第一个脚本保存为vsftpd.sh,赋予x权限,或者sh vsftpd.sh user passwd执行,会根据系统(仅支持CentOS5,6,7,建议为6)配置虚拟用户登录ftp环境; 第二个脚本为创建虚拟用户函数,请往下看。
#!/bin/bash
#Create virtual ftp users, first user is test
error() {
echo "Error, usage: $0 user password"
exit 1
}
SYS_VERSION=$(awk -F "release" '{print $2}' /etc/redhat-release | awk '{print $1}' | awk -F . '{print $1}')
[ "$#" = "2" ] || error
vfu=/etc/vsftpd/vfu.list
vfudb=/etc/vsftpd/vfu.db
vfudir=/etc/vsftpd/vfu_dir
user=$1
passwd=$2
yum -y install vsftpd ftp
[ "$SYS_VERSION" == "5" ] && yum -y install db4-utils
[ "$SYS_VERSION" == "6" ] && yum -y install db4-utils
[ "$SYS_VERSION" == "7" ] && yum -y install libdb-utils
cat >>$vfu <<EOF
$user
$passwd
EOF
db_load -T -t hash -f $vfu $vfudb
chmod 600 $vfu $vfudb
cat >/etc/pam.d/vsftpd.vu <<EOF
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/vfu
account required pam_userdb.so db=/etc/vsftpd/vfu
EOF
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
cat >/etc/vsftpd/vsftpd.conf <<EOF
ftpd_banner=Ftp CodeSourceRoot
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/vsftpd.log
userlist_enable=YES
userlist_deny=YES
listen=YES
listen_ipv6=NO
max_per_ip=5
tcp_wrappers=YES
pam_service_name=vsftpd.vu
virtual_use_local_privs=YES
guest_enable=YES
guest_username=ftp
user_config_dir=$vfudir
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
local_root=/var/ftp/
EOF
#chroot_list:open user
#chown -R ftp.ftp /var/ftp
#chmod -R a+t /vat/ftp/
touch /etc/vsftpd/chroot_list
mkdir -p $vfudir
cd $vfudir
cat >$user <<EOF
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/var/ftp/
EOF
/etc/init.d/vsftpd start
echo "Ending,Succeed!!!"
if [ "$SYS_VERSION" == "6" ] || [ "$SYS_VERSION" == "5" ]; then
sed -i 's/IPTABLES_MODULES=""/IPTABLES_MODULES="nf_conntrack_ftp"/' /etc/sysconfig/iptables-config
modprobe nf_conntrack_ftp
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
elif [ "$SYS_VERSION" == "7" ]; then
echo "Please check firewalld:stop or set rule."
fi
第二个脚本保存为create_ftp.sh,需要传递三个参数,user、password、home,会自动创建虚拟用户可直接登录 home(自定义user的根目录)。
#/bin/bash
#create virtual ftp user.
error() {
echo "Error, usage: $0 user password home"
exit 1
}
[ "$#" != "3" ] && error
#arg:$init_user $init_passwd $init_user_home_root
vfu=/etc/vsftpd/vfu.list
vfudb=/etc/vsftpd/vfu.db
vfudir=/etc/vsftpd/vfu_dir
cat >>$vfu <<EOF
$1
$2
EOF
db_load -T -t hash -f $vfu $vfudb
cat >${vfudir}/$1 <<EOF
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=$3
EOF
chown -R ftp.ftp $3
chmod -R a+t $3
/etc/init.d/vsftpd reload