常見檔案服務 FTP & SFTP

# FTP & SFTP setting 情境:需要個專案分別各 user 與環境有區隔並限制的存取目錄設計: ftp 使用server 一個 volume的空間，user 家目錄在 /home 底下個別 user 所需要的路徑用 mount ![image](https://hackmd.io/_uploads/Sk3gJBYUT.png) # user & group create 1. ftp&sftp創立新的群組 groupadd `$ groupadd sftpuser ` 2. user 創建 `$ useradd -d /home/V360sp -G sftpuser -s /sbin/nologin ` ### 目錄權限調整 ``` $ chown -R root:root /home/V360spsec* $ chmod 755 /home/V360spsec* ``` ![image](https://hackmd.io/_uploads/SkfNzVtLT.png) ( sftp chroot 限制，user chroot  home目錄必需是root user) ( ftp chroot 限制，user chroot home目錄, user必需沒有w的權限) ## user account info checkout /etc/passwd ![image](https://hackmd.io/_uploads/SyOmzNtLT.png) ## user group info checkout /etc/group ![image](https://hackmd.io/_uploads/S1Rfz4YU6.png) ## 把 folder mount 到對應的目錄與路徑用fstab 紀錄 `$ vim /etc/fstab ` ![image](https://hackmd.io/_uploads/S16-zVKI6.png) `$ mount -a ` # SFTP chroot於 sshd_config 限制 `$ vim /etc/ssh/sshd_config` ![image](https://hackmd.io/_uploads/r1VefEKUa.png) # FTP 設定於 vsftpd.conf 由於有個別user chroot，把每個 user chroot 限制集中在 user_config_dir ``` $ vim /etc/vsftpd/vsftpd.conf $ systemctl restart sshd ``` ![image](https://hackmd.io/_uploads/rk41zVt8T.png) `$ vim /etc/vsftpd/user_config_dir/ V360sp ` ![image](https://hackmd.io/_uploads/HJW0bEtI6.png) `$ systemctl restart vsftpd` Refence: https://linux.vbird.org/linux_server/centos4/0410vsftpd-centos4.php https://linux.vbird.org/linux_basic_train/centos8/unit10.php # 帳號測試 FTP/SFTP ![image](https://hackmd.io/_uploads/H1i3Z4tIT.png) ![image](https://hackmd.io/_uploads/B15jZNKI6.png)