[ubuntu] vsftpd 사용자 개별관리(virtual users)

ftp계정을 우분투계정이 아닌

가상유저를 생성하여 관리하게 합니다.

1. 준비작업(계정 데이터베이스생성)

# sudo mkdir /etc/vsftpd

# sudo vi vusers.txt

SAMPLE OUTPUT (vusers.txt)

ftptest    (ID)

12345    (PASSWORD)

luuaz

7777

텍스트파일로 계정을 설정한다음, 실제 데이터베이스파일을 생성합니다.

(db_util패키지 필요)

# db_load -T -t hash -f vusers.txt virtual-user.db

# chmod 600 virtual-user.db

2. vsftpd.conf 설정

# 포트변경

listen_port=2121

# 패시브설정

pasv_enable=YES

pasv_min_port=5001

pasv_max_port=5050

anonymous_enable=NO

local_enable=YES

# Virtual users will use the same privileges as local users.

# It will grant write access to virtual users. Virtual users will use the

# same privileges as anonymous users, which tends to be more restrictive

# (especially in terms of write access).

virtual_use_local_privs=YES

write_enable=YES

# Set the name of the PAM service vsftpd will use

pam_service_name=vsftpd.virtual

# Activates virtual users

guest_enable=YES

# Automatically generate a home directory for each virtual user, based on a template.

# For example, if the home directory of the real user specified via guest_username is

# /home/virtual/$USER, and user_sub_token is set to $USER, then when virtual user vivek

# logs in, he will end up (usually chroot()'ed) in the directory /home/virtual/vivek.

# This option also takes affect if local_root contains user_sub_token.

user_sub_token=$USER

# Usually this is mapped to Apache virtual hosting docroot, so that

# Users can upload files

local_root=/home/vftp/$USER

# Chroot user and lock down to their home dirs

chroot_local_user=YES

chroot_list_enable=NO

# Hide ids from user

hide_ids=YES

3. PAM파일 생성

# sudo vi /etc/pam.d/vsftpd.virtual

OUTPUT (vsftpd.virtual)

auth        required        pam_userdb.so db=/etc/vsftpd/virtual-user

account    required        pam_userdb.so db=/etc/vsftpd/virtual-user

session    required        pam_loginuid.so

4. 사용자디렉토리 생성

# mkdir -p /home/vftp/{ftptest,luuaz}

# chown -R ftp:ftp /home/vftp

5. FTP서버 재시작

# sudo service vsftpd restart

6. 테스트

$ ftp localhost 2121

Connected to localhost.

220 (vsFTPd 3.0.2)

Name (localhost:luuaz): ftptest

331 Please specify the password.

Password: PASSWORD

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

※ 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

    Login failed. 발생시

vsftpd.conf에 아래항목을 추가

allow_writeable_chroot=YES

Reference Documentation:

https://help.ubuntu.com/community/vsftpd

끝.