------
3 rows in set (0.000 sec)
MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.000 sec)
[root@centos7 ~]# yum -y install vsftpd gcc gcc-c make mariadb-devel pam-devel
[root@centos7 ~]# rz -E
rz waiting to receive.
[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]# cd pam_mysql-0.7RC1
[root@centos7 pam_mysql-0.7RC1]# ls
acinclude.m4 config.guess configure CREDITS ltmain.sh missing pam_mysql.c pkg.m4
aclocal.m4 config.h.in configure.in INSTALL Makefile.am mkinstalldirs pam_mysql.spec README
ChangeLog config.sub COPYING install-sh Makefile.in NEWS pam_mysql.spec.in stamp-h.in
[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@centos7 pam_mysql-0.7RC1]# make install
[root@centos7 pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql.*
-rwxr-xr-x 1 root root 882 Mar 13 21:08 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Mar 13 21:08 /lib64/security/pam_mysql.so
[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
:wq
[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7 pam_mysql-0.7RC1]# id vuser
uid=998(vuser) gid=996(vuser) groups=996(vuser)
[root@centos7 pam_mysql-0.7RC1]# ls /data/ftproot
ls: cannot access /data/ftproot: No such file or directory
[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# ll -d /data/ftproot/upload
drwxr-xr-x 2 root root 6 Mar 13 21:16 /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftproot/upload/
[root@centos7 pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
pam_service_name=vsftpd.mysql
guest_enable=YES
guest_username=vuser
:wq
[root@centos7 pam_mysql-0.7RC1]# systemctl enable --now vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@centos7 pam_mysql-0.7RC1]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 32 [::]:21 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@centos6 ~]# yum -y install ftp
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,57,86).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos7 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
:wq
[root@centos7 ~]# mkdir /etc/vsftpd/conf.d/
[root@centos7 conf.d]# vim ftpuser1
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
:wq
[root@centos7 conf.d]# systemctl restart vsftpd
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,38,124).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,195,218).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.00704 secs (136.12 Kbytes/sec)
ftp>
[root@centos7 pam_mysql-0.7RC1]# tail -f /var/log/secure
Mar 13 21:35:02 centos7 polkitd[547]: Registered Authentication Agent for unix-process:11920:442834 (system bus name :1.24 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 13 21:35:02 centos7 polkitd[547]: Unregistered Authentication Agent for unix-process:11920:442834 (system bus name :1.24, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
[root@centos7 conf.d]# ll /data/ftproot/upload/
total 4
-rw------- 1 vuser vuser 958 Mar 13 21:36 anaconda-ks.cfg
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos7 conf.d]# mkdir /data/ftproot2
[root@centos7 conf.d]# touch /data/ftproot2/ftproot2.txt
[root@centos7 conf.d]# mkdir /data/ftproot3
[root@centos7 conf.d]# touch /data/ftproot3/ftproot3.txt
[root@centos7 conf.d]# vim ftpuser2
local_root=/data/ftproot2
:wq
[root@centos7 conf.d]# vim ftpuser3
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot3
:wq
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,197,196).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txt
226 Directory send OK.
[root@centos7 conf.d]# mkdir /data/ftproot2/upload
[root@centos7 conf.d]# mkdir /data/ftproot3/upload
ftp> ls
227 Entering Passive Mode (10,0,0,7,209,217).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txt
drwxr-xr-x 2 0 0 6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,75,170).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser3
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,178,70).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot3.txt
drwxr-xr-x 2 0 0 6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,49,119).
553 Could not create file.
[root@centos7 conf.d]# ll /data/ftproot3/upload/ -d
drwxr-xr-x 2 root root 6 Mar 13 21:46 /data/ftproot3/upload/
[root@centos7 conf.d]# setfacl -m u:vuser:rwx /data/ftproot3/upload/
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,142,7).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.000108 secs (8870.37 Kbytes/sec)來源:https://www./content-4-890851.html
|
