2008-07-07

[筆記]VSFTPD 建立虛擬用戶與SSL加密 in Debian

安裝 libpam-pwdfile
apt-get install libpam-pwdfile

建立vsftpd_vuser專用的pam service (vsftpd_vusers)
/etc/pam.d/vsftpd_vusers
# Customized login using htpasswd file
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so

利用apache的htpasswd來建立帳號/密碼檔

htpasswd -c /etc/vsftpd/passwd USERA
htpasswd /etc/vsftpd/passwd USERB
chmod 600 /etc/vsftpd/passwd

建立user_list
/etc/vsftpd/user_list
USERA
USERB

建立個別ACCOUNT目錄/權限

/etc/vsftpd/user/USERA
local_root=/PATH/TO/USERA/ACCESS

/etc/vsftpd/user/USERB
local_root=/PATH/TO/USERB/ACCESS
guest_username=REAL_USER_ACCOUNT
local_umask=002

建立SSL key

openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

/etc/vsftpd.conf

pasv_min_port=xxxxx
pasv_max_port=yyyyy
listen_port=zz
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/user_list
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
tcp_wrappers=YES
## VUSER ##
pam_service_name=vsftpd_vusers
user_config_dir=/etc/vsftpd/user
virtual_use_local_privs=YES
guest_enable=YES
secure_chroot_dir=/var/run/vsftpd
hide_ids=YES
## SSL ##
ssl_enable=YES
force_local_data_ssl=no
force_local_logins_ssl=YES
ssl_tlsv1=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem