Multi-user multi-directory configuration of vsftpd in Ubuntu 64-bit

After studying vsftpd for two days, I found a lot of information from the Internet. If this problem was not solved, I finally solved the problem. The following shows my configuration process. Don't like, don't spray...

1. Install vsftpd

sudo apt-get install vsftpd

Overview of directories after installation

/Etc/vsftpd. conf	Main configuration file
/Usr/sbin/vsftpd	Main Program of vsftpd
/Etc/rc. d/init. d/vsftpd	Start script
/Etc/PAM. d/vsftpd	PAM Authentication file (the file =/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the user in the/etc/vsftpd/ftpusers file)
/Etc/vsftpd/ftpusers	Disable vsftpd user list files. Record the user name list that is not allowed to access the FTP server. The administrator can record some user accounts that are threatening system security in this file, this prevents the user from getting the right to upload or download more after logging on from ftp, which may cause damage to the system. (Note: This file is in the/etc/directory in the linux-4)
/Etc/vsftpd/user_list	Disable or allow vsftpd user list files. The Default User information specified in this file (in/etc/vsftpd. if userlist_deny = yes is set in Conf, the FTP server cannot be accessed. When userlist_deny = No is set, only the user specified in user_list can access the FTP server. (Note: This file is in the/etc/directory in the linux-4)
/Var/ftp	Anonymous user home directory; local user home directory:/home/user home directory, that is, enter your home directory after logging on
/Var/FTP/pub	The download directory of an anonymous user. The root chmod 1777 pub must be authorized for this directory (1 is a special permission so that it cannot be deleted after upload)
/Etc/logrotate. d/vsftpd. Log	Vsftpd Log File

2. Configure the user

Create the directory vsftpd under/etc

mkdir vsftpdcd vsftpdvi user.txt

User.txt includes username and password, odd behavior username, and even behavior Password

ftp1ftp1ftp2ftp2

Use the db_load command to generate a database

If you do not have the db_load command, install

apt-get install db-util

Then generate the database

db_load -T -t hash -f user.txt user.dbsudo chmod 600 user.db

3. Create configurations for different users

Mkdir user_confcd user_confsudo touch ftp1 ftp2 // matches the user in user.txt

Write in ftp1: mainly for testing, first simple write

anon_world_readable_only=NOlocal_root=/opt/vsftpd/ftp1

Write in ftp2:

Anon_world_readable_only = nolocal_root =/home/FTP // two directories completely different from ftp1

4. Modify vsftpd under Pam. D.I 've taken a lot of detours and posted all vsftpd for you to see what is the difference with the Internet.

cd /etc/pam.dvi vsftpd

auth    required        pam_userdb.so   db=/etc/vsftpd/useraccount required        pam_userdb.so   db=/etc/vsftpd/user

DB =... points to the user. DB we created earlier.

5. Create a virtual account:

Sudo useradd virtual-D/opt/vsftpd-S/sbin/nologin // the chmod a-W/opt/vsftpd // permission chown virtual: virtual/opt/vsftpd // modify the user group to which the directory belongs. Because we have created two FTP locations, we need to modify the permissions and user group chmod A-W/home/ftpchown virtual: virtual/home/ftp

6. Modify/etc/vsftpd. conf

# Configure Listen = yes # configure anonymous users # enable Anonymous users to log on to anonymous_enable = noxferlog_std_format = yes # Use upload and download logs. The default log file is/var/log/vsftpd. log. You can use the xferlog_file option to modify xferlog_enable = yesxferlog_file =/var/log/vsftpd. log # log use standard xferlog format: bytes = yeslocal_enable = yesuse_localtime = yeswrite_enable = bytes = yesguest_username = Virtual // corresponding to the user virtualuser_config_dir =/etc/vsftpd/user_conf // Add dirmessage_enable = yesconnect_from_port_20 = yeschroot_local_user = yeschroot_list_enable = yeschroot_list_file =/etc/vsftpd. chroot_listsecure_chroot_dir =/var/run/vsftpd/emptypam_service_name = vsftpd // corresponding to/etc/PAM. d/vsftpdrsa_cert_file =/etc/SSL/private/vsftpduserlist_enable = Yes