29.第23章 网络文件共享服务
一.FTP 两种工作模式
主动模式port
FTP主动模式:TCP链接客户端访问FTP,客户端会开启一个大于1024的端口N访问FTP的21端口(控制端口),并通过21端口发送port命令与N 1的端口,服务端收到命令后会使用20(数据端口)主动链接客户端N 1端口进行数据传输。
被动模式pasv
FTP被动模式:TCP链接客户端访问FTP,客户端开启一个大于1024的端口N访问FTP的21端口(控制端口),同时会开启一个N 1的端口,并通过21端口发送pasv命令,FTP同过命令得知处于被动状态,会开放一个大于1024的端口P,然后通过命令通知客户端P数据端口,客户端然后会通过N 1端口链接P端口进行数据传输。
注:
由于防火墙机制,主动模式不利于客户端管理,被动模式不利于服务端管理。
主动情况下服务端数据端主动链接客户端可能遭到客户端防火墙拦截。
被动情况下客户端主动访问服务端数据端口可能遭到服务端防火墙拦截。
二.实现基于MYSQL验证的vsftpd虚拟用户
[root@centos8 ~]# yum -y install mariadb-server[root@centos8 ~]# systemctl enable --now mariadbCreated symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.[root@centos8 ~]# mysqlWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 8Server version: 10.3.27-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE vsftpd;Query OK, 1 row affected (0.000 sec)MariaDB [(none)]> use vsftpdDatabase changedCREATE TABLE users (id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,name CHAR(50) BINARY NOT NULL,password CHAR(48) BINARY NOT NULL);MariaDB [vsftpd]> desc users; ---------- ---------- ------ ----- --------- ---------------- | Field | Type | Null | Key | Default | Extra | ---------- ---------- ------ ----- --------- ---------------- | id | int(11) | NO | PRI | NULL | auto_increment || name | char(50) | NO | | NULL | || password | char(48) | NO | | NULL | | ---------- ---------- ------ ----- --------- ---------------- 3 rows in set (0.001 sec)MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser1',password('123456'));Query OK, 1 row affected (0.001 sec)MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser2',password('123456'));Query OK, 1 row affected (0.001 sec)MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser3',password('123456'));Query OK, 1 row affected (0.001 sec)MariaDB [vsftpd]> select * from users; ---- ---------- ------------------------------------------- | id | name | password | ---- ---------- ------------------------------------------- | 1 | ftpuser1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 || 2 | ftpuser2 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 || 3 | ftpuser3 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | ---- ---------- ------------------------------------------- 3 rows in set (0.000 sec)MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';Query OK, 0 rows affected (0.000 sec)[root@centos7 ~]# yum -y install vsftpd gcc gcc-c make mariadb-devel pam-devel[root@centos7 ~]# rz -Erz waiting to receive.[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz [root@centos7 ~]# cd pam_mysql-0.7RC1[root@centos7 pam_mysql-0.7RC1]# lsacinclude.m4 config.guess configure CREDITS ltmain.sh missing pam_mysql.c pkg.m4aclocal.m4 config.h.in configure.in INSTALL Makefile.am mkinstalldirs pam_mysql.spec READMEChangeLog config.sub COPYING install-sh Makefile.in NEWS pam_mysql.spec.in stamp-h.in[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security[root@centos7 pam_mysql-0.7RC1]# make install[root@centos7 pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql.*-rwxr-xr-x 1 root root 882 Mar 13 21:08 /lib64/security/pam_mysql.la-rwxr-xr-x 1 root root 141712 Mar 13 21:08 /lib64/security/pam_mysql.so[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysqlauth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2:wq[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser[root@centos7 pam_mysql-0.7RC1]# id vuseruid=998(vuser) gid=996(vuser) groups=996(vuser)[root@centos7 pam_mysql-0.7RC1]# ls /data/ftprootls: cannot access /data/ftproot: No such file or directory[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload[root@centos7 pam_mysql-0.7RC1]# ll -d /data/ftproot/uploaddrwxr-xr-x 2 root root 6 Mar 13 21:16 /data/ftproot/upload[root@centos7 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftproot/upload/[root@centos7 pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.confanonymous_enable=NO pam_service_name=vsftpd.mysqlguest_enable=YESguest_username=vuser:wq[root@centos7 pam_mysql-0.7RC1]# systemctl enable --now vsftpdCreated symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.[root@centos7 pam_mysql-0.7RC1]# ss -ntlState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 32 [::]:21 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 100 [::1]:25 [::]:*[root@centos6 ~]# yum -y install ftp[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser1331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (10,0,0,7,57,86).150 Here comes the directory listing.drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> !lsanaconda-ks.cfg install.log install.log.syslogftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,115,217).550 Permission denied.ftp> exit221 Goodbye.[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser2331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (10,0,0,7,191,50).150 Here comes the directory listing.drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> !lsanaconda-ks.cfg install.log install.log.syslogftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,115,217).550 Permission denied.ftp> exit221 Goodbye.[root@centos7 ~]# vim /etc/vsftpd/vsftpd.confuser_config_dir=/etc/vsftpd/conf.d/ :wq[root@centos7 ~]# mkdir /etc/vsftpd/conf.d/[root@centos7 conf.d]# vim ftpuser1anon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES :wq[root@centos7 conf.d]# systemctl restart vsftpd[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser1331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> pwd257 "/"ftp> ls227 Entering Passive Mode (10,0,0,7,38,124).150 Here comes the directory listing.drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,195,218).150 Ok to send data.226 Transfer complete.958 bytes sent in 0.00704 secs (136.12 Kbytes/sec)ftp>[root@centos7 pam_mysql-0.7RC1]# tail -f /var/log/secureMar 13 21:35:02 centos7 polkitd[547]: Registered Authentication Agent for unix-process:11920:442834 (system bus name :1.24 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)Mar 13 21:35:02 centos7 polkitd[547]: Unregistered Authentication Agent for unix-process:11920:442834 (system bus name :1.24, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)[root@centos7 conf.d]# ll /data/ftproot/upload/total 4-rw------- 1 vuser vuser 958 Mar 13 21:36 anaconda-ks.cfg[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser2331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (10,0,0,7,191,50).150 Here comes the directory listing.drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> !lsanaconda-ks.cfg install.log install.log.syslogftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,115,217).550 Permission denied.ftp> exit221 Goodbye.[root@centos7 conf.d]# mkdir /data/ftproot2[root@centos7 conf.d]# touch /data/ftproot2/ftproot2.txt[root@centos7 conf.d]# mkdir /data/ftproot3[root@centos7 conf.d]# touch /data/ftproot3/ftproot3.txt[root@centos7 conf.d]# vim ftpuser2local_root=/data/ftproot2:wq[root@centos7 conf.d]# vim ftpuser3anon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESlocal_root=/data/ftproot3:wq[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser2331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> pwd257 "/"ftp> ls227 Entering Passive Mode (10,0,0,7,197,196).150 Here comes the directory listing.-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txt226 Directory send OK.[root@centos7 conf.d]# mkdir /data/ftproot2/upload[root@centos7 conf.d]# mkdir /data/ftproot3/uploadftp> ls227 Entering Passive Mode (10,0,0,7,209,217).150 Here comes the directory listing.-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txtdrwxr-xr-x 2 0 0 6 Mar 13 13:46 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,75,170).550 Permission denied.ftp> exit221 Goodbye.[root@centos6 ~]# ftp 10.0.0.7Connected to 10.0.0.7 (10.0.0.7).220 (vsFTPd 3.0.2)Name (10.0.0.7:root): ftpuser3331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> pwd257 "/"ftp> ls227 Entering Passive Mode (10,0,0,7,178,70).150 Here comes the directory listing.-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot3.txtdrwxr-xr-x 2 0 0 6 Mar 13 13:46 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> !lsanaconda-ks.cfg install.log install.log.syslogftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,49,119).553 Could not create file.[root@centos7 conf.d]# ll /data/ftproot3/upload/ -ddrwxr-xr-x 2 root root 6 Mar 13 21:46 /data/ftproot3/upload/[root@centos7 conf.d]# setfacl -m u:vuser:rwx /data/ftproot3/upload/ftp> put anaconda-ks.cfg local: anaconda-ks.cfg remote: anaconda-ks.cfg227 Entering Passive Mode (10,0,0,7,142,7).150 Ok to send data. 226 Transfer complete.958 bytes sent in 0.000108 secs (8870.37 Kbytes/sec)
赞 (0)