Establish a virtual user based vsftpd service _linux Shell

The last article introduced the Linux to build the FTP server method, said the basic configuration of vsftpd, that is, anonymous and local, this time to configure the virtual user to use VSFTPD, the following is the specific steps:

First, establish the virtual user password file

You can use the VI command to create a user password file, which is a text file, where the odd behavior user, even the user password, the file name can be arbitrary, such as I created a file named Login.txt in the contents of:

A
abc123~
B
abc123~

Where A and B are users, abc123~ is the user's password.

Second, generate VSFTPD password Authentication file

After the virtual user password file is established, the next step is to use the Db_load command to create the password authentication file, which, by default, is not installed in the system, which is in the Db4_utils software package.

liwei@linux# Rpm-qa |grep Db4-utils

liwei@linux# rpm-vih/media/server/db4-utils-version number. rpm

After installing this software, you can use the db_load command to generate password authentication files, as follows:

liwei@linux# db_load-t-T hash-f login.txt/etc/vsftpd/vsftpuser.db

Through the above command in the/etc/vsftpd/directory to create a vsftpuser.db password Authentication file, the creation of good for security, we modify the permissions for it:

liwei@linux# chmod 600/etc/vsftpd/vsftpuser.db

Third, the creation of a virtual user required Pam configuration file

After generating the VSFTPD password Authentication file, create a new file under/etc/pam.d/and edit add two records:

liwei@linux# VI/ETC/PAM.D/VSFTPD.V

Auth required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpuser

Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpuser

Save exit after editing.

Iv. set up the directories needed for virtual user access

Once you have created the PAM profile you need for a virtual user, it's up to you to create a virtual user's work environment, which is used to map all virtual users, as follows:

liwei@linux# useradd-s/sbin/nologin Virtual//This step can use-D to specify a specific directory

liwei@linux# chmod 700/home/virtual

V. Modify the vsftpd.conf configuration file

Once you have established a directory for virtual users to access, you can modify the vsftpd.conf master configuration file. Add the following options to the configuration file:

Anonymous_enable=no
Local_enable=yes
Write_enable=yes
Anon_upload_enable=no
Anon_mkidr_write_enable=no
Anon_other_write_enable=no
Chroot_local_user=yes
Pam_service_name=vsftpd.v
Guest_enable=yes
Guest_username=virtual
user_config_dir=/etc/vsftpd/vsftpuser_conf//Create a separate profile for the virtual user, optionally

After the configuration file has been modified, create a separate profile directory for the virtual user, and then add a profile for the user:

liwei@linux# mkdir/etc/vsftpd/vsftpuser_conf
liwei@linux# mkdir/home/virtual/a
liwei@linux# Chown virtual:virtual/home/virtual/a
liwei@linux# vi/etc/vsftpd/vsftpusr_conf/a

Add a separate configuration option for a virtual user in this file:

local_root=/home/virtual/a
Anon_world_readable_only=no
Write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_wirte_enable=yes

Save exit

Use the command service vsftpd restart Restart the service.

Create the configuration files and directories for virtual User B in the same way.

Six, after these steps, the whole experiment is OK, to the test time, to Windows or Linux clients to see if you can use virtual users A and B to access this FTP server.

The errors that often occur are:

1.530 login Incorrect//login denied

This error is caused by the absence of a vsftpd Pam file in the system, please check the Pam file if this error occurs

2.500 oops:cannot Change Directory: Directory

Login failed

The error is that the directory name specified in your profile is incorrect, please check the directory to resolve the problem.

3. There is also a 550 error, the general reason is due to the permissions of the directory problem caused by the check directory permissions should be able to exclude.

All right, that's all, I'll add it later!