CentOS 6.2 steps to quickly configure vsftpd virtual users

Time:2021-9-26

For example: very high security requirements, bandwidth constraints, good scalability, virtual user creation, IPv6 support, high speed.
I’ve done vsftpd before, so I won’t introduce it anymore!
Installation:

Copy code

The code is as follows:

[ [email protected] ~]#Mount / dev / CDROM / media # mount the image, omitting the configuration of the yum source
[ [email protected] ~]#Yum install vsftpd #yum install vsftpd
[ [email protected] ~]#MV / etc / vsftpd / vsftpd.conf < a > / etc / vsftpd / @ vsftpd. Conf.bak < / a > # back up the original configuration file for future reference and use
[ [email protected] ~]#VI / etc / vsftpd / vsftpd.conf # create vsftpd.conf

The contents are as follows:

Copy code

The code is as follows:

listen=YES
background=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=NO
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to Nanu FTP server
pam_service_name=vsftpd
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
guest_enable=YES
guest_username=linuxde
nopriv_user=linuxde
user_config_dir=/etc/vsftpd/user_config
max_clients=100
max_per_ip=20

Create chroot virtual user mapping file

Copy code

The code is as follows:

[[email protected] ~]# cat /etc/vsftpd/vsftpd.chroot_list
Linuxde # this file is created manually, and each line represents the name of a user who wants to map a virtual user to a local account to create a user account file

Copy code

The code is as follows:

[[email protected] ~]# cat /etc/vsftpd/passwd.file
Chenchen # this file does not exist by default. It is used to store user accounts and plaintext passwords. The format is two lines for each account. The first line is the user name, the second line is the password, and so on!
123

Passwords can be created using the strong password generation tool provided with CentOS

Copy code

The code is as follows:

[ [email protected] ~]#Mkpasswd parameter user name

• – L defines the length of the generated password. The default is 9
• – D defines the number of numbers contained in the password, which is 2 by default
• – C defines the number of lowercase letters, which is 2 by default
• – C definition contains the number of uppercase letters, which is 2 by default
• – s defines the number of special characters, which is 1 by default
• – P specify another program to generate passwords. The default is / etc / yppasswd
  Mkpasswd belongs to expect RPM package. If it is not available in the system, you can install it through Yum or up2date!

Copy code

The code is as follows:

[[email protected] ~]# yum install expect

Create user account compilation script

Vsfptd uses the DBD database for account verification, so the user account file passwd.file needs to be compiled into DBD format.

Copy code

The code is as follows:

[ [email protected] ~]# vi /etc/vsftpd/db_ Load.sh # creates a script, or you can use the command directly without creating it!
[[email protected] ~]# cat /etc/vsftpd/db_load.sh</p>
<p>#!/bin/bash
# DBD convert for vsftpd passwd.file
db_ load -T -t hash -f /etc/vsftpd/passwd.file /etc/vsftpd/ftpuser_ passwd.db</p>
[[email protected] ~]# sh /etc/vsftpd/db_load.sh
[[email protected] ~]# ll /etc/vsftpd/ftpuser_passwd.db
-Rw-r — R –. 1 root 12288 December 6 09:33 / etc / vsftpd / ftpuser_ passwd.db

create user profile

After establishing the account, you need to create a configuration file for each user to record the FTP directory location, user permissions and other information

Copy code

The code is as follows:

[[email protected] ~]# mkdir /etc/vsftpd/user_config

The configuration file takes the FTP user name as the file name, and each FTP user has a file, such as Chenchen

Copy code

The code is as follows:

[[email protected] ~]# vi /etc/vsftpd/user_config/chenchen

The contents are as follows:

Copy code

The code is as follows:

[[email protected] ~]# cat /etc/vsftpd/user_config/chenchen
local_ Root = / vsftptest / www.linuxde.net / # the directory corresponding to this path must exist
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Note: the system account to which the FTP user is mapped must have corresponding read / write permissions to the FTP user’s home directory. Still take the Chenchen user as an example. In this article, the Chenchen virtual user is mapped to the linuxde system account, so the linuxde system account must have read / write permission to the FTP home directory of Chenchen / vsftptest / www.linuxde. Net /

Copy code

The code is as follows:

[[email protected] ~]# chown -R linuxde:linuxde /vsftptest/www.linuxde.net/

Modify PAM authentication module

Back up vsftpd the original PAM authentication module configuration file:

Copy code

The code is as follows:

[ [email protected] ~]#MV / etc / PAM. D / vsftpd < a > / etc / PAM. D / @ vsftpd. Bak < / a > # if you want to use the original configuration, the following configuration parameters must be in the front row!

Write the new PAM authentication module configuration:

Copy code

The code is as follows:

[ [email protected] ~]#Cat / etc / pam.d/vsftpd # the suffix here does not need to be. DB
auth required pam_userdb.so db=/etc/vsftpd/ftpuser_passwd
account required pam_userdb.so db=/etc/vsftpd/ftpuser_passwd

Start vsftpd

Copy code

The code is as follows:

[[email protected] ~]# service vsftpd start

The process of adding other corresponding virtual users will be skipped. If you understand it, you will naturally understand how to do it!

This completes the configuration. If you appearvsftpd 500 OOPS: cannot change directory, SELinux is not closed!

Original address: http://www.linuxde.net/2013/02/12272.html

Recommended Today

Supervisor

Supervisor [note] Supervisor – H view supervisor command help Supervisorctl – H view supervisorctl command help Supervisorctl help view the action command of supervisorctl Supervisorctl help any action to view the use of this action 1. Introduction Supervisor is a process control system. Generally speaking, it can monitor your process. If the process exits abnormally, […]