CentOS 6.3 installation and configuration vsftpd and Multi-User Login

CentOS 6.3 installation and configuration vsftpd and Multi-User Login
1. Install vsftpd [root @ localhost ~] Through yum # Yum-yinstallvsftpd and-y are added because the system prompts that you directly Press Y by default. The vsftpd version installed in yum is 2.2.2. [Root @ localhost ~] # Servicevsftpdstatus // check the status, which is disabled by default [root @ localhost ~] # Servicevsftpdstart // enable the vsftpd service 2. Set it to start [root @ localhost ~] # Chkconfigvsftpdon [root @ localhost ~] # Netstat-tl // check whether the ftp port is listening!3. Configure and modify the configuration in/etc/vsftpd. conf; [root @ localhost ~] # Vim/etc/vsftpd. conf use vim to make code coloring easier. It is clearer than vi. Set it as needed. See the following vsftpd. conf configuration instructions. 4. Set the vsftp account. If you add an account, you can use this account to log on to the server and use nologin to prohibit FTP accounts from logging on to the server. Run the following command: [root @ localhost ~] # Useradd-d/usr/local/apache/htdocs-s/sbin/nologin: add the user name to the root directory of the ftp account. For example, the following code creates an ftp account ftpuser under the root directory htdocs of the website. [Root @ localhost ~] # Useradd-d/usr/local/apache/htdocs-s/sbin/nologinftpuser the account has been set up, but no password has been added to the Account. Use passwd to set a password for the account. [Root @ localhost ~] # PasswdftpuserNewpassword: // enter the password Retypenewpassword: // enter the password again to access vsftpd through the account password. Vsftpd. conf: (the following section is excerpted from the network .) 1) connection to the anonymous server Anonymous_enable = yes (anonymous login allowed) Dirmessage_enable = yes (the directory is displayed when the directory is switched. message content) Local_umask = 022 (local file permission on FTP, default: 077) Connect_form_port_20 = yes (enable data connection on FTP data port) * Xferlog_enable = yes (logs uploaded and downloaded are activated) Xferlog_std_format = yes (using the standard log format) Ftpd_banner = XXXXX (welcome information) Pam_service_name = vsftpd (Verification Method) * Listen = yes (independent VSFTPD server) * function: You can only connect to the FTP server, but cannot upload or download the server. Note: All links related to log welcome information are optional, all accounts with asterisks need to be added, which is the basic option for FTP 2) Enable the upload permission for anonymous FTP servers (just look at it, generally do not enable Anonymous Upload permission) Anon_upload_enable = yes (Open upload permission) Anon_mkdir_write_enable = yes (you can upload files in this directory when creating a directory) Write_enable = yes (Open write permission for Local Users) anon_other_write_enable = yes (the anonymous account can have the permission to delete) 3) Enable the anonymous Server Download permission and add the following information to the configuration file: Anon_world_readable_only = no note: Pay attention to the folder attributes, an anonymous account is another (other) user who wants to enable its read and write permissions (R) read, download (W) write, and upload (X) for execution. If you do not open the FTP directory, you cannot enter 4) connect to the FTP server of a common user Local_enble = yes (the local account can log on) Write_enable = no (the local account has no permission to delete or modify files after login) function: You can use a local account to log on to the vsftpd server and have the permission to download and upload. Note: The anonymous server can log on but cannot upload or download the information after the anonymous login is disabled. 5) user Login is restricted to other directories. You can only enter its main directory and set all local users to execute chrootChroot_local_user = yes (all local accounts can only be in their own directories) set the specified user to execute chrootChroot_list_enable = yes (the list in the file can be called) Chroot_list_file =/any specified path/vsftpd. chroot_list Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, you can directly add an account to the file. 6) restrict local users to access FTPUserlist_enable = yes (use userlist to restrict user access) userlist_deny = no (users in the list are not allowed to access) Userlist_file =/Specify the file storage path/(File placement path) Note: Enable userlist_enable = yes anonymous account cannot log on to 7) security Option Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle) Data_connection_timeout = 120 (seconds) (2 minutes after the data connection is idle) Accept_timeout = 60 (seconds) (disconnect the client from idle for 1 minute) Connect_timeout = 60 (seconds) (disconnect again after 1 minute) Local_max_rate = 50000 (bite) (Local User transfer rate: 50 K) anon_max_rate = 30000 (bite) (anonymous user transfer rate 30 K) Pasv_min_port = 50000 (change the client data connection port to Pasv_max_port = 6000050000-60000) Max_clients = 200 (maximum number of FTP connections) max_per_ip = 4 (maximum number of connections per IP) Listen_port = 5555 (data connection from port 5555) 8) Check who logged on to FTP, and kill its process ps-xf | grepftpkill process no. CentOSvsftpd multi-user configuration 1. Install vsftp. This article uses yum to install:Yuminstallvsftpd2. Run after installation:# ServicevsftpdrestartShuttingdownvsftpd: [OK] Startingvsftpdforvsftpd: [OK]
3. New system users:# Useradd-d/home/www.haojifang.cn-s/sbin/logs.5. Modify vsftpd. conf to prohibit Anonymous Account Login and allow user-created account login:Vi/etc/vsftpd. dependencies = NOlocal_enable = YESwrite_enable = YESlocal_umask = keys = YESchroot_list_file =/etc/vsftpd/chroot_listlisten = YESpam_service_name = keys = YES4. Modify/etc/vsftpd/chroot_list and add a haojifang.cn Account to allow this account to log on to the FTP server.
5. In linuxShell command mode# Setseboolftpd_disable_trans1 // Disable Selinux protection for ftp services; # vi/etc/selinux/configSELINUX = disabled // set it to Disable # SELINUXTYPE = typeofpolicyinuse. possiblevaluesare: # targeted-Onlytargetednetworkdaemonsareprotected. # strict-FullSELinuxprotection.SELINUXTYPE = targetedRestart service# ServicevsftpdrestartShuttingdownvsftpd: [OK] Startingvsftpdforvsftpd: [OK]