In the VSFTPD server, the main advantage of using virtual users is that they can distinguish between the logged in account and the system login account, the username and password are different, which further enhances the security of the FTP server.
1, the establishment of virtual user account database
The VSFTPD service uses database files in Berkeley DB format to store virtual user accounts. Creating such a database file requires the use of the Db_load tool, which is provided by the Db4-utils soft armor package, and the Db4-utils package needs to be installed from the server in the System CD first. \ db_load Install the Db4-utils package as follows.
[Root@localhost/] #rpm-ivh/media/server/db4-utils-4.3.29-10.el5.i386.rpm
2, create the text format of the user name, password list
First you need to create a text format username/password list file, odd behavior user name, even the number of users on the line of the password.
[Root@localhost/] #vim/etc/vsftpd/vusers.list
Zhangsan
123
Lisi
123
3. Create database files in Berkeley DB format
After you have a text-formatted username/password list file, use this file as the data source to create a database file in Berkeley DB format from the Db_load tool.
[Root@localhost/] #cd/etc/vsftpd
[Root@localhost vsftpd] #db_load-T-t hash-f vusers.list vusers.db
In the Db_load command, the "-t" option allows applications that are not Berkeley DB to use DB database files converted from text format, the "-t hash" option specifies the basic method of reading data files, and the "-F" option specifies the source file for the data. For a detailed description of the Db_load command, refer to the/usr/share/doc/db4-utils-4.3.29/ustils/db_load.html file.
In order to improve the security of virtual user accounts, the file permissions should be set to 600, so as not to leak data.
[Root@localhost/] #chmod 600/etc/vsftpd/vusers.*
4, add the virtual user's mapping account, create the FTP root directory
VSFTPD server to the virtual user is controlled by the mapping control mode, all the virtual users to the same system users, the system user's host directory as all virtual users logged in after the common FTP root directory, So you also need to add a corresponding system user account (this account does not need to set password and login shell)
[Root@localhost/] #useradd-D/var/ftproot-s/sbin/nologin VUser
[Root@localhost/] #chmod 755/var/ftproot--adjust permissions to allow browsing of directories
5, for the virtual user to establish a PAM certification file
In the VSFTPD server, user authentication is achieved through the PAM mechanism, which includes flexible selection of authentication methods. The VSFTPD service default Pam Authentication file is located in/etc/pam.d/vsftpd, which is suitable for authentication with the Linux host's system user account. To read a virtual user's account data file, you need to create a new Pam authentication configuration.
[Root@localhost/] #vim/etc/pam.d/vsftpd.vu
Auth Required pam_userdb.so Db=/etc/vsftpd/vusers
Auth Required pam_userdb.so Db=/etc/vsftpd/vusers
In the above Pam configuration, the "db=/etc/vaftpd/vusers" parameter specifies the location of the virtual user database file to use (omitting the extension of. db), that is, the corresponding/etc/vsfpd/vusers.db file.
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/Ftp/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
