您好,登錄后才能下訂單哦!
1、公司內(nèi)部現(xiàn)在有一臺(tái)FTP 和WEB 服務(wù)器,F(xiàn)TP
的功能主要用于維護(hù)公司的網(wǎng)站內(nèi)容,包括上傳文件、創(chuàng)建目錄、更新網(wǎng)頁等等。公司現(xiàn)有兩個(gè)部門負(fù)責(zé)維護(hù)任務(wù),他們分別使用xuegod1
和xuegod2帳號(hào)進(jìn)行管理。先要求僅允許xuegod1 和xuegod2帳號(hào)登錄FTP
服務(wù)器,但不能登錄本地系統(tǒng),并將這兩個(gè)帳號(hào)的根目錄限制為/var/www/html,不能進(jìn)入該目錄以外的任何目錄。
說明:最好自己找一個(gè)靜態(tài)網(wǎng)站,然后通過ftp上傳到/var/www/html下,通過瀏覽器,可以正常訪問
1、 安裝httpd及vsftpd
[root@Centos-6-70 ~]#yum -y install httpd vsftpd
2、 創(chuàng)建系統(tǒng)用戶xue指定加目錄為/var/www/html并加入apache組
[root@Centos-6-70 www]# useradd -s /sbin/nologin -d /var/www/html/ -g apache xue
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@Centos-6-70 www]#
[root@Centos-6-70 www]# echo "123456" | passwd --stdin xue
Changing password for user xue.
passwd: all authentication tokens updated successfully.
3、 賦予系統(tǒng)用戶對(duì)/var/www/html的讀寫執(zhí)行權(quán)限
[root@Centos-6-70 www]# chown -R apache:apache html/
[root@Centos-6-70 www]# chmod –R 775 html/
[root@Centos-6-70 www]# ll -d html/
drwxrwxr-x 2 apache apache 4096 May 13 15:09 html/
[root@Centos-6-70 www]#
4、 創(chuàng)建虛擬用戶文本文件
[root@Centos-6-70 vsftpd]# vim vusers.txt
xuegod1
12345678
xuegod2
12345678
5、 生成虛擬用戶數(shù)據(jù)庫
[root@Centos-6-70 vsftpd]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db
6、 刪除虛擬用戶文本文件防止泄密
[root@Centos-6-70 vsftpd]# rm vusers.txt
rm: remove regular file `vusers.txt'? y
[root@Centos-6-70 vsftpd]#
7、 修改虛擬用戶數(shù)據(jù)庫文件訪問權(quán)限
[root@Centos-6-70 vsftpd]# chmod 644 vusers.db
[root@Centos-6-70 vsftpd]# ll vusers.db
-rw-r--r-- 1 root root 12288 May 13 07:27 vusers.db
[root@Centos-6-70 vsftpd]#
8、 修改pam認(rèn)證配置
[root@Centos-6-70 pam.d]# cat vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers
[root@Centos-6-70 pam.d]#
9、 修改vsftpd主配置文件vsftpd.conf
anonymous_enable=NO #不允許匿名登陸
local_enable=YES #允許本地用戶登錄
chroot_local_user=YES #所有用戶都被限制在其主目錄下
chroot_list_enable=NO #不允許例外用戶切換到其他目錄
pam_service_name=vsftpd #指定PAM文件名,配置vsftpd 使用的PAM 模塊為vsftpd
user_config_dir=/etc/vsftpd/vuserconfig #設(shè)置虛擬帳號(hào)的主目錄為/etc/vsftpd/vuserconfig
10、 創(chuàng)建虛擬用戶配置文件夾vuserconfig
[root@Centos-6-70 vsftpd]# mkdir vuserconfig
[root@Centos-6-70 vsftpd]# ll -d vuserconfig/
drwxr-xr-x 2 root root 4096 May 13 07:48 vuserconfig/
[root@Centos-6-70 vsftpd]#
11、 創(chuàng)建及配置虛擬用戶配置文件
[root@Centos-6-70 vuserconfig]# cat xuegod1
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[root@Centos-6-70 vuserconfig]# cat xuegod2
guest_enable=yes
guest_username=xue
anon_world_readable_only=no
write_enable=yes
anon_mkdir_write_enable=yes
anon_upload_enable=yes
virtual_use_local_privs=YES
[root@Centos-6-70 vuserconfig]#
12、 重啟vsftpd及httpd服務(wù)并查看是否成功
[root@Centos-6-70 vuserconfig]# netstat -antup | grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2136/vsftpd
[root@Centos-6-70 vuserconfig]# netstat -antup | grep httpd
tcp 0 0 :::80 :::* LISTEN 2148/httpd
[root@Centos-6-70 vuserconfig]#
13、 測(cè)試是否生效
[root@Centos-6-70 home]# lftp -u xuegod1 192.168.70.243
Password:
lftp xuegod1@192.168.70.243:~> pwd
ftp://xuegod1@192.168.70.243
lftp xuegod1@192.168.70.243:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp xuegod1@192.168.70.243:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp xuegod1@192.168.70.243:~> ls
lftp xuegod1@192.168.70.243:/> put /home/index.html
559038 bytes transferred
lftp xuegod1@192.168.70.243:/> put /home/boot.tar.gz
3145728 bytes transferred
lftp xuegod1@192.168.70.243:/> mkdir os
mkdir ok, `os' created
lftp xuegod1@192.168.70.243:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp xuegod1@192.168.70.243:/> mv os iso
rename successful
lftp xuegod1@192.168.70.243:/> rm grub.tar.gz
rm ok, `grub.tar.gz' removed
lftp xuegod1@192.168.70.243:/> rmdir iso
rmdir ok, `iso' removed
lftp xuegod1@192.168.70.243:/> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp xuegod1@192.168.70.243:/> quit
[root@Centos-6-70 home]#
14、 訪問apahce查看網(wǎng)站頁面
15、 同理測(cè)試xuegod2帳號(hào)登錄
[root@Centos-6-70 home]# lftp -u xuegod2 192.168.70.243
Password:
lftp xuegod2@192.168.70.243:~> ls
-rw-r--r-- 1 500 48 559038 May 13 08:48 index.html
lftp xuegod2@192.168.70.243:/> rm index.html
rm ok, `index.html' removed
lftp xuegod2@192.168.70.243:/> cd /home
cd: Access failed: 550 Failed to change directory. (/home)
lftp xuegod2@192.168.70.243:/> cd /var/www
cd: Access failed: 550 Failed to change directory. (/var/www)
lftp xuegod2@192.168.70.243:/> put /home/index.html
559038 bytes transferred
lftp xuegod2@192.168.70.243:/> put boot.tar.gz
3145728 bytes transferred
lftp xuegod2@192.168.70.243:/> mkdir os
mkdir ok, `os' created
lftp xuegod2@192.168.70.243:/> mv boot.tar.gz grub.tar.gz
rename successful
lftp xuegod2@192.168.70.243:/> mv os iso
rename successful
lftp xuegod2@192.168.70.243:/> rm index.html
rm ok, `index.html' removed
lftp xuegod2@192.168.70.243:/> ls
-rw-r--r-- 1 500 48 3145728 May 13 08:50 grub.tar.gz
drwxr-xr-x 2 500 48 4096 May 13 08:50 iso
lftp xuegod2@192.168.70.243:/> rm grub.tar.gz
rm ok, `grub.tar.gz' removed
lftp xuegod2@192.168.70.243:/> rmdir iso
rmdir ok, `iso' removed
lftp xuegod2@192.168.70.243:/> ls
16、 刪除hao123主頁index.html后的訪問效果
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。