Method of setting up FTP server vsftpd under CentOS system

Time:2020-11-12

Vsftpd is one of the most popular FTP server programs in Linux distribution. It is small and light, safe and easy to use.
In the open source operating system, the commonly used ftpd suite mainly includes proftpd, pureftpd and wuftpd, while vsftpd supports many features that other FTP servers do not support. For example: very high security requirements, bandwidth constraints, good scalability, can create virtual users, support IPv6, high speed.

Characteristics of vsftpd
① Vsftpd starts the service as a general identity, so it has lower permission to use Linux system, and the harm to Linux system is relatively reduced. In addition, vsftpd also uses chroot() function to change the root directory, so that the system tools will not be misused by vsftpd;
② Any vsftpd instruction that requires higher execution authority is controlled by a special parent process. The function of the higher execution authority enjoyed by the upper program has been quite low, and the system of Linux itself shall not be affected;
③ All requests from clients that want to use the vsftpd instruction with higher execution authority provided by this upper level program are treated as “untrustworthy requirements”, and the functions of the upper level program can only be used after a certain degree of identity confirmation. For example, chown (), login’s request and so on;
④ In addition, the function of chroot() is still used to limit the user’s Execution Authority in the upper program mentioned above.

Installation procedure
Compile and install

Copy code

The code is as follows:

# mkdir -p /usr/local/man/man8
# mkdir -p /usr/local/man/man5
# yum -y install tcp_wrappers*
# yum -y install pam*
# yum -y install db4*
# yum -y install libcap*
# wget -c http://down1.chinaunix.net/distfiles/vsftpd-2.3.4.tar.gz
# tar -xvzf vsftpd-2.3.4.tar.gz
# cd vsftpd-2.3.4

Authentication types supported

Copy code

The code is as follows:

# vim builddefs.h
#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL
# make
# make install
# mkdir /etc/vsftpd
# cp vsftpd.conf /etc/vsftpd

Start script

Copy code

The code is as follows:

# vim /etc/init.d/vsftpd
# chmod +x /etc/init.d/vsftpd
# chkconfig –level 235 vsftpd on

Log directory

Copy code

The code is as follows:

# mkdir -p /data3/ftp_logs
# vi /etc/vsftpd/vsftpd.conf
# touch /data3/ftp_logs/vsftpd.log
# touch /etc/vsftpd/chroot_list
# touch /etc/vsftpd.user_list
# mkdir /etc/vsftpd/vconf

Create user list [the first line is user name, the second line is password]

Copy code

The code is as follows:

# vi /etc/vsftpd/virtusers
blaze
123456789

Create user database file

Copy code

The code is as follows:

# db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db
# chmod 600 /etc/vsftpd/virtusers.db

Create PAM certification file

Copy code

The code is as follows:

# vim /etc/pam.d/vsftpd

[Note: in x64 environment, the path is different]

Create profile for blaze users

Copy code

The code is as follows:

# vim /etc/vsftpd/vconf/blaze
local_root=/data1/www
anonymous_enable=NO
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
max_per_ip=5
local_max_rate=50000

Firewall settings

Copy code

The code is as follows:

# iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
# iptables -I INPUT -p tcp –dport 21 -j ACCEPT
# iptables -I OUTPUT -p tcp –dport 21 -j ACCEPT
# modprobe ip_conntrack_ftp
# modprobe ip_nat_ftp</p>
<p># vi /etc/sysconfig/iptables
-A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-I INPUT -p tcp –dport 21 -j ACCEPT
-I OUTPUT -p tcp –dport 21 -j ACCEPT</p>
<p># vi /etc/sysconfig/iptables-config
IPTABLES_MODULES=”ip_conntrack_ftp”
IPTABLES_MODULES=”ip_nat_ftp”