Construction of FTP service under <linux >

The FTP package that is installed by default is available for download by anonymous users.
Anonymous can be uploaded later:
Anon_upload_enable=yes
# Getsebool-a | grep FTP
Allow_ftpd_anon_write-On
Chcon-t public_content_rw_t Pub
chmod 775 Pub
CHGRP FTP Pub

Anonymous users can create directories:
Anon_mkdir_write_enable=yes

You cannot see the uploaded file in the created directory. Add the following
Anon_world_readable_only=no

You cannot delete a directory file that you created: add the following
Anon_other_write_enable=yes

When SELinux is turned on, the default local user is not allowed to log on to FTP.
[Email protected] pub]# lftp 192.168.3.30-u Lee
Password:
LFTP [email protected]:~> ls
Ls:login failed:500 oops:cannot Change Directory:redhat
# setsebool-p Ftp_home_dir on

Default Local User login FTP is switchable to/
How to make local not be able to switch to/
Chroot_local_user=yes
#chroot_list_enable =yes
# (default Follows)
#chroot_list_file =/etc/vsftpd/chroot_list
can be locally switched to/
Chroot_local_user=no
#chroot_list_ Enable=yes
# (default follows)
#chroot_list_file =/etc/vsftpd/chroot_list
The user in the Chroot_list file can switch to/, The reverse is that the profile is not written by the user is not everything to the/
Chroot_local_user=yes
Chroot_list_enable=yes
# (default follows)
Chroot_ List_file=/etc/vsftpd/chroot_list
# touch/etc/vsftpd/chroot_list
All users can switch to/, the contents of the configuration file can not be switched to/, if the file is empty, It's all going to be all right, except for anonymous users.
Chroot_local_user=no
Chroot_list_enable=yes
# (default follows)
Chroot_list_ File=/etc/vsftpd/chroot_list
All will not be changed to/
Chroot_local_user=yes
Chroot_list_enable=no
# (default Follows)
Chroot_list_file=/etc/vsftpd/chroot_list

2 blacklist contains a single user, Ftpusers priority is greater than user_list
Ftpusers user_list//These 2 documents will be changed to take effect
All users are not allowed to log on to FTP when the whitelist is empty. It also turns the temporary blacklist into a whitelist.
Userlist_enable=yes
Userlist_deny=no

The establishment of FTP virtual user;
Vim Users
User1
123
User2
123
# yum Install Db4-utils.x86_64-y
# db_load-t-T hash-f users users.db

Vim Ftpusers
Auth Required pam_userdb.so Db=/etc/vsftpd/users
Account Required Pam_userdb.so Db=/etc/vsftpd/users

# vim/etc/vsftpd/vsftpd.conf//directory with virtual user login is the test directory.
Pam_service_name=ftpusers
Guest_enable=yes
Guest_username=test//Use as Local user
Client testing, we will find the home directory that is logged in to test

Add a home directory to a virtual user
[Email protected] vsftpd]# tree virtual/
virtual///Change the directory and create 2 more User1 User2
├──user1
│├──passwd
│└──user1
└──user2
└──user2

/etc/vsftpd/virtual//Modify directory permissions for User1 User2
# chcon-t public_content_rw_t
[email protected] virtual]# LL
Total 8
Drwxr-xr-x. 2 test test 4096 June 01:27 user1
Drwxr-xr-x. 2 test test 4096 June 01:11 User2
Add a home directory for the virtual FTP user, the configuration file to write to the following content
local_root=/etc/vsftpd/virtual/$USER
user_sub_token= $USER

Add a configuration file for a virtual user
/etc/vsftpd
mkdir dir
User_config_dir=/etc/vsftpd/dir
Vim user1//user1 for User1 user's FTP configuration file
Non_upload_enable=no//user1 User is forbidden to upload, by default it can be uploaded