Method 1: CentOS5.9 vsftpd configuration
1. Enter the following code in install_vsftpd.sh.
The code is as follows: |
Copy code |
Echo "========================== install vsftpd ======== =====================================" Yum-y remove vsftpd Yum-y install vsftpd Rm-f/etc/vsftpd. conf Cat>/etc/vsftpd. conf <EOF # Example config file/etc/vsftpd. conf # Anonymous_enable = YES Local_enable = YES Write_enable = YES Local_umask = 022 # Anon_upload_enable = YES # Anon_mkdir_write_enable = YES Dirmessage_enable = YES Xferlog_enable = YES Connect_from_port_20 = YES # Chown_uploads = YES # Chown_username = whoever # Xferlog_file =/var/log/xferlog Xferlog_std_format = YES # Idle_session_timeout = 600 # Data_connection_timeout = 120 # Nopriv_user = ft1_cure # Async_abor_enable = YES # Ascii_upload_enable = YES # Ascii_download_enable = YES Ftpd_banner = Welcome to FTP service. # Deny_email_enable = YES # Banned_email_file =/etc/vsftpd/banned_emails # Chroot_list_enable = YES # Chroot_list_file =/etc/vsftpd/chroot_list # Ls_recurse_enable = YES Listen = YES # Listen_ipv6 = YES Pam_service_name = vsftpd Userlist_enable = YES Tcp_wrappers = YES Use_localtime = YES Chroot_local_user = YES EOF # Permission settings Setsebool-P ftpd_disable_trans 1 # You do not need to restart the service for the first time. The server will be restarted later. Cat>/etc/rc. local <EOF Service vsftpd restart EOF # Create an ftp account Echo "============================ ftp username and password ======== ============================" Mkdir-p/web/http Useradd-d/web/http bibinet Setfacl-R-m u: bibinet: rwx/web/http/ Passwd bibinet # Viewing accounts # Finger bibinet |
2. Modify permissions
The code is as follows: |
Copy code |
Chmod 777 install_vsftpd.sh |
3. Execution
The code is as follows: |
Copy code |
Sh install_vsftpd.sh |
OK. The build is complete.
Method 2: install and configure vsftpd in CentOS6.3
Error prompt for configuring real user logon
331 Please specify the password.
Command: PASS ***
Response: 530 Login incorrect.
Error: critical error
Error: unable to connect to the server
Solution: view the files pointed to by chroot_list_file in the vsftpd. conf file and create corresponding configuration documents in the corresponding directory. This document stores real vsftpd users.
1. install vsftpd software -- yum install-y vsftpd pam db4 (pam and db4 components are used for vsftp access control)
The code is as follows: |
Copy code |
[Root @ localhost ~] # Rpm-q vsftpd & rpm-q db4 & rpm-q pam |
2. Configure the/etc/vsftpd. conf file.
The code is as follows: |
Copy code |
[Root @ localhost ~] # Cat/etc/vsftpd. conf | grep-v ^ # | grep-v ^ $ Anonymous_enable = NO/* anonymous users are not allowed to log on. Anonymous users are allowed to log on to the/var/ftp/pub directory by default. Local_enable = YES/* allow local users to log on to the vsftpd server Write_enable = YES/* The logon user has the write permission. Local_umask = 022/* Default permission for logging on to the user to create a directory (reverse mask-777-022 = 755 directory permission, file is 666-022 = 644 permission) Dirmessage_enable = YES/* the user enters the directory of each vsftpd server. Xferlog_enable = YES/* enable user logon logging Connect_from_port_20 = YES/* Default connection port number Xferlog_std_format = YES/* supports the WuFTP logon file format (from laruence) Idle_session_timeout = 600/* session timeout unit: Seconds Async_abor_enable = YES/* supports asynchronous transmission. Ascii_upload_enable = YES/* supports ASCII code uploads with default transmission properties Ascii_download_enable = YES/* supports ASCII code download with default transmission properties Chroot_local_user = YES/* restrict logon users to their home directories, which are related to the following two parameters: Chroot_list_enable = YES/* enable the chroot write list function Chroot_list_file =/etc/vsftpd/chroot_list/* Location of the chroot_list configuration file. Users in the chroot_list configuration file allow chroot to access non-home directories. Listen = YES/* The default value is YES. This parameter is related to the super daemon/stand alone mode started by vsftpd. The super daemon mode should be changed to NO Listen_ipv6 = NO/* whether to listen for ipv6 Pam_service_name = vsftpd/* pam authentication module name, pointing to-/etc/pam. d/vsftpd document Userlist_enable = YES/* used with userlist_deny and userlist_file Tcp_wrappers = YES/* firewall mechanism supporting TCP Wrappers Guest_enable = YES/* enable virtual user logon Guest_username = vsftpd/* host user of a virtual user-the user cannot log on to the vsftpd server if the system actually exists. Virtual_use_local_privs = YES/* detailed description of this parameter User_config_dir =/etc/vsftpd/virconf/* The main directory of the virtual account is [Root @ localhost ~] # |
3. Create a virtual user host user useradd-s/sbin/nologin vsftpd
4. Create a virtual user database:
The code is as follows: |
Copy code |
Vim/etc/vsftpd/virftpuser. list [Root @ localhost vsftpd] # more virftpuser. list Virtest/* odd behavior username 123456/* even user passwords and so on Test 321123 |
Use db4 to generate user data
The code is as follows: |
Copy code |
Db_load-T-t hash-f/etc/vsftpd/virftpuser. list/etc/vsftpd/virftpuser. list. db |
Configure the PAM authentication matching file
The code is as follows: |
Copy code |
Vim/etc/pam. d/vsftpd comment out the original authentication method and add the following two configurations: # % PAM-1.0 # Session optional pam_keyinit.so force revoke # Auth required pam_listfile.so item = user sense = deny file =/etc/vsftpd/ftpusers onerr = succeed # Auth required pam_shells.so # Auth include password-auth # Account include password-auth # Session required pam_loginuid.so # Session include password-auth Auth required/lib64/security/pam_userdb.so db =/etc/vsftpd/virftpuser. list/* here, my system is 64-bit and I have specified the absolute path Account required/lib64/security/pam_userdb.so db =/etc/vsftpd/virftpuser. list |
Vsftpd Virtual User pam authentication configuration
5. Start the vsftpd server for testing:
The code is as follows: |
Copy code |
Service vsftpd start |
Log on to the vsftpd server to test