In CentOS6.3, vsftpd shares virtual user files through pam Authentication.

In CentOS6.3, vsftpd shares virtual user files through pam Authentication.

The full name of FTP is File Transfer Protocol (File Transfer Protocol), which is specially used to Transfer files. it works on the Seventh Layer of the OSI model, that is, the application layer, using TCP transmission instead of UDP. in this way, the FTP client and the server need to go through a "three-way handshake" process before establishing a connection. another important feature of the FTP service is that it can be independent from the platform.

There are many FTP services in LINUX, including vsftpd, Wu-ftpd, and Proftp. In Red Hat Enterprise Linux, vsftpd is installed by default.

Generally, access to the FTP server requires verification. Only after verification is performed on the FTP server can users access and transmit files. vsftpd provides three ftp logon modes:

(1) anonymous (anonymous account)

Anonymous is a widely used FTP server. if you do not have an account on the FTP server, you can use anonymous as the username and your email address as the password to log on. after an anonymous user logs on to the FTP server, the logon directory is/var/FTP. to reduce the load on the FTP server, the upload function of an anonymous account should be disabled.

(2) real (real account)

Real, also known as a local account, is used to log on with a real user name and password, provided that the user has his/her own account on the FTP server. after you log on with a real account, the user's directory is used to log on. This directory is automatically created when the system creates an account.

(3) guest (virtual account)

If you have an account on the FTP server, but this account can only be used for file transfer services, this account is guest, and guest is a form of real accounts. The difference between them is that, after logging on to the FTP server, geust cannot access contents other than the home directory.

The following describes in detail.

Next we will start to implement the vsftpd virtual user function:

1. Install the vsftpd program in yum:

[root@master~]#yuminstallvsftpd-y

2. modify the configuration file

Backup and modify the configuration file

[root@master~]#cd/etc/vsftpd[root@mastervsftpd]#lltotal28-rw-------.1rootroot125Oct1807:54ftpusers-rw-------.1rootroot361Oct1807:54user_list-rw-------.1rootroot4599Oct1807:54vsftpd.conf-rw-------.1rootroot4599Jan610:53vsftpd.conf.bak-rwxr--r--.1rootroot338Oct1807:54vsftpd_conf_migrate.sh[root@mastervsftpd]#cpvsftpd.conf{,.bak}[root@mastervsftpd]#catvsftpd.conf|grep"^[^#]"anonymous_enable=NO//Whether or not to allow anonymous to log on to the FTP server is allowed by default.local_enable=YES//Allow local users to log on to the FTP server. Default Value: Allowwrite_enable=YES//Whether to allow users to execute write operations in FTP server files. By defaultanon_umask=022//Sets the virtual user's file generation mask to 022, and the default value is 077.dirmessage_enable=YES//Activate the directory information. When a remote user changes the directory, a prompt is displayed.xferlog_enable=YES//Enable log upload and downloadconnect_from_port_20=YES//Enable FTP data port connection requestsxferlog_file=/var/log/vsftpd.log//Set the log file name and storage path, which is the defaultxferlog_std_format=YES//Whether the standard ftpdxferlog log file format is usedlisten=YES//Enable vsftpd in independent Startup Modeuser_config_dir=/etc/vsftpd/vuser_dir//Use the directory of the virtual user configuration filepam_service_name=/etc/pam.d/ftp.vu//Set the name of the configuration file for the PAM Authentication Service, which is stored in/etc/pam. D/directory.userlist_enable=NO//Whether the user in the user list can log on to the FTP server is not allowed by default.chroot_list_enable=YES//If you do not want to switch to a directory other than your own directory after logging on, you need to set this itemtcp_wrappers=YES//Use tcp_wrqppers as the host Access Control Methodguest_enable=YES//Whether to enable Guest users (that is, enable virtual Users)guest_username=root//If the virtual user is enabled, upload the file and modify the file User Namechown_uploads=YES//Whether to enable file upload and change it to the specified ownerchown_username=root//Whether to enable file upload and change it to the specified owner

3. Create two directories under/etc/vsftpd/

vuser_db# Subsequent storage of virtual user configuration filesvuser_dir# Storing Authentication Files for virtual users[root@mastervsftpd]#mkdirvuser_dbvuser_dir[root@mastervsftpd]#cdvuser_db/[root@mastervuser_db]#lltotal20-rw-r--r--.1rootroot69Jan511:25login_vuser-rw-r--r--.1rootroot12288Jan511:26vuser.db[root@mastervuser_db]#vimlogin_vuser//The following is the account password format of the login_vuser virtual user, which is an odd-number username and a double-number username.user00320150105user00420150106user00520150107//Generate database files//Option-T allows applications to translate text files into databases. Since the virtual user information is stored in the file as a file, this option must be used to enable the Vsftpd application to load user data through text.If option-T is specified, follow the sub-option-t.Suboption-t, appended to the-T option, used to specify the type of the database for translation loading. Extended introduction, the data types that can be specified by-t include Btree, Hash, Queue, and Recon database.-F: the parameter is followed by a text file containing the user name and password. The file content is: Odd-line user name, even-line Password[root@mastervuser_db]#db_load-T-thash-f/etc/vsftpd/vuser_db/login_vuser/etc/vsftpd/vuser_db/vuser.db

4. Change the pam Authentication Module

[root@mastervuser_db]#cd/etc/pam.d/[root@mastervuser_db]# Vimftp. vu // the file name must be the same as that specified by pam_service_name in the main configuration file//The last vuser is vuser. db, but the suffix here does not need to be written.authrequired/lib64/security/pam_userdb.sodb=/etc/vsftpd/vuser_db/vuseraccountrequired/lib64/security/pam_userdb.sodb=/etc/vsftpd/vuser_db/vuser

5. Create a corresponding file for the virtual user

[root@mastervsftpd]#cd/etc/vsftpd/vuser_dir/[root@mastervuser_dir]# Ll // login_vusertotal6-rw-r--r--.1rootroot177Jan517:03user003-rw-r--r--.1rootroot177Jan517:09user004-rw-r--r--.1rootroot177Jan517:19user005[root@mastervuser_dir]#vimuser003anon_world_readable_only=NOwrite_enable=YESanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESlocal_root=/data/www/test//Specifies the directory to which the virtual user has the permission to log on.chown_upload_mode=0777//Permission settings for virtual users to upload files

The configuration is complete. You can start the vsftpd service:

root@mastervsftpd]#servicevsftpdstart

Then, you can log on to the windows Server and test it:

OK. The configuration of the vsftpd virtual User Authenticated by pam is fully implemented here, And the FTP login function of the virtual user can be realized.

This article from the "warm boiled frog" blog, please be sure to keep this source http://tanxw.blog.51cto.com/4309543/1599747