CentOS 6.3 FTP Construction
Vsftpd provides three ftp logon modes:
1. anonymous (anonymous account)
Anonymous is a widely used FTP server. if you do not have an account on the FTP server, you can use anonymous as the username and your email address as the password to log on. after an anonymous user logs on to the FTP server, the logon directory is/var/FTP. to reduce the load on the FTP server, the upload function of an anonymous account should be disabled.
2. real (real account)
Real, also known as a local account, is used to log on with a real user name and password, provided that the user has his/her own account on the FTP server. after you log on with a real account, the user's directory is used to log on to the system. This directory is automatically created when the system creates an account.
3. guest (virtual account)
If you have an account on the FTP server, but this account can only be used for file transfer services, this account is guest, and guest is a form of real accounts. The difference between them is that, after logging on to the FTP server, geust cannot access contents other than the home directory.
Method/step
1. Use yum to install vsftp, saving the trouble of dependency packages
2. modify the configuration file
Mv/etc/vsftpd. conf/etc/vsftpd. confbak // backup
Vi/etc/vsftpd. conf // create a configuration file
List my configurations and make appropriate changes based on environment changes. Note that no space is allowed after each line.
anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022anon_upload_enable=NOanon_mkdir_write_enable=NOdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESchown_uploads=NOxferlog_file=/var/log/xferlogxferlog_std_format=YESnopriv_user=ftpdeasync_abor_enable=YESascii_upload_enable=YESascii_download_enable=YESftpd_banner=Welcome to blah FTP service.chroot_local_user=NOchroot_list_enable=YESchroot_list_file=/etc/vsftpd/vsftpd.chroot_listlisten=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESbackground=YESguest_enable=YESguest_username=ftpdeuser_config_dir=/etc/vsftpd/user_configmax_clients=100max_per_ip=20pasv_enable=YESpasv_min_port=6000pasv_max_port=7000
3. create a local user ftpde and a chroot virtual user ing file useradd ftpde // create an ftpde user. This user is the System user vi/etc/vsftpd. chroot_list ftpvdf // This file is manually created. Each row represents a name that maps virtual users to a local account.
4. create a user account file passwd. the file does not exist by default. The file is used to store the user account and plaintext password. The format is two lines for each account. The first line is the user name, the second line is the password, and so on! Vi/etc/vsftpd/passwd. file ftpdemo 123456.
5. Generate the database file db_load-T-t hash-f/etc/vsftpd/passwd. file/etc/vsftpd/ftpuser_passwd.db
6. after creating the user configuration file and creating an account, the configuration file mkdir/etc/vsftpd/user_config needs to be created for each user to record the FTP directory location, user permissions, and other information. The file name is the FTP Username, and each FTP user has one file, for example, the content of ftedemo vi/etc/vsftpd/user_config/ftpdemo is as follows: local_root =/data/FTP/ftpuser // The Directory corresponding to this path must exist, create write_enable = YES anon_umask = 022 anon_world_readable_only = NO anon_upload_enable = YES anon_mkdir_write_enable = YES anon_other_write_enable = YES
7. create an ftp user directory, the system account mapped to the mkdir-p/data/FTP/ftpdemo FTP user must have the corresponding read/write permissions on the FTP user home directory. The ftpdemo user is still used as an example. In this article, the ftpdemo virtual user is mapped to the ftpdde SYSTEM account, therefore, the ftpdemo SYSTEM account must have the read/write permissions to the ftpdemo FTP home directory/data/FTP/ftpuser chown-R ftpdde: ftpdp/data/FTP/ftpdemo/
8. modify the Pam Authentication Module to back up the original configuration file mv/etc/pam. d/vsftpd/etc/pam. d/vsftpd. bak creates a new configuration file vi/etc/pam. d/vsftpd: auth required pam_userdb.so db =/etc/vsftpd/ftpuser_passwd account required pam_userdb.so db =/etc/vsftpd/ftpuser_passwd
9. modify the firewall vi/etc/sysconfig/iptables configuration as follows: -a input-m state-state NEW-m tcp-p tcp-dport 21-j ACCEPT-a input-m state-state NEW-m tcp-p tcp-dport 22- j ACCEPT-a input-p tcp-dport 6000: 7000-j ACCEPT restart the firewall to enable the configuration to generate service iptables restart
10. disable selinux setenforce 0 // temporarily disable selinux, restart the system or modify selinux configuration to disable selinux vi/etc/SELINUX/config selinux = disable