#!/bin/bash # ENV_SET() { # one: # SELINUX set #setsebool -P ftpd_full_access on # can also use: setenforce 0 sed -i 's/SELINUX=[a-z]*/SELINUX=disabled/g' /etc/selinux/config # two # firewall #centos6 or 7 if cat /etc/centos-release | grep -o "6\.[0-9]" &> /dev/null; then iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT service iptables save elif cat /etc/centos-release | grep -o "7\.[0-9]" &> /dev/null; then firewall-cmd --zone=public --add-service=ftp --permanent firewall-cmd --reload else iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT service iptables save fi sleep 1 } INSTALL_FTP() { rpm -q vsftpd &> /dev/null && rpm -e vsftpd --nodeps sleep 1 yum install -y vsftpd if cat /etc/centos-release | grep -o "6\.[0-9]" &> /dev/null; then service vsftpd start elif cat /etc/centos-release | grep -o "7\.[0-9]" &> /dev/null; then systemctl start vsftpd else service vsftpd start fi } # run the functions ENV_SET INSTALL_FTP # create user and group mkdir /archive read -t 30 -p "Input the administrator name: " Ad_min id -g $Ad_min &> /dev/null || groupadd $Ad_min id -u $Ad_min &> /dev/null || useradd -g $Ad_min -M -d /archive -s /sbin/nologin $Ad_min echo "$Ad_min" | passwd --stdin $Ad_min &> /dev/null chown -R $Ad_min:$Ad_min /archive # config the pam file! if uname -r | grep 64 &> /dev/null; then cat > /etc/pam.d/vsftpd << EOF auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd EOF else cat > /etc/pam.d/vsftpd << EOF auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd EOF fi # create and save the user add it's passwd to some file cat > /etc/vsftpd/vuser_passwd.txt << EOF $Ad_min $Ad_min EOF # make db file cd /etc/vsftpd db_load -T -t hash -f vuser_passwd.txt vuser_passwd.db &> /dev/null # config privileges of user [[ -d /etc/vsftpd/vuser_conf ]] || mkdir /etc/vsftpd/vuser_conf -p cat > /etc/vsftpd/vuser_conf/$Ad_min << EOF local_root=/archive write_enable=YES anon_umask=022 anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=NO EOF sleep 2 # config the service's conf file: vsftpd.conf sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf sed -i 's/^#ascii_upload_enable=YES/ascii_upload_enable=YES/' /etc/vsftpd/vsftpd.conf sed -i 's/^#ascii_download_enable=YES/ascii_download_enable=YES/' /etc/vsftpd/vsftpd.conf sed -i 's/^#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf # start virtual user echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf # set virtual user's administrator echo "guest_username=$Ad_min" >> /etc/vsftpd/vsftpd.conf # set virtual user's config file path echo "user_config_dir=/etc/vsftpd/vuser_conf" >> /etc/vsftpd/vsftpd.conf # set virtual user just be in it's home rpm -q vsftpd | grep "vsftpd-3.*" &> /dev/null && echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf ##################################################################### echo -e "\n" # if allow pasv mode (default:YES) echo "#pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf # pasv min port to use echo "#pasv_min_port=9921" >> /etc/vsftpd/vsftpd.conf # pasv max port to use echo "#pasv_max_port=9921" >> /etc/vsftpd/vsftpd.conf # if mask to pasv's safe check (default:NO) echo "#pasv_promiscuous=YES" >> /etc/vsftpd/vsftpd.conf # server give back the public ip echo "#pasv_address=183.159.162.6" >> /etc/vsftpd/vsftpd.conf ##################################################################### sleep 1 # restart service if cat /etc/centos-release | grep -o "6\.[0-9]" &> /dev/null; then service vsftpd restart &> /dev/null elif cat /etc/centos-release | grep -o "7\.[0-9]" &> /dev/null; then systemctl restart vsftpd &> /dev/null else service vsftpd restart &> /dev/null fi [ $? -eq 0 ] && echo -e "\033[32m------------ftp install ok---------------\033[0m" || echo -e "\033[31m---------check the script again----------\033[0m"