Install vsftpd and configure virtual users under CentOS 6.4

Time:2021-8-28

1: Install vsftpd

Check to see if vsftpd is installed

Copy code

The code is as follows:

rpm -qa | grep vsftpd

If not, install and set boot

Copy code

The code is as follows:

yum -y install vsftpd
chkconfig vsftpd on

2: Virtual user based configuration
The so-called virtual user doesn’t use the real account, just by mapping to the real account and setting permissions. Virtual users cannot log in to the CentOS system.

Modify profile
Open / etc / vsftpd / vsftpd.conf and configure as follows

Copy code

The code is as follows:

anonymous_ Enable = no / / set that anonymous access is not allowed
local_ Enable = yes / / set that local users can access. Note: if a virtual host user is used, all virtual users will not be able to access when the item is set to No
chroot_ list_ Enable = yes / / the user cannot leave the home directory
ascii_upload_enable=YES
ascii_ download_ Enable = yes / / set the upload and download functions in ASCII mode
pam_ service_ Name = vsftpd / / PAM authentication file name. PAM will authenticate according to / etc / pam.d/vsftpd

The following are important configuration items about vsftpd virtual user support. These settings are not included in the default vsftpd.conf and need to be added manually

Copy code

The code is as follows:

guest_ Enable = yes / / set and enable the virtual user function
guest_ Username = FTP / / specify the hosting user of the virtual user. There is already a built-in FTP user in CentOS
user_ config_ dir=/etc/vsftpd/vuser_ Conf / / set the CentOS FTP service file storage path of the virtual user’s personal vsftp. CentOS FTP service file for storing virtual user’s personality (configuration file name = virtual user name)

Conduct certification
First, install the Berkeley DB tool. Many people can’t find dB_ The problem with load is that the package is not installed.

Copy code

The code is as follows:

yum install db4 db4-utils

Then, create the user password text / etc / vsftpd / Vuser_ Passwd.txt. Note that odd lines are user names and even lines are passwords

Copy code

The code is as follows:

test
123456

Next, a DB file for virtual user authentication is generated

Copy code

The code is as follows:

db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db

Then, edit the authentication file / etc / pam.d/vsftpd, comment out all the original statements, and add the following two sentences:

Copy code

The code is as follows:

auth required pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required pam_userdb.so db=/etc/vsftpd/vuser_passwd

Finally, create a virtual user profile

Copy code

The code is as follows:

mkdir /etc/vsftpd/vuser_conf/
vi /etc/vsftpd/vuser_ Conf / test / / the file name is equal to Vuser_ The account name in passwd.txt, otherwise the following settings are invalid

The contents are as follows

Copy code

The code is as follows:

local_ Root = / ftp / www / / the root directory of the virtual user, which can be modified according to the actual situation
write_ Enable = yes / / writable
anon_ Umask = 022 / / mask
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Set SELinux

Copy code

The code is as follows:

setsebool -P ftp_ home_ Dir = 1 / / set FTP to use the home directory
sersebool -P allow_ ftpd_ full_ Access = 1 / / set FTP. Users can have all permissions

Set FTP root permissions

Copy code

The code is as follows:

MKDIR / ftp / www / / create directory
chmod R 755 /ftp
chmod R 777 /ftp/www

The latest vsftpd requires that you cannot have write permission to the home directory, so FTP is 755, and 777 permission is set to the subdirectory under the home directory

Set up firewall
Open / etc / sysconfig / iptables
Under “- a input – M state — state new – m TCP – P – dport 22 – J accept”, add:

Copy code

The code is as follows:

-A INPUT m state –state NEW m tcp p dport 21 j ACCEPT

Then save and close the file, run the following command in the terminal to refresh the firewall configuration:

Copy code

The code is as follows:

service iptables restart

OK, run “service vsftpd start” and you can access your FTP server.

Configure PASV mode
Vsftpd does not enable PASV mode by default. Now FTP can only be connected through port mode. To enable PASV by default, you need to use the following configuration
Open / etc / vsftpd / vsftpd.conf and add

Copy code

The code is as follows:

pasv_ Enable = yes / / enable PASV mode
pasv_ min_ Port = 40000 / / minimum port number
pasv_ max_ Port = 40080 / / maximum port number
pasv_promiscuous=YES

Open 40000 to 40080 ports in the firewall configuration

Copy code

The code is as follows:

-A INPUT m state –state NEW m tcp p dport 40000:40080 j ACCEPT

Restart iptabls and vsftpd

Copy code

The code is as follows:

service iptables restart
service vsftpd restart

Now you can connect to your FTP server using PASV mode~