[ubuntu] vsftpd 사용자 개별관리(virtual users)
ftp계정을 우분투계정이 아닌
가상유저를 생성하여 관리하게 합니다.
1. 준비작업(계정 데이터베이스생성)
# sudo mkdir /etc/vsftpd
# sudo vi vusers.txt
SAMPLE OUTPUT (vusers.txt)
ftptest (ID)
12345 (PASSWORD)
luuaz
7777
텍스트파일로 계정을 설정한다음, 실제 데이터베이스파일을 생성합니다.
(db_util패키지 필요)
# db_load -T -t hash -f vusers.txt virtual-user.db
# chmod 600 virtual-user.db
2. vsftpd.conf 설정
# 포트변경
listen_port=2121
# 패시브설정
pasv_enable=YES
pasv_min_port=5001
pasv_max_port=5050
anonymous_enable=NO
local_enable=YES
# Virtual users will use the same privileges as local users.
# It will grant write access to virtual users. Virtual users will use the
# same privileges as anonymous users, which tends to be more restrictive
# (especially in terms of write access).
virtual_use_local_privs=YES
write_enable=YES
# Set the name of the PAM service vsftpd will use
pam_service_name=vsftpd.virtual
# Activates virtual users
guest_enable=YES
# Automatically generate a home directory for each virtual user, based on a template.
# For example, if the home directory of the real user specified via guest_username is
# /home/virtual/$USER, and user_sub_token is set to $USER, then when virtual user vivek
# logs in, he will end up (usually chroot()'ed) in the directory /home/virtual/vivek.
# This option also takes affect if local_root contains user_sub_token.
user_sub_token=$USER
# Usually this is mapped to Apache virtual hosting docroot, so that
# Users can upload files
local_root=/home/vftp/$USER
# Chroot user and lock down to their home dirs
chroot_local_user=YES
chroot_list_enable=NO
# Hide ids from user
hide_ids=YES
3. PAM파일 생성
# sudo vi /etc/pam.d/vsftpd.virtual
OUTPUT (vsftpd.virtual)
auth required pam_userdb.so db=/etc/vsftpd/virtual-user
account required pam_userdb.so db=/etc/vsftpd/virtual-user
session required pam_loginuid.so