After studying vsftpd for two days, I found a lot of information from the Internet. If this problem was not solved, I finally solved the problem. The following shows my configuration process. Don't like, don't spray...
1. Install vsftpd
sudo apt-get install vsftpd
Overview of directories after installation
/Etc/vsftpd. conf |
Main configuration file |
/Usr/sbin/vsftpd |
Main Program of vsftpd |
/Etc/rc. d/init. d/vsftpd |
Start script |
/Etc/PAM. d/vsftpd |
PAM Authentication file (the file =/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the user in the/etc/vsftpd/ftpusers file) |
/Etc/vsftpd/ftpusers |
Disable vsftpd user list files. Record the user name list that is not allowed to access the FTP server. The administrator can record some user accounts that are threatening system security in this file, this prevents the user from getting the right to upload or download more after logging on from ftp, which may cause damage to the system. (Note: This file is in the/etc/directory in the linux-4) |
/Etc/vsftpd/user_list |
Disable or allow vsftpd user list files. The Default User information specified in this file (in/etc/vsftpd. if userlist_deny = yes is set in Conf, the FTP server cannot be accessed. When userlist_deny = No is set, only the user specified in user_list can access the FTP server. (Note: This file is in the/etc/directory in the linux-4) |
/Var/ftp |
Anonymous user home directory; local user home directory:/home/user home directory, that is, enter your home directory after logging on |
/Var/FTP/pub |
The download directory of an anonymous user. The root chmod 1777 pub must be authorized for this directory (1 is a special permission so that it cannot be deleted after upload) |
/Etc/logrotate. d/vsftpd. Log |
Vsftpd Log File |
2. Configure the user
Create the directory vsftpd under/etc
mkdir vsftpdcd vsftpdvi user.txt
User.txt includes username and password, odd behavior username, and even behavior Password
ftp1ftp1ftp2ftp2
Use the db_load command to generate a database
If you do not have the db_load command, install
apt-get install db-util
Then generate the database
db_load -T -t hash -f user.txt user.dbsudo chmod 600 user.db
3. Create configurations for different users
Mkdir user_confcd user_confsudo touch ftp1 ftp2 // matches the user in user.txt
Write in ftp1: mainly for testing, first simple write
anon_world_readable_only=NOlocal_root=/opt/vsftpd/ftp1
Write in ftp2:
Anon_world_readable_only = nolocal_root =/home/FTP // two directories completely different from ftp1
4. Modify vsftpd under Pam. D.I 've taken a lot of detours and posted all vsftpd for you to see what is the difference with the Internet.
cd /etc/pam.dvi vsftpd
auth required pam_userdb.so db=/etc/vsftpd/useraccount required pam_userdb.so db=/etc/vsftpd/user
DB =... points to the user. DB we created earlier.
5. Create a virtual account:
Sudo useradd virtual-D/opt/vsftpd-S/sbin/nologin // the chmod a-W/opt/vsftpd // permission chown virtual: virtual/opt/vsftpd // modify the user group to which the directory belongs. Because we have created two FTP locations, we need to modify the permissions and user group chmod A-W/home/ftpchown virtual: virtual/home/ftp
6. Modify/etc/vsftpd. conf
# Configure Listen = yes # configure anonymous users # enable Anonymous users to log on to anonymous_enable = noxferlog_std_format = yes # Use upload and download logs. The default log file is/var/log/vsftpd. log. You can use the xferlog_file option to modify xferlog_enable = yesxferlog_file =/var/log/vsftpd. log # log use standard xferlog format: bytes = yeslocal_enable = yesuse_localtime = yeswrite_enable = bytes = yesguest_username = Virtual // corresponding to the user virtualuser_config_dir =/etc/vsftpd/user_conf // Add dirmessage_enable = yesconnect_from_port_20 = yeschroot_local_user = yeschroot_list_enable = yeschroot_list_file =/etc/vsftpd. chroot_listsecure_chroot_dir =/var/run/vsftpd/emptypam_service_name = vsftpd // corresponding to/etc/PAM. d/vsftpdrsa_cert_file =/etc/SSL/private/vsftpduserlist_enable = Yes