My linux world » srv-ftp

srv-ftp


Prerequiste

I assume that you have a Centos installation.

Installation

You can copy/paste this script and use it to configure automatically your server.

  1. #!/bin/bash
  2.  
  3. echo "install vsftpd"
  4. dnf -y install vsftpd #pam_mysql
  5.  
  6. echo "create firewall service"
  7. cat > /etc/firewalld/services/vsftp.xml << "EOF"
  8. <?xml version="1.0" encoding="utf-8"?>
  9. <service>
  10. <short>vsftp</short>
  11. <description>ftp server</description>
  12. <port protocol="tcp" port="21"/>
  13. </service>
  14. EOF
  15.  
  16. echo "add service vsftp (port 21) to firewall"
  17. firewall-cmd --permanent --add-service vsftp
  18.  
  19. echo "create database vsftpd, user/password vsftpd/vsftpd":
  20. mysql --user=root --password=root -e "CREATE USER 'vsftpd'@'localhost' IDENTIFIED BY 'vsftpd';"
  21. mysql --user=root --password=root -e "CREATE DATABASE IF NOT EXISTS vsftpd;"
  22. mysql --user=root --password=root -e "use vsftpd; GRANT ALL PRIVILEGES ON vsftpd.* TO 'vsftpd'@'localhost' WITH GRANT OPTION;"
  23.  
  24. echo "initialize vsftpd table"
  25. mysql --user=root --password=root -e 'use vsftpd; CREATE TABLE IF NOT EXISTS `vsftpd`.`users` (`id_user` int(11) NOT NULL auto_increment,`login` varchar(50) NOT NULL,`password` varchar(100) NOT NULL,`active` int(11) NOT NULL,PRIMARY KEY (`id_user`)) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;'
  26. mysql --user=root --password=root -e 'use vsftpd; CREATE TABLE IF NOT EXISTS `vsftpd`.`log` (`id_log` int(11) NOT NULL auto_increment,`login` varchar(50) NOT NULL,`message` varchar(200) NOT NULL,`pid` varchar(10) NOT NULL,`host` varchar(30) NOT NULL,`time` datetime default NULL,PRIMARY KEY (`id_log`)) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;'
  27.  
  28. echo "Configure /etc/vsftpd/vsftpd.conf"
  29. cat > /etc/vsftpd/vsftpd.conf << "EOF"
  30. # Listen port
  31. listen_port=21
  32.  
  33. # You may fully customise the login banner string:
  34. ftpd_banner=Welcome to blah FTP service.
  35.  
  36. # PAM configuration file
  37. pam_service_name=vsftpd
  38.  
  39. # When "listen" directive is enabled, vsftpd runs in standalone mode and
  40. # listens on IPv4 sockets. This directive cannot be used in conjunction
  41. # with the listen_ipv6 directive.
  42. listen=YES
  43.  
  44. # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
  45. anonymous_enable=NO
  46. anon_world_readable_only=NO
  47. anon_upload_enable=NO
  48. anon_mkdir_write_enable=NO
  49. anon_other_write_enable=NO
  50.  
  51. # Uncomment this to allow local users to log in.
  52. local_enable=YES
  53.  
  54. # Userlist file
  55. userlist_file=/etc/vsftpd/user_list
  56. userlist_enable=YES
  57. userlist_deny=YES
  58.  
  59. # Uncomment this to enable any form of FTP write command.
  60. write_enable=NO
  61.  
  62. # Allow un-anonymous guest users to connect to ftp (map to ftpsecure)
  63. guest_enable=YES
  64. guest_username=ftpsecure
  65.  
  66. # You may specify an explicit list of local users to chroot() to their home
  67. # directory. If chroot_local_user is YES, then this list becomes a list of
  68. # users to NOT chroot().
  69. chroot_local_user=YES
  70.  
  71. # Maximum number of simultaneous connection
  72. max_clients=50
  73.  
  74. # Maximum number of connections from the same IP
  75. # Note, if you set value to 1, you won't be able to upload / download files (because it will create a new connection)
  76. max_per_ip=10
  77.  
  78. # Record specific user configuration
  79. user_config_dir=/etc/vsftpd/vsftpd_user_conf
  80.  
  81. # The target log file can be vsftpd_log_file or xferlog_file.
  82. # This depends on setting xferlog_std_format parameter
  83. xferlog_enable=YES
  84.  
  85. # PASV - passive ports for FTP (range 44000 - 44100 ; 100 PASV ports, OPEN FIREWALL FOR ALLOWING CONNECTIONS
  86. pasv_enable=YES
  87. pasv_min_port=44000
  88. pasv_max_port=44100
  89. EOF
  90. chmod 600 /etc/vsftpd/vsftpd.conf
  91.  
  92. echo "Add non-privileged user ftpsecure"
  93. useradd -G users -s /sbin/nologin -d /home/ftpsecure ftpsecure
  94.  
  95. echo "configure pam_mysql"
  96. cat > /etc/pam.d/vsftpd << "EOF"
  97. #%PAM-1.0
  98. auth sufficient pam_unix.so
  99. account sufficient pam_unix.so
  100. auth required /lib64/security/pam_mysql.so verbose=0 user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=login passwdcolumn=password crypt=3 where=users.active=1 sqllog=yes logtable=log logmsgcolumn=message logusercolumn=login logpidcolumn=pid loghostcolumn=host logtimecolumn=time
  101. account required /lib64/security/pam_mysql.so verbose=0 user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=login passwdcolumn=password crypt=3 where=users.active=1 sqllog=yes logtable=log logmsgcolumn=message logusercolumn=login logpidcolumn=pid loghostcolumn=host logtimecolumn=time
  102. EOF
  103.  
  104. echo "generate script to create new user"
  105. mkdir -p /opt/vsftpd/scripts
  106. cat > /opt/vsftpd/scripts/user_create.bash << "EOF"
  107. #!/bin/bash
  108.  
  109. EXPECTED_ARGS=2
  110.  
  111. if [ $# -ne $EXPECTED_ARGS ]
  112. then
  113. echo "Usage: `basename $0` {user} {password}"
  114. exit 1
  115. fi
  116.  
  117. user=$1
  118. password=$2
  119.  
  120. echo "create new user $user/$password (i.e. user/password)"
  121. mysql --user=root --password=root -e 'use vsftpd; INSERT INTO `vsftpd`.`users` (`id_user`, `login`, `password`, `active`) VALUES (NULL, "'$user'", MD5("'$password'"), 1);'
  122.  
  123. mkdir -p mkdir /home/ftpsecure/$user
  124. chown ftpsecure:users /home/ftpsecure/$user -R
  125. chmod 700 /home/ftpsecure/$user -R
  126.  
  127. # configuration file
  128. echo "local_root=$user" > /etc/vsftpd/vsftpd_user_conf/$user
  129. echo "write_enable=YES" >> /etc/vsftpd/vsftpd_user_conf/$user
  130. echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd_user_conf/$user
  131. echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd_user_conf/$user
  132. echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd_user_conf/$user
  133.  
  134. EOF
  135.  
  136.  
  137. cat > /opt/vsftpd/scripts/user_disable.bash << "EOF"
  138. #!/bin/bash
  139.  
  140. EXPECTED_ARGS=1
  141.  
  142. if [ $# -ne $EXPECTED_ARGS ]
  143. then
  144. echo "Usage: `basename $0` {user}"
  145. exit 1
  146. fi
  147.  
  148. user=$1
  149.  
  150. mysql --user=root --password=root -e 'use vsftpd; UPDATE `vsftpd`.`users` SET `active` = '0' WHERE `users`.`login` ="'$user'";'
  151. EOF
  152.  
  153. cat > /opt/vsftpd/scripts/user_enable.bash << "EOF"
  154. #!/bin/bash
  155.  
  156. EXPECTED_ARGS=1
  157.  
  158. if [ $# -ne $EXPECTED_ARGS ]
  159. then
  160. echo "Usage: `basename $0` {user}"
  161. exit 1
  162. fi
  163.  
  164. user=$1
  165.  
  166. mysql --user=root --password=root -e 'use vsftpd; UPDATE `vsftpd`.`users` SET `active` = '1' WHERE `users`.`login` ="'$user'";'
  167. EOF
  168.  
  169. cat > /opt/vsftpd/scripts/user_delete.bash << "EOF"
  170. #!/bin/bash
  171.  
  172. EXPECTED_ARGS=1
  173.  
  174. if [ $# -ne $EXPECTED_ARGS ]
  175. then
  176. echo "Usage: `basename $0` {user}"
  177. exit 1
  178. fi
  179.  
  180. user=$1
  181.  
  182. mysql --user=root --password=root -e 'use vsftpd; DELETE FROM `vsftpd`.`users` WHERE `users`.`login` = "'$user'"'
  183.  
  184. rm -f /etc/vsftpd/vsftpd_user_conf/$user
  185. rm -fr /home/ftpsecure/$user
  186. EOF
  187.  
  188. echo "create /etc/vsftpd/vsftpd_user_conf directory"
  189. mkdir -p /etc/vsftpd/vsftpd_user_conf
  190.  
  191. echo "create new user myuser/mypassword (i.e. user/password)"
  192. bash /opt/vsftpd/scripts/user_create.bash myuser mypassword
  193.  
  194. echo "launch vsftpd at startup"
  195. systemctl enable vsftpd.service
  196.  
  197. echo "launch vsftpd"
  198. systemctl start vsftpd.service
  199.  
  200. myip=`hostname -I`
  201. echo "Now meet you there: ftp://$myip"
  202. echo "NOTE: try to connect using login/password : myuser/mypassword"
  203.  

That’s all 🙂


Copyright © 2023 My linux world - by Marc RABAHI
Design by Marc RABAHI and encelades.

Fork me on GitHub