Install vsftpd in CentOS 6.4

Overview:

Vsftpd is a well-known FTP server in Linux. Of course, it is preferred to build an FTP server.

This article describes how to install vsftpd in CentOS 6.4 and configure a virtual user to log on to FTP.

Body: 1. Install vsftpd

Check whether vsftpd has been installed

rpm -qa | grep vsftpd

If not, install and set the startup

yum -y install vsftpdchkconfig vsftpd on

Ii. Virtual user-based configuration

Virtual users do not use real accounts, but only map to real accounts and Set permissions. A virtual user cannot log on to the CentOS system.

Modify configuration file

Open/etc/vsftpd. conf and configure as follows:

Anonymous_enable = NO // set that anonymous access to local_enable = YES // set that the local user can access. Note: If you use a virtual host user, if this project is set to NO, all virtual users will not be able to access chroot_list_enable = YES // so that users cannot leave the main directory ascii_upload_enable = YESascii_download_enable = YES // set to support uploading and downloading in ASCII mode function pam_service_name = vsftpd // PAM Authentication file name. PAM will be authenticated according to/etc/pam. d/vsftpd

The following are important configurations supported by vsftpd virtual users. By default, vsftpd. conf does not contain these configuration items. You must manually add

Guest_enable = YES // set to enable the virtual User Function guest_username = ftp // specify the host user of the virtual user, in CentOS, the built-in ftp user user_config_dir =/etc/vsftpd/vuser_conf // is used to set the path for storing the CentOS FTP service file of the virtual user's personal vsftp. CentOS FTP service file that stores virtual user personality (configuration file name = virtual user name

Perform authentication

First, install the Berkeley DB tool. Many people cannot find db_load. The problem is that this package is not installed.

yum install db4 db4-utils

Then, create the User Password text/etc/vsftpd/vuser_passwd.txt, note that the odd line is the user name, even the line is the password

test123456

Then, generate the database file for virtual user authentication

db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db

Then, edit the authentication file/etc/pam. d/vsftpd, comment out all the original statements, and add the following two sentences:

auth required pam_userdb.so db=/etc/vsftpd/vuser_passwdaccount required pam_userdb.so db=/etc/vsftpd/vuser_passwd

Finally, create a virtual user configuration file

Mkdir/etc/vsftpd/vuser_conf/vi/etc/vsftpd/vuser_conf/test // the file name is equal to the account name in vuser_passwd.txt; otherwise, the settings below are invalid

The content is as follows:

Local_root =/ftp/www // virtual user root directory, modify write_enable = YES // according to the actual situation // you can write anon_umask = 022 // mask anon_world_readable_only = NO anon_upload_enable = YES bytes = YES

Set Selinux

Setsebool-P ftp_home_dir = 1 // set ftp to use the home directory sersebool-P allow_ftpd_full_access = 1 // set ftp users to have all Permissions

Set FTP root directory permissions

Mkdir/ftp/www // create the chmod R 755/ftpchmod R 777/ftp/www directory

The latest vsftpd requires no write permission for the main directory, so ftp is 755, and the sub-directories under the main directory are set with the 777 permission.

Set firewall

Open/etc/sysconfig/iptables

In "-a input-m state -- state NEW-m tcp-p-dport 22-j ACCEPT", add:

-A INPUT m state --state NEW m tcp p dport 21 j ACCEPT

Save and close the file. Run the following command in the terminal to refresh the Firewall Configuration:

service iptables restart

 

OK. Run "service vsftpd start" to access your FTP server.

Configure PASV Mode

PASV mode is not enabled by default in vsftpd. Currently, FTP can only be connected in PORT mode. To enable PASV, you must use the following configuration.

Open/etc/vsftpd. conf and add

Pasv_enable = YES // enable PASV mode pasv_min_port = 40000 // minimum port number pasv_max_port = 40080 // maximum port number pasv_promiscuous = YES

Enable ports 40000 to 40080 in the firewall configuration

-A INPUT m state --state NEW m tcp p dport 40000:40080 j ACCEPT

Restart iptabls and vsftpd

service iptables restartservice vsftpd restart

Now you can connect to your FTP server in PASV mode ~

Recommended reading:

Four Advanced configurations of vsftpd Server:

VsFTPd configuration Tutorial:

Simple and practical Ubuntu FTP setup

Set up FTP server and Apache server on Ubuntu

Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform

Install vsftpd source code in Linux

Case study of vsftpd Security Configuration