vsftpd自动安装-虚拟用户模式

时间:2022-04-17 18:12:17
#!/bin/bash
#########################################################
# 变量说明:										   		#
# ./Install_Vsftpd.sh adduser 执行添加用户 				#
# ./Install_Vsftpd.sh deluser 执行删除用户			 	#
# authfile 为用户账号密码配置文件						#
# confdir 为虚拟用户配置文件目录						#
#########################################################

vsdir=/etc/vsftpd

guestuser=ftp
authfile=/etc/vsftpd/.login.ini
confdir=/etc/vsftpd/conf.user

if [ ! -f /usr/bin/lsb_release ];then
	yum install -y redhat-lsb-core >> /dev/null 2>&1
	if [ $? -ne 0 ];then
		echo "yum无法使用,请检查网络配置或yum源"
		exit 1
	fi
fi

function install_mes() {
vspid=`ps -ef |grep vsftpd|grep vsftpd.conf |grep -v "grep"|wc -l`
if (( $vspid >= "1" ));then
	echo "已有vsftpd进程在运行,安装退出"
	exit 0
else
	echo "即将安装vsfptd"

	read -p "输入ftp用户名(使用系统用户名将无法登陆): " username
	while true;
	do
		if (( ${#username} == 0 ));then
			echo -e "用户名不能为空"
			read -p "请重新输入ftp用户名(使用系统用户名将无法登陆): " username
		elif [[ $username == root || $username == bin || $username == daemon || $username == adm || $username == lp || $username == sync || $username == shutdown || $username == halt || $username == mail || $username == news || $username == uucp || $username == operator || $username == games || $username == nobody ]];then
			echo "无效用户"
			read -p "请重新输入ftp用户名(使用系统用户名将无法登陆): " username
		else
			break
		fi
	done

	read -p  "输入ftp密码: " password
	while true;
	do
		if (( ${#password} == 0 ));then
			echo -e "密码不能为空"
			read -p  "请重新输入ftp密码: " password
		elif (( ${#password} <= 6 ));then
			echo -e "密码不能小于6位"
			read -p "请重新输入ftp密码: " password
		else
			break
		fi
	done
	read -p "输入ftp端口(默认21): " port
	read -p "输入ftp目录(默认/data/FTP): " FTP
	echo "vsftpd 安装中..."
	yum -y install db4-utils vsftpd >> /dev/null 2>&1
	if [ $? -eq 0 ];then
		echo "vsftpd安装完成"
	else
		echo "vsftpd安装失败,脚本停止!!!"
		exit 1
	fi
fi
}

function config() {
if [ ! -d ${vsdir} ];then
	echo -e "\033[31m[ERROR] 未检测到${vsdir}目录,请卸载vsftpd重新执行安装\033[0m"
	exit 1
fi
cd $vsdir
cp vsftpd.conf vsftpd.conf.bak
sed -i "s/anonymous_enable=.*$/anonymous_enable=NO/g" ${vsdir}/vsftpd.conf
sed -i "/connect_from_port_20=YES/ a \listen_port=21" ${vsdir}/vsftpd.conf
sed -i "s/^.*chroot_local_user=.*$/chroot_local_user=YES/g" ${vsdir}/vsftpd.conf
sed -i "s/^.*chroot_list_enable=.*$/chroot_list_enable=NO/g" ${vsdir}/vsftpd.conf
sed -i "s:^.*xferlog_file=.*$:xferlog_file=/var/log/vsftpd.log:g" ${vsdir}/vsftpd.conf
sed -i "/^.*listen_ipv6=.*$/ a \guest_enable=YES" ${vsdir}/vsftpd.conf
sed -i "/^.*guest_enable=YES.*$/ a \guest_username=${guestuser}" ${vsdir}/vsftpd.conf
sed -i "/^.*guest_username=${guestuser}.*$/ a \user_config_dir=${confdir}" ${vsdir}/vsftpd.conf
echo -e """\npasv_enable=YES\npasv_min_port=50000\npasv_max_port=50100" >> ${vsdir}/vsftpd.conf
echo "reverse_lookup_enable=NO" >> ${vsdir}/vsftpd.conf
sysver=$(lsb_release -a |grep Release|awk '{print $2}'|awk -F"." '{print $1}')
if (( "$sysver" == "7" ));then
    echo -e """\nallow_writeable_chroot=YES" >> ${vsdir}/vsftpd.conf
fi

if [ -n "$port" ];then
	sed -i "s/listen_port=21/listen_port=${port}/g" ${vsdir}/vsftpd.conf
else
	port=21
fi

pamfile=$(grep pam_service_name ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}')
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
cat > /etc/pam.d/${pamfile} << END
auth   required    /lib64/security/pam_userdb.so db=${vsdir}/user
account   required    /lib64/security/pam_userdb.so db=${vsdir}/user
END
}



function adduser_mes() {
#dbfile=$(awk '/db=/' /etc/pam.d/$(grep pam_service_name ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}') |awk -F"=" '{print $2}'|uniq)
guestuser=$(cat ${vsdir}/vsftpd.conf|grep guest_username|awk -F"=" '{print $2}')

if [ ! -f $authfile ];then
	echo "未找到用户密码文件,请手动添加,操作退出..."
	exit 1
fi
echo "即将添加vsftpd虚拟用户..."
read -p "输入ftp用户名(使用系统用户名将无法登陆): " username
	while true;
	do
		if (( ${#username} == 0 ));then
			echo "用户名不能为空"
			read -p "请重新输入ftp用户名(使用系统用户名将无法登陆): " username
		elif awk 'NR%2' $authfile | grep -w $username >> /dev/null;then
			echo "用户已存在"
			read -p "请重新输入ftp用户名(使用系统用户名将无法登陆): " username
		elif grep -w $username ${vsdir}/user_list >> /dev/null;then
			echo "无效用户"
			read -p "请重新输入ftp用户名(使用系统用户名将无法登陆): " username
		else
			break
		fi
	done
read -p "请输入ftp密码: " password
	while true;
	do
		if (( ${#password} == 0 ));then
			echo -e "密码不能为空"
			read -p "请重新输入ftp密码: " password
		elif (( ${#password} <= 6 ));then
			echo -e "密码不能小于6位"
			read -p "请重新输入ftp密码: " password
		else
			break
		fi
	done
read -p "ftp目录(默认 /data/FTP): " FTP
}


function adduser() {
dbfile=$(awk '/db=/' /etc/pam.d/$(grep pam_service_name ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}') |awk -F"=" '{print $2}'|uniq)
confdir=$(awk /user_config_dir/ ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}')
function up_down() {
cat << END
local_root=
write_enable=YES
download_enable=Yes
local_umask=022
anonymous_enable=NO
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
END
}

if [ ! -d ${confdir} ];then
	mkdir -p ${confdir}
fi
cd ${confdir}
touch $username
up_down >> $username
if [ -n "$FTP" ];then
	echo "创建FTP目录: $FTP"
		if [ -d "$FTP" ];then 
		echo "目录已存在"
		chown $guestuser.$guestuser $FTP -R
	else
		mkdir -p $FTP >> /dev/null 2>&1
		chown $guestuser.$guestuser $FTP -R
		echo "创建成功"
	fi
	sed -i "s:local_root=.*$:local_root=$FTP:g" ${confdir}/${username}
else
	FTP=/data/FTP
	echo "创建FTP目录: $FTP"
		if [ -d "$FTP" ];then 
		echo "目录已存在"
		chown $guestuser.$guestuser $FTP -R
	else
		mkdir -p $FTP >> /dev/null 2>&1
		chown $guestuser.$guestuser $FTP -R
		echo "创建成功"
	fi
	sed -i "s:local_root=.*$:local_root=/data/FTP:g" ${confdir}/${username}
fi

cat >> $authfile <<END
$username
$password
END
db_load -T -t hash -f $authfile ${dbfile}.db
}

function deluser(){
dbfile=$(awk '/db=/' /etc/pam.d/$(grep pam_service_name ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}') |awk -F"=" '{print $2}'|uniq)

echo "即将删除vsftpd虚拟用户..."
if [ ! -f $authfile ];then
	echo "未找到用户密码文件,请手动添加,操作退出..."
	exit 1
fi

read -p "请输入要删除的vsftpd虚拟用户名: " delname
	while true;
	do
		if (( ${#delname} == 0 ));then
			echo "用户名不能为空"
			read -p "请重新输入ftp用户名: " delname
		elif ! awk 'NR%2' $authfile | grep -w $delname >> /dev/null;then
			echo "用户不存在"
			read -p "请重新输入ftp用户名: " delname
		else
			del_num=$(nl $authfile | awk 'NR%2' |grep -w $delname | awk -F" " '{print $1}')
			echo -e "用户目录为: $(awk /local_root/ ${confdir}/${delname} |awk -F"=" '{print $2}')"
			read -p "是否删除目录[y/N]: " delchoice
			case $delchoice in
				y|Y)
					rm -rf $(awk /local_root/ ${confdir}/${delname} |awk -F"=" '{print $2}')
					if [ $? -eq 0 ];then
						echo -e "\033[31m目录已删除\033[0m"
					fi
				;;
				n|N)
					echo "用户目录保留,脚本继续执行"
				;;
				*)
					echo "无效参数,请手动执行删除,脚本继续"
				;;	
			esac
			sed -i "$((${del_num}+1))d" $authfile
			sed -i "${del_num}d" $authfile
			rm -f ${confdir}/${delname}	
			db_load -T -t hash -f $authfile ${dbfile}.db		
			if [ $? -eq 0 ];then
			echo -e "\033[31m用户已删除\033[0m"
			fi
			service vsftpd restart
			if [ $? -eq 0 ];then
			echo -e "\033[32mvsftpd 重启成功 \033[0m"
			fi
			break
		fi
	done
}

function start_vsftpd () { 
echo "启动Vsftpd"
#/etc/init.d/vsftpd restart
service vsftpd restart
if [ $? -eq 0 ];then
	echo -e "\033[32m vsftpd 启动成功 \033[0m"
	echo -e "\033[31m 账号: $username \033[0m"
	echo -e "\033[31m 密码: $password \033[0m"
	echo -e "\033[31m 端口: $(grep -e "listen_port=.*$" ${vsdir}/vsftpd.conf|awk -F"=" '{print $2}')  \033[0m"
	echo -e "\033[31m 目录: $FTP  \033[0m"
	echo -e "\033[31m 如无法登录,请检查防火墙和SElinux配置  \033[0m"
else
	echo "vsftpd 启动失败,请手动检查配置"
fi
}


if [ "$1" == "adduser" ];then
	adduser_mes
	adduser
	start_vsftpd
elif [ "$1" == "deluser" ];then
	deluser
else
	install_mes
	config
	adduser
	start_vsftpd
fi

标签:

相关文章