CentOS6.3 vsftpd Virtual user file sharing via Pam authentication

The full name of FTP is file Transfer Protocol, which is the protocol used to transfer files. It works on the seventh layer of the OSI model, which is the application layer, using TCP transport instead of UDP. This way, the FTP client and the server must pass a " Three-time handshake "process. A very important feature of the FTP service is that it can be platform independent.

There are many softwares for implementing FTP service under Linux, the most common ones are vsftpd,wu-ftpd and proftp. VSFTPD is installed by default in Red Hat Enterprise Linux.

In general, access to the FTP server requires authentication, only after the relevant authentication of the FTP server, the user can access and transfer files. VSFTPD provides 3 types of FTP logins:

(1) Anonymous (anonymous account)

The use of Anonymous is a widely used FTP server. If the user does not have an account on the FTP server, the user can log in by using anonymous as their user name and their e-mail address. When an anonymous user logs on to the FTP server, The login directory is the root directory of the anonymous FTP server/VAR/FTP. In order to reduce the load on the FTP server, the upload function of anonymous accounts should normally be turned off.

(2) Real (real account)

Real, also known as a local account, is to log in with a real user name and password, but only if the user has his or her own account on the FTP server. After logging in with a real account, the directory is the user's own directory, which is created automatically when the system establishes an account.

(3) Guest (virtual account)

If the user has an account on the FTP server, but this account can only be used for the file transfer service, then the account is Guest,guest is a form of real accounts, the difference is that geust log on to the FTP server, you cannot access the content other than the host directory.

This is described in detail below.

Next we begin to implement the functionality of the VSFTPD virtual User:

1. Yum Installation VSFTPD Program:

[email protected] ~]# Yum install vsftpd-y

2. Modify the configuration file

Backup Modify configuration file

[[Email protected] ~]# cd /etc/vsftpd[[email protected] vsftpd]# lltotal  28-RW-------.  1 root root  125 Oct 18 07:54  FTPUSERS-RW-------.  1 root root  361 oct 18 07:54 user_ LIST-RW-------.  1 ROOT ROOT 4599 OCT 18 07:54 VSFTPD.CONF-RW-------.  1 root root 4599 jan  6 10:53 vsftpd.conf.bak-rwxr--r--.  1  root root  338 Oct 18 07:54 vsftpd_conf_migrate.sh[[email  protected] vsftpd]# cp vsftpd.conf{,.bak}[[email protected] vsftpd]# cat  vsftpd.conf | grep  "^[^#]" anonymous_enable=no  //allow anonymous to log on to the FTP server, which is allowed by default. local_enable=yes  //whether to allow local users to log on to the FTP server, by default, allows write_enable=yes  //to allow users to have write permissions in the FTP server file. The default is to allow anon_umask=022  //to set the virtual user's file generation mask to 022, the default is 077dirmessage_enable=yes  //activates directory information, when a remote user changes the directory, a prompt will appear xferlog_enable=yes  //enable the upload and download log functions connect_ from_port_20=yes  //Enable connection requests for FTP data ports xferlog_file=/var/log/vsftpd.log  //set the file name and storage path for the log file. This is the default xferlog_std_format=yes  //whether to use the standard ftpd xferlog log file format listen=yes  //make vsftpd  Directory in standalone boot mode user_config_dir=/etc/vsftpd/vuser_dir  //using a virtual user profile Pam_service_name=/etc/pam.d/ftp.vu   //set the profile name of the PAM Authentication Service, which is stored in the/etc/pam.d/directory. userlist_enable=no  //whether the user in the user list is allowed to log on to the FTP server, The default is not to allow chroot_list_enable=yes  //if you want users to log on and not be able to switch to a directory other than their own directory, you need to set the item tcp_wrappers=yes  //use TCP_ Wrqppers as the host access control mode guest_enable=yes  //whether to enable guest users (that is, enable virtual users) guest_username=root  // If the user name of the uploaded file modified file after the virtual user is enabled chown_uploads=yes  //whether the upload file is enabled and modified to the specified owner chown_username=root  // Whether the upload file is enabled and modified to the specified owner user

3. Create two directories under/etc/vsftpd/

vuser_db    #后续存放虚拟用户的配置文件vuser_dir    #存放虚拟用户的认证文件 [[email protected] vsftpd]#  mkdir vuser_db vuser_dir[[email protected] vsftpd]# cd vuser_db/[[email  protected] vuser_db]# ll   total 20-rw-r--r--.  1 root root     69 jan  5 11:25 login_vuser-rw-r--r--.  1 root  Root 12288 jan  5 11:26 vuser.db[[email protected] vuser_db]# vim  login_vuser//The following is the Login_vuser virtual user's account password format, odd behavior user name, even behavior password user00320150105user00420150106user00520150107// Generate database File//option-T allows the application to load text file translations into the database. Since we then store the virtual user's information in a file, this option must be used in order for the VSFTPD application to be able to load user data through text. If the option-T is specified, then be sure to follow the child option-t sub-option-T, appended to the-t option, to specify the type of database that the translation is loaded into. Under extensions,-T can specify data types with Btree, Hash, queue, and recon databases. -F: Parameter followed by a text file containing the user name and password, the contents of the file are: Odd line user name, even line password [[email protected] vuser_db]# db_load -t -t  hash -f /etc/vsftpd/vuseR_db/login_vuser /etc/vsftpd/vuser_db/vuser.db 

4. Change the PAM authentication module

[[email protected] vuser_db]# cd/etc/pam.d/[[email protected] vuser_db]# vim ftp.vu//This file name to be associated with the Pam_service_ in the master configuration file The name specified by the consistent//most vuser is vuser.db, but the suffix here is not required to write Auth required/lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_db/ Vuseraccount required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vuser_db/vuser

5. Create the corresponding file for the virtual user

[Email protected] vsftpd]# Cd/etc/vsftpd/vuser_dir/[[email protected] vuser_dir]# ll//login_ How many accounts are created in VUser how many virtual user files total 6-rw-r--r--. 1 root root 177 Jan 5 17:03 user003-rw-r--r--. 1 root root 177 Jan 5 17:09 user004-rw-r--r--. 1 root root 177 Jan 5 17:19 user005[[email protected] vuser_dir]# vim User003anon_world_readable_only=nowrite_enable=yesa Non_upload_enable=yesanon_mkdir_write_enable=yesanon_other_write_enable=yeslocal_root=/data/www/test// Specifies which directory the virtual user has permission to log on to chown_upload_mode=0777//virtual user permission settings for uploading files

This is basically the configuration is complete, you can start the VSFTPD service:

[Email protected] vsftpd]# service VSFTPD start

Then you can log in directly under Windows test to see:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/58/2E/wKioL1SrlKfAgnH7AAGQnuIbTMM983.jpg "title=" Qq20150106154717.png "alt=" Wkiol1srlkfagnh7aagqnuibtmm983.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/58/31/wKiom1SrlAaCcsQuAAFRvBXhLIg833.jpg "title=" Qq20150106155041.png "alt=" Wkiom1srlaaccsquaafrvbxhlig833.jpg "/>

OK, to the full realization of the PAM authentication vsftpd virtual User Configuration, can realize the virtual user login FTP function.

This article is from the "boiled frog with boiling water" blog, please make sure to keep this source http://tanxw.blog.51cto.com/4309543/1599747

CentOS6.3 vsftpd Virtual user file sharing via Pam authentication