Overview:
Vsftpd is a well-known FTP server in Linux. Of course, it is preferred to build an FTP server.
This article describes how to install vsftpd in CentOS 6.4 and configure a virtual user to log on to FTP.
Body: 1. Install vsftpd
Check whether vsftpd has been installed
rpm -qa | grep vsftpd
If not, install and set the startup
yum -y install vsftpdchkconfig vsftpd on
Ii. Virtual user-based configuration
Virtual users do not use real accounts, but only map to real accounts and Set permissions. A virtual user cannot log on to the CentOS system.
Modify configuration file
Open/etc/vsftpd. conf and configure as follows:
Anonymous_enable = NO // set that anonymous access to local_enable = YES // set that the local user can access. Note: If you use a virtual host user, if this project is set to NO, all virtual users will not be able to access chroot_list_enable = YES // so that users cannot leave the main directory ascii_upload_enable = YESascii_download_enable = YES // set to support uploading and downloading in ASCII mode function pam_service_name = vsftpd // PAM Authentication file name. PAM will be authenticated according to/etc/pam. d/vsftpd
The following are important configurations supported by vsftpd virtual users. By default, vsftpd. conf does not contain these configuration items. You must manually add
Guest_enable = YES // set to enable the virtual User Function guest_username = ftp // specify the host user of the virtual user, in CentOS, the built-in ftp user user_config_dir =/etc/vsftpd/vuser_conf // is used to set the path for storing the CentOS FTP service file of the virtual user's personal vsftp. CentOS FTP service file that stores virtual user personality (configuration file name = virtual user name
Perform authentication
First, install the Berkeley DB tool. Many people cannot find db_load. The problem is that this package is not installed.
yum install db4 db4-utils
Then, create the User Password text/etc/vsftpd/vuser_passwd.txt, note that the odd line is the user name, even the line is the password
test123456
Then, generate the database file for virtual user authentication
db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db
Then, edit the authentication file/etc/pam. d/vsftpd, comment out all the original statements, and add the following two sentences:
auth required pam_userdb.so db=/etc/vsftpd/vuser_passwdaccount required pam_userdb.so db=/etc/vsftpd/vuser_passwd
Finally, create a virtual user configuration file
Mkdir/etc/vsftpd/vuser_conf/vi/etc/vsftpd/vuser_conf/test // the file name is equal to the account name in vuser_passwd.txt; otherwise, the settings below are invalid
The content is as follows:
Local_root =/ftp/www // virtual user root directory, modify write_enable = YES // according to the actual situation // you can write anon_umask = 022 // mask anon_world_readable_only = NO anon_upload_enable = YES bytes = YES
Set Selinux
Setsebool-P ftp_home_dir = 1 // set ftp to use the home directory sersebool-P allow_ftpd_full_access = 1 // set ftp users to have all Permissions
Set FTP root directory permissions
Mkdir/ftp/www // create the chmod R 755/ftpchmod R 777/ftp/www directory
The latest vsftpd requires no write permission for the main directory, so ftp is 755, and the sub-directories under the main directory are set with the 777 permission.
Set firewall
Open/etc/sysconfig/iptables
In "-a input-m state -- state NEW-m tcp-p-dport 22-j ACCEPT", add:
-A INPUT m state --state NEW m tcp p dport 21 j ACCEPT
Save and close the file. Run the following command in the terminal to refresh the Firewall Configuration:
service iptables restart
OK. Run "service vsftpd start" to access your FTP server.
Configure PASV Mode
PASV mode is not enabled by default in vsftpd. Currently, FTP can only be connected in PORT mode. To enable PASV, you must use the following configuration.
Open/etc/vsftpd. conf and add
Pasv_enable = YES // enable PASV mode pasv_min_port = 40000 // minimum port number pasv_max_port = 40080 // maximum port number pasv_promiscuous = YES
Enable ports 40000 to 40080 in the firewall configuration
-A INPUT m state --state NEW m tcp p dport 40000:40080 j ACCEPT
Restart iptabls and vsftpd
service iptables restartservice vsftpd restart
Now you can connect to your FTP server in PASV mode ~
Recommended reading:
Four Advanced configurations of vsftpd Server:
VsFTPd configuration Tutorial:
Simple and practical Ubuntu FTP setup
Set up FTP server and Apache server on Ubuntu
Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04
Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform
Install vsftpd source code in Linux
Case study of vsftpd Security Configuration