分享一个用于管理Vsftp的虚拟用户的脚本[原创实践]


由于公司的一台服务器上使用FTP的用户越来越多,为了方便管理和安全考虑,我们将这些用户账号从之前的操作系统用户迁移到了虚拟用户。
但也因此无法像以前对系统用户那样很方便的对虚拟用户进行添加,删除,禁用以及修改密码等操作了,为了解决这个问题,我自己编写了一个Shell脚本,用它可以实现对虚拟用户的的创建,删除,禁用,激活以及修改密码的操作,用起来感觉不错,再次特分享给大家。

首先,关于Vsftp的虚拟用户方式的安装与配置,可以参考:http://heylinux.com/archives/726.html

在以虚拟用户方式配置好Vsftp以后,就可以通过以下方式使用脚本了:
创建用户:./user.vsftpd.sh create jack
删除用户:./user.vsftpd.sh delete jack
禁用用户:./user.vsftpd.sh disable jack
激活用户:./user.vsftpd.sh enable jack
修改密码:./user.vsftpd.sh passwd jack

创建脚本,输入以下内容:
# vim user.vsftpd.sh
# chmod +x user.vsftpd.sh

#!/bin/bash
#The script can create,deactivate,activate and delete virtual users of vsftpd.
#Author: Dong Guo
#Date: December 12 2011

USERFILE=/etc/vsftpd/virtusers
USERDB=/etc/vsftpd/virtusers.db
CONFBASE=/etc/vsftpd/vconf
TMPCONF=/etc/vsftpd/vconf/vconf.tmp
FTPBASE=/ftphome
FTPHOST=ftphost
USERNAME=$2

if [ $# != 2 ];then
        echo "Usage: $0 {create|disable|enable|passwd|delete} {username}" >&2
        exit 1
fi

function check_username_exist() {
                #Check if virtual user already exist
                USERCOUNT=$(sed -n 'p;n' $USERFILE | grep -w $USERNAME | wc -l)
                if [ $USERCOUNT -ne 0 ];then
                echo "User $USERNAME ALREADY exist!" && exit
                fi
}

check_username_notexist() {
                #Check if virtual user not exist
                USERCOUNT=$(sed -n 'p;n' $USERFILE | grep -w $USERNAME | wc -l)
                if [ $USERCOUNT -eq 0 ];then
                echo "User $USERNAME NOT exist!" && exit
                fi
}

get_password() {
                #Get the password
                echo -n "Input password: "
                read password
                #Check if password is empty
                if [ -z "$password" ];then
                echo "Empty password!!" && exit
                fi
}

update_userdb() {
                #Delete the virtual user db
                rm -f $USERDB
                #Generate the virtual user db
                db42_load -T -t hash -f $USERFILE $USERDB
}

case "$1" in
        'create' )
                check_username_exist
                get_password
                #Write the username and password to $USERFILE
                echo $USERNAME >> $USERFILE
                echo $password >> $USERFILE
                update_userdb
                #Create the configure file of virtual user
                cp $TMPCONF $CONFBASE/$USERNAME
                #Replace the home directory name of virtual user
                sed -i "s/virtuser/$USERNAME/g" $CONFBASE/$USERNAME
                #Create the home directory of virtual user
                mkdir $FTPBASE/$USERNAME
                #Change the owner of home directory to OS user $FTPHOST
                chown -R $FTPHOST:$FTPHOST $FTPBASE/$USERNAME
                ;;

        'disable' )
                check_username_notexist
                #Change the owner of home directory from $FTPHOST to root
                chown root:root $FTPBASE/$USERNAME
                #Change the permissions of home directory to read-only for root
                chmod 700 $FTPBASE/$USERNAME
                ;;

        'enable' )
                check_username_notexist
                #Change the owner of home directory from root to $FTPHOST to root
                chown $FTPHOST:$FTPHOST $FTPBASE/$USERNAME
                #Change the permissions of home directory to 775 for $FTPHOST
                chmod 775 $FTPBASE/$USERNAME
                ;;

        'delete' )
                check_username_notexist
                #Get the row numbers of username and password of virtual user
                ROWNUMBER=$(cat -n $USERFILE | sed -n 'p;n' | grep -w $USERNAME | awk '{print $1}' | head -n 1)
                #Delete the username and password of virtual user from $USERFILE
                sed -i "${ROWNUMBER}d" $USERFILE
                sed -i "${ROWNUMBER}d" $USERFILE
                update_userdb
                #Delete the configure file of virtual user
                rm -f $CONFBASE/$USERNAME
                #Rename the home directory name of virtual user
                mv $FTPBASE/$USERNAME $FTPBASE/$USERNAME.deleted
                ;;

        'passwd' )
                check_username_notexist
                get_password
                #Get the row numbers of username and password of virtual user
                ROWNUMBER=$(cat -n $USERFILE | sed -n 'p;n' | grep -w $USERNAME | awk '{print $1}' | head -n 1)
                PASSWORDNUMBER=$(expr $ROWNUMBER + 1)
                sed -i "${PASSWORDNUMBER}d" $USERFILE
                sed -i "${ROWNUMBER}a $password" $USERFILE
                update_userdb
                ;;
        *)
                echo "Usage: $0 {create|disable|enable|passwd|delete} {username}" >&2
                exit 1
                ;;
esac

,

  1. #1 by 金鳞 on 2013/11/01 - 10:45

    这个禁用和激活的功能好像不能正常使用,总是提示:
    User test ALREADY exist!

    • #2 by mcsrainbow on 2013/11/01 - 18:22

      不好意思,我的笔误,disable处应该检测的是check_username_notexist。

(will not be published)
*