Specific commands for FTP server configuration process (1)

This article mainly introduces the FTP server configuration process. In the previous article, we explained how to create an FTP server. We should also find some problems. From the previous article, we found that the FTP server user is also a system user. This is obviously a security risk because these users can not only access FTP, but also access other system resources. How can this problem be solved? The answer is to create an FTP server for a virtual user. A virtual user can only access the FTP service provided by the server, but cannot access other resources of the system. Therefore, if you want to grant the write permission to the FTP server station but do not allow access to other system resources, you can use virtual users to improve system security. In VSFTP, authentication for these virtual users uses a separate password library file pam_userdb), which is authenticated by the pluggable authentication module PAM. This method is safer and more flexible.

The following describes the FTP server configuration process.

FTP server configuration process 1. Generate a virtual user password library file. To create a password library file, you must first generate a text file. The file format is as follows: singular behavior username, even behavior password:

 
 

  
  
#vi account.txt  
  
  
ylg  
  
  
1234  
  
  
zhanghong  
  
  
4321  
  
  
gou  
  
  
5678  
 
 

FTP server configuration process 2. Generate a password library file and modify its permissions:

 
 

  
  
#db_load -T -t hash -f ./account.txt /etc/vsftpd/account.db  
  
  
#chmod 600 /etc/vsftpd/account.db  
 
 

FTP server configuration process 3. Create a virtual user's PAM file. Add the following two lines:

 
 

  
  
#vi /etc/pam.d/vsftp.vu  
  
  
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/account  
  
  
account required /lib/security/pam_userdb.so db=/etc/vsftpd/account  
 
 

FTP server configuration process 4. Create a virtual user, set the directory to be accessed by the user, and set the access permissions of the virtual user:

 
 

  
  
#useradd -d /ftpsite virtual_user  
  
  
#chmod 700 /ftpsite  
 
 

After this step,/ftpsite is the home directory of the virtual_user user, which is also the owner of the/ftpsite directory. Except the root user, only the user has the permission to read, write, and execute the directory.

FTP server configuration process 5. Generate a test file. First switch to the virtual_user user identity, and then create a file in the/ftpsite directory:

 
 

  
  
#su -virtual_user  
  
  
$vi /ftpsite/mytest  
  
  
This is a test file.  
  
  
$su - root  
 
 

FTP server configuration process 6. Edit the/etc/vsftpd. conf file so that the content of the entire file is as follows ):

 
 

  
  
anonymous_enable=NO 
  
  
local_enable=YES 
  
  
local_umask=022 
  
  
xferlog_enable=YES 
  
  
connect_from_port_20=YES 
  
  
xferlog_std_format=YES 
  
  
listen=YES 
  
  
write_enable=YES 
  
  
anon_upload_enable=YES 
  
  
anon_mkdir_write_enable=YES 
  
  
anon_other_write_enable=YES 
  
  
one_process_model=NO 
  
  
chroot_local_user=YES 
  
  
ftpd_banner=Welcom to my FTP server.  
  
  
anon_world_readable_only=NO 
  
  
guest_enable=YES 
  
  
guest_username=virtual_user 
  
  
pam_service_name=vsftp.vu  
 
 

In the code above, guest_enable = YES indicates that a virtual user is enabled; guest_username = virtual indicates that a virtual user is mapped to a local user, so that the virtual user can log on to the local user's virtual directory/ftpsite; pam_service_name = vsftp. the configuration file of PAM specified by vu is vsftp. vu.

FTP server configuration process 7. Restart VSFTP

 
 

  
  
#service vsftpd restart