为什么80%的码农都做不了架构师?>>>
LDAP 的配置见:
将Samba接入LDAP认证并严格控制权限
查看当前isi ftp list配置:
accept-timeout 60allow-anon-accessNOallow-anon-uploadNOallow-dirlists YESallow-downloads YESallow-local-accessYESallow-writes YESalways-chdir-homedir YESanon-chown-username ftpanon-root-path /ifs/home/ftpanon-umask 077ascii-mode offconnect-timeout 60data-timeout 300dirlist-localtimeNOdirlist-nameshidefile-create-perm 0666local-root-path /ifs/home/ftplocal-umask 002server-to-server NOsession-support YESsession-timeout 300user-config-dir /ifs/data/ftp-roledenied-user-list (none)limit-anon-passwords NOanon-password-list(disabled)chroot-local-modeAll local users chrooted; exception list inactivechroot-exception-list (none)
关键配置isi ftp --help:
isi ftp local-root-path --value "/ifs/home/ftp"isi ftp local-umask --value 002isi ftp anon-chown-username --value ftpisi ftp allow-anon-upload NOisi ftp always-chdir-homedir NOisi ftp chroot-local-mode allisi ftp ls# 重启服务的方法:isi services -a vsftpd disableisi services -a vsftpd enable
创建用户bash /ifs/data/create-ftpuser.sh higkoo后即可使用LDAP帐号登录使用:
#!/usr/bin/env bash/bin/cp -fv /ifs/data/ftp-role/higkoo /ifs/data/ftp-role/${1}/bin/mkdir -pv /ifs/home/ftp/${1}/usr/sbin/chown ${1} /ifs/home/ftp/${1}exit 0
由于 /ifs 指定了 noexec 选项,所以放在 /ifs 目录下的脚本都不能直接运行。
用户的模板配置OneFS on /ifs (efs, local, noatime, noexec)
/ifs/data/ftp-role/higkoo示例:guest_enable=YESguest_username=ftpvirtual_use_local_privs=YESuser_sub_token=$USERchroot_local_user=YESlocal_root=/ifs/home/ftp/$USERanon_world_readable_only=NOwrite_enable=YESanon_upload_enable=NO
这样就实现了一个公有ftp服务啦,只要有ldap帐号就有自己的目录。再实现web+ldap+webdav访问特定目录,就爽歪歪了。
