Linux VSFTPD installation and configuring FTP virtual user Practices

Preferred way to build FTP servers

Installing VSFTPD

#查看当前系统版本 cat/etc/redhat-release CentOS Release 6.6 (Final) #查看是否已经安装vsftpd Rpm-qa | grep vsftpd #如果没有, install, and set boot yum-y install VSFTPD chkconfig vsftpd on

Virtual User-based configuration

The so-called virtual user is not using the real account, just by mapping to the real account and set permissions for the purpose. Virtual users cannot log in to the CentOS system.

Modifying a configuration file

vi /etc/vsftpd/vsftpd.conf   #服务器独立运行  listen=YES  #设定不允许匿名访问  anonymous_enable=no   #设定本地用户可以访问. Note: If you use a virtual hosting user, all virtual users will not be able to access  local_enable=YES  #使用户不能离开主目录  chroot_list_enable=yes # If the item is set to No Set upload and download features  ascii_upload_enable=YES ascii_download_enable=YES  #PAM认证文件名 that support ASCII mode. Pam will be certified according to/ETC/PAM.D/VSFTPD  pam_service_name=vsftpd  #设定启用虚拟用户功能  guest_enable=yes # Specify the host user of the virtual user, there is already a built-in FTP user in CentOS  guest_username=ftp  #设定虚拟用户个人vsftp的CentOS  ftp service file storage path. Centos ftp Service file (profile name = Virtual username) for virtual user personality  user_config_dir=/etc/vsftpd/vuser_conf  #配置vsftpd日志 (optional)  xferlog_enable=yes xferlog_std_format=yes xferlog_file=/var/log/xferlog dual_log_enable= Yes vsftpd_log_file=/var/log/vsftpd.log 

For certification

#安装Berkeley  db Tools, many people can not find db_load the problem is not to install this package  yum install db4 db4-utils  # Create user password text, note that odd line is username, even line is password  vi /etc/vsftpd/vuser_passwd.txt  test 123456  # Generate a DB file for virtual user authentication  db_load -t -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/ vsftpd/vuser_passwd.db   #编辑认证文件, all comments off the original statement, and then add the following two sentences  vi /etc/pam.d/vsftpd  auth  required pam_userdb.so db=/etc/vsftpd/vuser_passwd account required pam_ userdb.so db=/etc/vsftpd/vuser_passwd   #创建虚拟用户配置文件  mkdir /etc/vsftpd/vuser_conf/   #文件名等于vuser_passwd The account name inside the. txt, otherwise the following settings are not valid  vi /etc/vsftpd/vuser_conf/test   #虚拟用户根目录, Modify  local_root=/data/ftp write_enable=yes anon_umask=022 anon_world_readable_only=no According to the actual situation  anon_upload_enable=yes anon_mkdir_write_enable=yes anon_other_write_enable=yes

Set FTP root permissions

#最新的vsftpd要求对主目录不能有写的权限所以ftp为755, the subdirectories under the home directory are set to 777 permissions Mkdir/data/ftp chmod-r 755/data chmod-r 777/data/ftp #建立限制用户访问目录的 Empty file touch/etc/vsftpd/chroot_list #如果启用vsftpd日志需手动建立日志文件 touch/var/log/xferlog touch/var/log/vsftpd.log

Configure PASV mode (optional)

VSFTPD default does not turn on the PASV mode, now FTP can only be connected via port mode, to turn on the PASV by default required by the following configuration.

Open/etc/vsftpd/vsftpd.conf, add #开启PASV模式 pasv_enable=yes at the end #最小端口号 pasv_min_port=40000 #最大端口号 pasv_max_port=40080 pasv_ Promiscuous=yes #在防火墙配置内开启40000到40080端口-A input-m State--state new-m tcp-p-dport 40000:40080-j ACCEPT #重启iptabls和 VSFTPD Service iptables Restart service vsftpd Restart you can now connect to your FTP server using PASV mode ~

SELinux and Firewalls

The closing of the closure, the release of the clearance

Service VSFTPD Start

Problems

If the login appears

Oops:priv_sock_get_result. Connection closed by remote host.

This error requires an upgrade of Pam

Yum Update Pam

Connect If you encounter vsftpd 530 Permission denied

 Use Add userlist_* in vsftpd.conf to block specific Local Users
Userlist_enable=yes
Userlist_deny=yes
Userlist_file=/etc/vsftpd/user_list

Edit/etc/vsftpd/user_list, add on the local user that needs to be blocked, a user name line with the blocked user logged in to FTP displays the message as: 530 Permission denied
My machine's etc/vsftpd/vsftpd.conf file, only Userlist_enable=yes and then use the root user login error 530 Permission denied change YES to no OK

There is also a case where the Userlist_file file location is not specified. Solution: Add Userlist_file=/etc/vsftpd/user_list

This article is from the "Linux" blog, so be sure to keep this source http://xihawang.blog.51cto.com/9630393/1736785

Linux VSFTPD installation and configuring FTP virtual user Practices