The specific steps of setting up vsftpd virtual user in CentOS 5.3 system

Time:2021-6-11

There are three ways to log in to FTP: anonymous login, local user login and virtual user login.

Anonymous login:When logging in to FTP, use the default user name, usually FTP or anonymous.

Local user login:Log in with the system user in / etc / passwd.

Virtual user login:This is a proprietary FTP user, there are two ways to achieve virtual users, local data files and database server.

FTP virtual user is the exclusive user of FTP server. When using virtual user to log in FTP, it can only access the resources provided by FTP server, which greatly enhances the security of the system.

The Linux system of this paper is CentOS 5.3

yum -y install vsftpd

1、 Establish vsftpd virtual user:

1. Add virtual user password file to install vsftpd

[[email protected] ~]#vi /etc/vsftpd/vftpuser.txt

Add virtual user name and password, one line of user name, one line of password, and so on. Odd behavior user name, even behavior password.

FTP 1 # user name

123456 # password

Ftp2 user name

123456 # password

2. Generate virtual user password authentication file

The newly added vftpuser.txt virtual user password file is converted into the password authentication file recognized by the system.

First, check whether the system has installed the software DB4 utils needed to generate the password authentication file.

Use dB below_ The load command generates the virtual user password authentication file.

[[email protected] ~]# db_load -T -t hash -f /home/vuser.txt /etc/vsftpd_login.db

-bash: db_load: command not found

###############################

Does DB appear_ Because some DB4 packages are not installed, the following packages need to be installed:

db4-*.rpm

db4-tcl-*.rpm

db4-utils-*.rpm

Or directly: Yum – y install DB4 DB4 TCL DB4 utils

db_ The load command is mainly used to generate DB database

Format:

db_load -T -t hash -f passwd.txt /etc/vsftpd/user_passwd.db

Generate a hash database file for FTP virtual user.

##########################

[[email protected] ~]#db_load -T -t hash -f /etc/vsftpd/vftpuser.txt   /etc/vsftpd/vftpuser.db

3. Edit PAM authentication file of vsftpd

In the / etc / PAM. D directory,

[[email protected] ~]#vi /etc/pam.d/vsftpd

Comment out the rest and add the following two lines:

auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vftpuser

account required /lib/security/pam_userdb.so db=/etc/vsftpd/vftpuser

4. Establish local mapping user and set host directory permission

All FTP virtual users need to use a system user, which does not need a password.

[[email protected] ~]#useradd -d /home/vftpsite -s /sbin/nologin vftpuser

[ [email protected] ~]#Chmod 755 / home / vftpsite / / 700 is set on the Internet. After 700 is set, FTP users have no upload permission

5. Configure vsftpd.conf (set virtual user configuration item)

[[email protected] ~]#vi /etc/vsftpd/vsftpd.conf

guest_ Enable = yes # enable virtual user

guest_ User name = vftpuser # system user corresponding to FTP virtual user [useradd – D / home / vftpsite – S]

/sbin/nologin vftpuser]

pam_ service_ Name = vsftpd # PAM authentication file

6. Restart vsftpd service

[[email protected] ~]#service vsftpd restart

7. Test virtual user login FTP

C:\Documents and Settings\Administrator>ftp 192.168.2.12

Connected to 192.168.2.12.

220 (vsFTPd 2.0.5)

User (192.168.2.12:(none)): ftp1

331 Please specify the password.

Password:

500 OOPS: cannot change directory:/home/vftpsiteConnection closed by remote host

. / / when configuring vsftpd, 500 oops: cannot change directory / home / vftpsite appears when connecting vsftpd

The vftpsite is the local user name used for login.

terms of settlement:

[[email protected] ~]# setsebool -P ftp_home_dir on

It is also said on the Internet to input commands at the terminal:

setsebool -P ftpd_disable_trans 1

service vsftpd restart

It’s OK!

Test:

C:\Documents and Settings\Administrator>ftp 192.168.2.12

Connected to 192.168.2.12.

220 (vsFTPd 2.0.5)

User (192.168.2.12:(none)): ftp1

331 Please specify the password.

Password:

230 Login successful.

2、 Virtual user advanced settings:

1、virtual_ use_ local_ PRIVS parameter

When virtual_ use_ local_ When PRIVS = yes, the virtual user and the local user have the same permissions;

When virtual_ use_ local_ When PRIVS = no, the virtual user and the anonymous user have the same permissions, and the default is No.

When virtual_ use_ local_ privs=YES,write_ When enable = yes, the virtual user has write permission (upload, download, delete)

, rename).

When virtual_ use_ local_ privs=NO,write_ enable=YES,anon_ world_ readable_ only=YES,

anon_ upload_ When enable = yes, the virtual user can not browse the directory, but can only upload files without other permissions.

When virtual_ use_ local_ privs=NO,write_ enable=YES,anon_ world_ readable_ only=NO,

anon_ upload_ When enable = no, the virtual user can only download files without other permissions.

When virtual_ use_ local_ privs=NO,write_ enable=YES,anon_ world_ readable_ only=NO,

anon_ upload_ When enable = yes, the virtual user can only upload and download files without other permissions.

When virtual_ use_ local_ privs=NO,write_ enable=YES,anon_ world_ readable_ only=NO,

anon_ mkdir_ write_ When enable = yes, the virtual user can only download files and create folders without other permissions.

When virtual_ use_ local_ privs=NO,write_ enable=YES,anon_ world_ readable_ only=NO,

anon_ other_ write_ When enable = yes, the virtual user can only download, delete and rename files without other permissions.

2. Establish the configuration file of each virtual user

[[email protected] ~]#vi /etc/vsftpd/vsftpd.conf

add to:

user_config_dir=/etc/vsftpd/vsftpd_user_conf

[[email protected] ~]#mkdir /etc/vsftpd/vsftpd_user_conf

Edit the configuration file of FTP 1

[[email protected] ~]#vi /etc/vsftpd/vsftpd_user_conf/ftp1

add to:

anon_ world_ readable_ Only = no # open the download permission of FTP 1 (download only). Note that this place must not be written as yes

Otherwise, FTP 1 will not be able to list files and directories.

Edit the configuration file of ftp2

[[email protected] ~]#vi /etc/vsftpd/vsftpd_user_conf/ftp2

add to:

write_ Enable = yes # open the write permission of ftp2

anon_ world_ readable_ Only = no # open the download permission of ftp2

anon_ upload_ Enable = yes # open the upload permission of ftp2

anon_ mkdir_ write_ Enable = yes # open the permission of ftp2 to create directory

anon_ other_ write_ Enable = yes # open the permission of deleting and renaming ftp2

3. All virtual users use general configuration

[[email protected] ~]#vi /etc/vsftpd/vsftpd.conf

write_enable=YES

anonymous_enable=NO

local_enable=YES

guest_enable=YES

guest_username=vftpuser

virtual_use_local_privs=NO

pam_service_name=vsftpd

anon_ world_ readable_ Only = no # can be downloaded

anon_ upload_ Enable = no (default) ා cannot upload

anon_ mkdir_ write_ Enable = no (default) # cannot create a new folder

anon_ other_ write_ Enable = no (default) # cannot delete or rename files

ftpd_banner=Welcome to yoozhu FTP server

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=YES

ascii_upload_enable=YES

ascii_download_enable=YES

tcp_wrappers=NO

setproctitle_enable=YES

listen_port=21

connect_from_port_20=YES

idle_session_timeout=600

data_connection_timeout=120

max_clients=0

max_per_ip=3

local_max_rate=512000

4. Each virtual user uses its own configuration

[[email protected] ~]#vi /etc/vsftpd/vsftpd.conf

write_enable=YES

anonymous_enable=NO

local_enable=YES

guest_enable=YES

guest_username=vftpuser

virtual_use_local_privs=NO

pam_service_name=vsftpd

user_ config_ dir=/etc/vsftpd/vsftpd_ user_ Conf # set the storage directory of user profile

ftpd_banner=Welcome to yoozhu FTP server

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=YES

ascii_upload_enable=YES

ascii_download_enable=YES

tcp_wrappers=NO

setproctitle_enable=YES

listen_port=21

connect_from_port_20=YES

idle_session_timeout=600

data_connection_timeout=120

max_clients=0

max_per_ip=3

local_max_rate=512000

[[email protected] ~]#mkdir /etc/vsftpd/vsftpd_user_conf

Edit the configuration file of FTP 1

[[email protected] ~]#vi /etc/vsftpd/vsftpd_user_conf/ftp1

anon_world_readable_only=NO

Edit the configuration file of ftp2

[[email protected] /]#vi /etc/vsftpd/vsftpd_user_conf/ftp2

anon_world_readable_only=NO

anon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

The above is the specific steps of setting up vsftpd virtual user in CentOS 5.3 system. Thank you for reading. I hope it can help you. Please continue to pay attention to developer. We will try our best to share more excellent articles.