Deploy Vsftp server environment in CentOS

1. Enable the firewall ftp port vi/etc/sysconfig/iptables # edit the firewall configuration file-AINPUT-mstate -- state

1. Enable the firewall ftp port
Vi/etc/sysconfig/iptables # edit the firewall configuration file

-A input-m state -- state NEW-m tcp-p tcp -- dport 21-j ACCEPT (port 21 is allowed to pass the firewall) -a input-m state -- state NEW-m tcp-p tcp -- dport 20-j ACCEPT (allow port 20 to pass through the firewall) -a input-m state -- state NEW-m tcp-p tcp -- dport 9000: 9045-j ACCEPT (set the port range in ftp passive mode)

Note: If the ftp port is changed to another port (such as 2222), the firewall must enable port 2222. Here, the Firewall uses CentOS 6.0 as an example.

-A input-m state -- state NEW-m tcp-p tcp -- dport 2222-j ACCEPT (allow port 2222 to pass the firewall)

/Etc/init. d/iptables restart # restart the firewall to make the configuration take effect.

2. Check whether vsftp is installed in the system.
System O & M www.osyunwei.com reminder: qihang01 original content©All rights reserved. For more information, see the source and original link.
Rpm-q vsftpd
Package vsftpd is not installed # This indicates that vsftpd is not installed in the system.
3. Install vsftpd
Yum install vsftpd
Press Y and press enter to automatically install
/Etc/init. d/vsftpd start # start vsftpd
Service vsftpd restart # restart
Service vsftpd stop # stop
Chkconfig vsftpd on # Set automatic running upon startup
4. Configure the vsftp Server
Configuration File description:
Core configuration file of/etc/vsftpd. conf vsftpd
/Etc/vsftpd/ftpusers is used to specify which users cannot access the FTP server
/Etc/vsftpd/user_list specifies the list of users that can use vsftpd
/Etc/vsftpd/vsftpd_conf_migrate.sh is a variable and setting Script For vsftpd operations.
/Var/ftp/root directory of anonymous users by default
========================================================== ======================================
Configure/etc/vsftpd. conf
Back up data before configuration
Cp/etc/vsftpd. conf/etc/vsftpd. confbak
Restore Files
Cp/etc/vsftpd. confbak/etc/vsftpd. conf

Vi/etc/vsftpd. conf # Configuration

Use_localtime = YES # ftp time and system synchronization. If an error occurs during startup, log out of reverse_lookup_enable = NO # Add this line to solve the problem of slow client login! Important! DNS response resolution is enabled by default in vsftpd! Disable it here. If an error occurs during startup, log out! Listen_port = 21 # This line does not exist by default. The ftp port is 21. Add listen_port = 2222 to change the default port to 2222. Note: at the same time, the firewall must enable port 2222 anonymous_enable = NO # disable anonymous user local_enable = YES to set local user access. Note: It is mainly a virtual host user. If this project is set to NO, all virtual users will not be able to access write_enable = YES # global settings, whether to allow writing (whether anonymous or local users, enable the upload permission) local_umask = 022 sets the permission mask for uploaded files. Anon_upload_enable = NO prohibit Upload by anonymous users. Anon_mkdir_write_enable = NO prohibit anonymous users from creating directories. Dirmessage_enable = YES. Xferlog_enable = YES. Connect_from_port_20 = YES set port 20 for data connection. Chown_uploads = NO: It is disabled to upload files to change the host. Xferlog_file =/var/log/vsftpd. log storage path (create a file first) xferlog_std_format = YES # use the standard format async_abor_enable = YES to set support for asynchronous transmission. Ascii_upload_enable = YESascii_download_enable = YES is set to support the upload and download functions in ASCII mode. Ftpd_banner = Welcome to Awei FTP servers: Set the login slogan of Vsftpd. Chroot_local_user = YES prohibit local users from logging out of their FTP home directory. Pam_service_name = vsftpd: Set the authentication configuration file name For Vsftpd under the PAM service. Therefore, the PAM Authentication will refer to the vsftpd file configuration under/etc/pam. d. When userlist_enable = YES is set to YES, if a user name is in the file specified by the userlist_file parameter, they will be directly refused to log in before asking them to enter the password. Whether tcp_wrappers = YES supports tcp_wrappersidle_session_timeout = 300 # timeout setting data_connection_timeout = 1 # server disconnection after 1 second idle ################### ####################################### is an important configuration item For Vsftpd virtual user support. Default Vsftpd. conf does not contain these configuration items, manually add configuration ################################### ###################### guest_enable = YES sets to enable the virtual user function. Guest_username = vsftpd specifies the host user of the virtual user (this is the user we will create later) user_config_dir =/etc/vsftpd/vconf sets the path for storing the configuration file of the virtual user's personal Vsftp. That is to say, the specified directory stores the configuration files of each Vsftp virtual user. Note that these configuration files must be the same as the virtual user name. For example, vsftpd. conf configuration file. copy the file to this directory and configure the mv to virtual_use_local_privs = YES # When this parameter is activated (YES, the virtual user has the same permissions as the local user. # When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ). Pasv_min_port = 9000 (set the port range in passive mode) pasv_max_port = 9045 (set the port range in passive mode) accept_timeout = 5 # Keep 5 seconds connect_timeout = 1 # connect again after 1 second

5. Create a single virtual user name file first:
Touch/etc/vsftpd/virtusers
Edit the virtual user name single file: (the first line of the account, the second line of the password, Note: Do not use root as the user name, the system retains)
Vi/etc/vsftpd/virtusers
Web1
123456
Web2
123456
Web3
123456
========================================================== ====================================
6. Generate a virtual user data file:
Db_load-T-t hash-f/etc/vsftpd/virtusers. db
Chmod 600/etc/vsftpd/virtusers. db # Set the PAM Authentication file, and specify to read the virtual user database file ================================== ==========================================================
7. Add the following information to the header of the/etc/pam. d/vsftpd file (it is invalid to add the following information)
Back up cp/etc/pam. d/vsftpd/etc/pam. d/vsftpdbak before modification
Recover cp/etc/pam. d/vsftpdbak/etc/pam. d/vsftpd
Vi/etc/pam. d/vsftpd

 
Auth sufficient/lib/security/pam_userdb.so db =/etc/vsftpd/virtusers
Account sufficient/lib/security/pam_userdb.so db =/etc/vsftpd/virtusers
Note: If the system is 64, the above lib is changed to lib64; otherwise, the configuration fails.
8. Create a New System User vsftpd. the user's home directory is/home/wwwroot, and the user logon terminal is set to/bin/false (even if the user cannot log on to the system)

Useradd vsftpd-d/home/wwwroot-s/bin/false
Chown vsftpd: vsftpd/home/wwwroot-R
Chown apache: apache/home/wwwroot-R # If the virtual user's host user is apache, you need to set it like this.
9. Create a configuration file for the virtual user's personal Vsftp
System O & M www.osyunwei.com reminder: qihang01 original content©All rights reserved. For more information, see the source and original link.
Mkdir/etc/vsftpd/vconf
Cd/etc/vsftpd/vconf
Touch web1 web2 web3 # create three virtual user configuration files here

Vi web1 # edit the user's web1 configuration file. Others are similar to this configuration file.

Local_root =/home/wwwroot/web1/
Write_enable = YES
Anon_world_readable_only = NO
Anon_upload_enable = YES
Anon_mkdir_write_enable = YES
Anon_other_write_enable = YES
10. Restart the vsftpd server.
/Etc/init. d/vsftpd restart

Note: guest_username = vsftpd # specifies the host user of the virtual user (the user we created earlier)
For example, if the ftp directory directs to the root directory of the website
Guest_username = apache # specifying the virtual user's host user as the apache running account can avoid many permission settings Problems

If the following error occurs when a virtual user data file is generated
Users. db-bash: db_load: command not found
Because in the execution dbCommandThe software package is not installed.
Db4
Db4-devel
Db4-java
Db4-tcl
Db4-utils

You can run the yum install db4 * command to install

Now, the vsftpd installation and configuration are complete.

» Link to this article: http://www.osyunwei.com/archives/651.html