Method 1: CentOS5.9 vsftpd configuration
1. Enter the following code in install_vsftpd.sh.
| The code is as follows: |
Copy code |
Echo "========================== install vsftpd ======== ====================================="
Yum-y remove vsftpd
Yum-y install vsftpd Rm-f/etc/vsftpd. conf
Cat>/etc/vsftpd. conf <EOF
# Example config file/etc/vsftpd. conf
# Anonymous_enable = YES
Local_enable = YES
Write_enable = YES
Local_umask = 022
# Anon_upload_enable = YES
# Anon_mkdir_write_enable = YES
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
# Chown_uploads = YES
# Chown_username = whoever
# Xferlog_file =/var/log/xferlog
Xferlog_std_format = YES
# Idle_session_timeout = 600
# Data_connection_timeout = 120
# Nopriv_user = ft1_cure
# Async_abor_enable = YES
# Ascii_upload_enable = YES
# Ascii_download_enable = YES
Ftpd_banner = Welcome to FTP service.
# Deny_email_enable = YES
# Banned_email_file =/etc/vsftpd/banned_emails
# Chroot_list_enable = YES
# Chroot_list_file =/etc/vsftpd/chroot_list
# Ls_recurse_enable = YES
Listen = YES
# Listen_ipv6 = YES
Pam_service_name = vsftpd
Userlist_enable = YES
Tcp_wrappers = YES
Use_localtime = YES
Chroot_local_user = YES
EOF # Permission settings
Setsebool-P ftpd_disable_trans 1 # You do not need to restart the service for the first time. The server will be restarted later.
Cat>/etc/rc. local <EOF
Service vsftpd restart
EOF # Create an ftp account
Echo "============================ ftp username and password ======== ============================"
Mkdir-p/web/http
Useradd-d/web/http bibinet
Setfacl-R-m u: bibinet: rwx/web/http/
Passwd bibinet
# Viewing accounts
# Finger bibinet |
2. Modify permissions
| The code is as follows: |
Copy code |
Chmod 777 install_vsftpd.sh |
3. Execution
| The code is as follows: |
Copy code |
Sh install_vsftpd.sh |
OK. The build is complete.
Method 2: install and configure vsftpd in CentOS6.3
Error prompt for configuring real user logon
331 Please specify the password.
Command: PASS ***
Response: 530 Login incorrect.
Error: critical error
Error: unable to connect to the server
Solution: view the files pointed to by chroot_list_file in the vsftpd. conf file and create corresponding configuration documents in the corresponding directory. This document stores real vsftpd users.
1. install vsftpd software -- yum install-y vsftpd pam db4 (pam and db4 components are used for vsftp access control)
| The code is as follows: |
Copy code |
[Root @ localhost ~] # Rpm-q vsftpd & rpm-q db4 & rpm-q pam |
2. Configure the/etc/vsftpd. conf file.
| The code is as follows: |
Copy code |
[Root @ localhost ~] # Cat/etc/vsftpd. conf | grep-v ^ # | grep-v ^ $
Anonymous_enable = NO/* anonymous users are not allowed to log on. Anonymous users are allowed to log on to the/var/ftp/pub directory by default.
Local_enable = YES/* allow local users to log on to the vsftpd server
Write_enable = YES/* The logon user has the write permission.
Local_umask = 022/* Default permission for logging on to the user to create a directory (reverse mask-777-022 = 755 directory permission, file is 666-022 = 644 permission)
Dirmessage_enable = YES/* the user enters the directory of each vsftpd server.
Xferlog_enable = YES/* enable user logon logging
Connect_from_port_20 = YES/* Default connection port number
Xferlog_std_format = YES/* supports the WuFTP logon file format (from laruence)
Idle_session_timeout = 600/* session timeout unit: Seconds
Async_abor_enable = YES/* supports asynchronous transmission.
Ascii_upload_enable = YES/* supports ASCII code uploads with default transmission properties
Ascii_download_enable = YES/* supports ASCII code download with default transmission properties
Chroot_local_user = YES/* restrict logon users to their home directories, which are related to the following two parameters:
Chroot_list_enable = YES/* enable the chroot write list function
Chroot_list_file =/etc/vsftpd/chroot_list/* Location of the chroot_list configuration file. Users in the chroot_list configuration file allow chroot to access non-home directories.
Listen = YES/* The default value is YES. This parameter is related to the super daemon/stand alone mode started by vsftpd. The super daemon mode should be changed to NO
Listen_ipv6 = NO/* whether to listen for ipv6
Pam_service_name = vsftpd/* pam authentication module name, pointing to-/etc/pam. d/vsftpd document
Userlist_enable = YES/* used with userlist_deny and userlist_file
Tcp_wrappers = YES/* firewall mechanism supporting TCP Wrappers
Guest_enable = YES/* enable virtual user logon
Guest_username = vsftpd/* host user of a virtual user-the user cannot log on to the vsftpd server if the system actually exists.
Virtual_use_local_privs = YES/* detailed description of this parameter
User_config_dir =/etc/vsftpd/virconf/* The main directory of the virtual account is
[Root @ localhost ~] # |
3. Create a virtual user host user useradd-s/sbin/nologin vsftpd
4. Create a virtual user database:
| The code is as follows: |
Copy code |
Vim/etc/vsftpd/virftpuser. list [Root @ localhost vsftpd] # more virftpuser. list
Virtest/* odd behavior username
123456/* even user passwords and so on
Test
321123 |
Use db4 to generate user data
| The code is as follows: |
Copy code |
Db_load-T-t hash-f/etc/vsftpd/virftpuser. list/etc/vsftpd/virftpuser. list. db |
Configure the PAM authentication matching file
| The code is as follows: |
Copy code |
Vim/etc/pam. d/vsftpd comment out the original authentication method and add the following two configurations: # % PAM-1.0
# Session optional pam_keyinit.so force revoke
# Auth required pam_listfile.so item = user sense = deny file =/etc/vsftpd/ftpusers onerr = succeed
# Auth required pam_shells.so
# Auth include password-auth
# Account include password-auth
# Session required pam_loginuid.so
# Session include password-auth
Auth required/lib64/security/pam_userdb.so db =/etc/vsftpd/virftpuser. list/* here, my system is 64-bit and I have specified the absolute path
Account required/lib64/security/pam_userdb.so db =/etc/vsftpd/virftpuser. list |
Vsftpd Virtual User pam authentication configuration
5. Start the vsftpd server for testing:
| The code is as follows: |
Copy code |
Service vsftpd start |
Log on to the vsftpd server to test
