生产环境中安装vsftpd的shell脚本:
vi install_vsftpd.sh
#!/bin/bash
# Remove=>Download=>Install=>Configure=>Start service "vsftpd"
#
# /usr/bin/yum => #!/usr/bin/Python2.4
# Remove old
/sbin/service vsftpd stop
/usr/bin/yum -y remove vsftpd db4-utils
/bin/rm -rf /etc/vsftpd
# Download and install new program
/usr/bin/yum -y install vsftpd db4-utils
#####################
# Configure from here
# Make directories
/bin/mkdir -p /etc/vsftpd/roles /data/ftpdata /data/data1 /data/data2
# Add local user 'vftp' with local directory '/data/ftp'
/usr/sbin/useradd -s /sbin/nologin vftp -d /data/ftpdata
/bin/chmod 700 /data/ftpdata
/bin/chown vftp:vftp /data/ftpdata
# Use configuration settings below
test -f /etc/vsftpd/vsftpd.conf && /bin/mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.old
/bin/cat > /etc/vsftpd/vsftpd.conf << _vsftpconfig
anon_mkdir_write_enable=NO
anon_root=/dev/zero
anon_upload_enable=NO
anon_world_readable_only=YES
anonymous_enable=NO
banner_file=/etc/vsftpd/issue
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
connect_from_port_20=YES
data_connection_timeout=120
dirmessage_enable=YES
ftpd_banner=Welcome to use mercury FTP server.
guest_enable=YES
guest_username=vftp
hide_file={.*}
pam_service_name=vsftpd.vu
idle_session_timeout=600
local_enable=YES
local_umask=022
log_ftp_protocol=YES
passwd_chroot_enable=NO
pasv_enable=YES
pasv_min_port=9981
pasv_max_port=10281
listen_ipv6=NO
listen_port=6666
listen=YES
tcp_wrappers=YES
use_localtime=YES
user_config_dir=/etc/vsftpd/roles
userlist_enable=YES
virtual_use_local_privs=YES
write_enable=YES
xferlog_enable=YES
xferlog_std_format=YES
_vsftpconfig
# Create virtual accounts
/bin/cat > /etc/vsftpd/accounts << _accounts
ftpdata
123
data1
123
data2
123
_accounts
/usr/bin/db_load -T -t hash -f /etc/vsftpd/accounts /etc/vsftpd/accounts.db
/bin/chmod 0600 /etc/vsftpd/accounts.db
echo "/usr/bin/db_load -T -t hash -f /etc/vsftpd/accounts /etc/vsftpd/accounts.db" > /etc/vsftpd/create.sh
echo "/bin/chmod 0600 /etc/vsftpd/accounts.db" >> /etc/vsftpd/create.sh
/bin/chmod u+x /etc/vsftpd/create.sh
# Add PAM
test $(/usr/bin/getconf LONG_BIT) -eq 64 && logBit=64
/bin/cat > /etc/pam.d/vsftpd.vu << _pam
#%PAM-1.0
auth sufficient /lib${logBit:+64}/security/pam_userdb.so db=/etc/vsftpd/accounts
account sufficient /lib${logBit:+64}/security/pam_userdb.so db=/etc/vsftpd/accounts
_pam
# User permission
> /etc/vsftpd/chroot_list
/bin/cat > /etc/vsftpd/roles/ftpdata << _ftpdata
local_root=/data/ftpdata
anon_world_readable_only=no
write_enable=yes
anon_upload_enable=no
virtual_use_local_privs=yes
anon_mkdir_write_enable=no
_ftpdata
/bin/cat > /etc/vsftpd/roles/data1 << _data1
local_root=/data/data1
anon_world_readable_only=no
write_enable=no
anon_upload_enable=no
virtual_use_local_privs=yes
anon_mkdir_write_enable=no
_data1
/bin/cat > /etc/vsftpd/roles/data2 << _data2
local_root=/data/data2
anon_world_readable_only=no
write_enable=no
anon_upload_enable=no
virtual_use_local_privs=yes
anon_mkdir_write_enable=no
_data2
/bin/cat > /etc/vsftpd/issue << _ftpissue
==== Welcome to use mercury ftp server ====
Your host,ipaddress and all your operate will be logged,enjoy yourself.
_ftpissue
# selinux
#SELINUX_FLAG=$(/usr/bin/awk -F"=" '/^SELINUX/ {print $2}' /etc/sysconfig/selinux)
#test "$SELINUX_FLAG" != "enforcing" && /bin/sed -i 's/SELINUX=.*$/SELINUX=enforcing/' /etc/sysconfig/selinux
/usr/sbin/setsebool -P ftpd_disable_trans on
# chkconfig
/sbin/chkconfig vsftpd on
# Start service "vsftpd"
/sbin/service vsftpd start
# type "ftp localhost" to test
# END