Deploying FTP services based on VSFTPD (Centos/rhel)

First, VSFTP installation

VSFTD is usually installed automatically on CentOS and can be installed using the following steps if not installed

[[email protected] yum.repos.d]# yum install vsftpd[[email protected] ~]#  chkconfig vsftpd on[[email protected] ~]# service vsftpd start#  Empty iptables, and close iptables and selinux[[email protected] ~]# iptables -f                              #  empty iptables rules [[Email protected] ~]# iptables -l  -nvChain INPUT  (policy accept 40 packets, 3328 bytes)  pkts  bytes target     prot opt in     out      source                destination         Chain FORWARD  (Policy  accept 0 p ackets, 0 bytes)  pkts bytes target     prot opt  in     out     source                destination          Chain OUTPUT  (policy accept 25 packets, 3208 bytes)  pkts  bytes target     prot opt in     out      source                destination[[email protected] ~]# service iptables stop                   #  Shutting down the firewall iptables: setting chains to policy accept: filter          &nBsp [  ok  ]iptables: flushing firewall rules:                           [  OK  ]iptables: Unloading modules:                                 [  ok  ][[email protected] ~]#  chkconfig iptables off                   #  set iptables on without booting #  off selinux[[email protected] ~]#  sed -i  ' s/selinux=enforcing/selinux=disabled/g '  /etc/sysconfig/selinux[[email  Protected] ~]# shutdown -r now

Ii. anonymous/System User Configuration test

[[email protected] ~]# useradd-s/sbin/nologin shaw[[email protected] ~]# passwd Shaw

By default, VSFTP is installed, anonymous users (downloadable only) , and system users (full access) can access

Because the system user is logged in to FTP, that is, in their home directory, all have full permissions

Change the System account FTP home directory, the user speed limit

[[email protected] ~]# vim/etc/vsftpd/vsftpd.conf local_root=/var/ftp/pub # Change System user home directory local_max_rate=10 24000 # System User speed limit 1MB (upload and download) [[email protected] ~]# service vsftpd restart[[email protected] ~]# chmod o+w /var/ftp/pub # Plus permissions, can be uploaded and deleted (FTP permissions, shared control by dir permission and FTP permissions)

At this time the system user login FTP, in the '/var/ftp/pub ' directory, what permissions are required, manually add

Three, vsftpd virtual User Configuration test

1. Edit the configuration file vi/etc/vsftpd/vsftpd.conf

[[email protected] ~]# touch /var/log/vsftpd.log            #  Create a vsftp log file [[email protected] ~]# vim /etc/vsftpd/ vsftpd.confanonymous_enable=no                                   #设定不允许匿名访问local_enable =yes                                      #设定本地用户可以访问chroot_list_enable =yes                                #使用户不能离开主目录xferlog_file =/var/log/vsftpd.log                     #设定vsftpd的服务日志pam_service_name =vsftpd                               #PAM "Certified file" name, PAM will be certified according to/ETC/PAM.D/VSFTPD # vsftpd Virtual user Support service configuration, These settings are not included in the default vsftpd.conf and need to be manually added yourself guest_enable=yes                                      #设定启用虚拟用户功能. guest_username=ftp                                  # Specifies the host user for the virtual user. The system already has a built-in "ftp" User user_config_dir=/etc/vsftpd/vuser_conf               #设定虚拟用户个人vsftp的配置文件存放路径. Store the personalization profile name of the virtual user with the same name as the virtual user

2. Create a chroot_list to join the user FTP

[[email protected] ~]# Touch/etc/vsftpd/chroot_list[[email protected] ~]# echo FTP >>/etc/vsftpd/chroot_list

3. Configure the Virtual user authentication

Installing the Berkeley DB Tool, the problem with db_load not found at the back is the reason why this package is not installed

[email protected] ~]# Yum install DB4 db4-utils

Create a user password file vuser_passwd.txt

[[email protected] ~]# Vi/etc/vsftpd/vuser_passwd.txt # #注意奇数行是用户名, even lines are passwords ftpuserq.123456

Generate a DB file for virtual user authentication

[Email protected] ~]# db_load-t-t hash-f/etc/vsftpd/vuser_passwd.txt/etc/vsftpd/vuser_passwd.db

Edit the authentication file/etc/pam.d/vsftpd, comment out the original statement, and add the following two lines

[[email protected] ~]# vi /etc/pam.d/vsftpd#%pam-1.0#session     optional     pam_keyinit.so    force revoke#auth        required    pam_listfile.so item=user sense=deny  file=/etc/vsftpd/ftpusers onerr=succeed#auth       required     pam_shells.so#auth       include      password-auth#account    include     password-auth# session    required     pam_loginuid.so#session     include     password-authauth    required         pam_userdb.so   db=/etc/vsftpd/vuser_passwdaccount required         pam_userdb.so   db=/etc/vsftpd/vuser_passwd 

[[email protected] ~]# mkdir / etc/vsftpd/vuser_conf[[email protected] ~]# vi /etc/vsftpd/vuser_conf/ftpuser    #  configuration file name and user name are the same, each line configuration Finally, can not have spaces, or start the Times wrong local_root=/var/ftp/pub          #  virtual user's root directory (based on actual modification) write_enable=yes #  writable anon_umask=022 #  mask anon_max_rate= 1024000                    #  Speed Limit 1mbanon_world_readable_only=no anon_upload_enable=yes anon_mkdir_write_enable= yesanon_other_write_enable=yes[[email protected] ~]# mkdir /var/ftp/ftpuser             #  Create a directory for the newly created user [[email protected] ~]#  chown -R ftp /var/ftp/ftpuser     #  Set directory Permissions 

4. Restart the VSFTP service

[Email protected] ~]# service vsftpd restart

Deploying FTP services based on VSFTPD (Centos/rhel)