VSFTPD configuration (anonymous--local user--virtual user) _FTP server

1, download VSFTPD.TAR.GZ
Program Download Address: ftp://vsftpd.beasts.org/users/cevans/
2, check and establish the corresponding account and directory
1,nobody Users
[Root@main vsftpd-2.1.0]# cat/etc/passwd |grep Nobody
Nobody:x:99:99:nobody:/:/sbin/nologin
If it does not exist please create a related account.
2,/usr/share/empty directory, if not present please create
3, such as allowing anonymous access, you need to create an FTP user, home directory for/VAR/FTP (general FTP user presence and home directory does not exist)
[Root@main vsftpd-2.1.0]# mkdir/var/ftp/
[Root@main vsftpd-2.1.0]# chown root.root/var/ftp
[Root@main vsftpd-2.1.0]# chmod 755/var/ftp

3, decompression, compilation, installation program (in fact, vsftpd with the source of the installation of RPM and install, but not convenient to compile installation, recommended RPM installation, hehe)
[Root@main ~]# tar xzfv vsftpd-2.1.0.tar.gz
[Root@main ~]# CD vsftpd-2.1.0
[Root@main vsftpd-2.1.0]# make && make install
4, copy the relevant documents
If you are using RPM installation, May and the source code installation of the file path slightly different, such as/etc/vsftpd.conf into the/etc/vsftpd/vsftpd.conf, such changes please find relevant documents.
Primary configuration file
[Root@main vsftpd-2.1.0]# CP vsftpd.conf/etc/vsftpd.conf
Pam file for authentication
[Root@main vsftpd-2.1.0]# CP redhat/vsftpd.pam/etc/pam.d/ftp
5, configure vsftpd.conf
Enable/disable anonymous user access.
Anonymous_enable=yes/no
Allows local users to log on and allow them to upload files.
Local_enable=yes
Write_enable=yes
Lock local user in home directory, not allowed to switch to the previous level directory
Chroot_local_user=yes
Anonymous and local user speed limit (unit byte)
Anon_max_rate= Digital
Local_max_rate= Digital
Prohibit certain users from logging on to the server via FTP. If Local_enable=yes is set, all users, including root, can log on to the server via FTP, and some users need to be restricted for security reasons. There are three options in the vsftpd.conf control:
Userlist_deny=yes/no
Userlist_enalbe=yes
Userlist_file=/etc/vsftpd.user_list
If the user name listed in Userlist_deny=yes,/etc/vsftpd.user_list is not allowed to log on to the FTP server; if Userlist_deny=no,/etc/vsftpd.user_ The user name listed in the list allows you to log on to the FTP server. All we have to do is create a vsftpd.user_list file in the/etc directory, which is a user name that allows you to log on or disallow logins, one line per user.
Prevents users from modifying permissions on files or folders through FTP.
Chmod_enable=no (
Set the Umask value of a file or folder that is uploaded by a local user (default is 077)
local_umask=022
Allows up to 100 client connections at a time
max_clients=100
Allow up to 3 threads per IP address
Max_per_ip=3
Only listens for FTP service requests to access 192.168.0.2 (for native multiple network adapters, multiple IP cases)
listen_address=192.168.0.2
6, after the installation is completed, use the VSFTPD command to start the VSFTPD service. Make sure that the firewall is open to the associated ports and try to log on anonymously, noting that all anonymous users are logged in to the same directory/var/ftp.
We can use Pgrep vsftpd to see if VSFTPD is up and running, we can kill vsftpd process with Pkill vsftpd and turn vsftpd off. Therefore, it is recommended to use the RPM installation, so you can use the service vsftpd Start|stop|restart to control.
[Root@main ~]# pgrep vsftpd
2745
[Root@main ~]# Pkill vsftpd
7, set the pub directory, allowing anonymous users to upload, download files.
Change the configuration file to ensure that these items are available:
Anonymous_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
anon_umask=022
Create a new folder and change the permissions.
[Root@main ~]# Mkdir/var/ftp/pub
[Root@main ~]# chmod 777/var/ftp/pub
Try anonymous upload download, it should be no problem.
8, set up to use local user login FTP server, and set permissions.
Add a user who can only log on to the server from FTP and not log on from the local shell. The following creates a user ftpuser that is not allowed to log on locally
[Root@localhost root]# useradd-g ftp-s/sbin/nologin ftpuser
After creating the account and password, change the profile vsftpd.conf to ensure that the local virtual user has read and write access:
Local_enable=yes
Write_enable=yes
local_umask=022
Try uploading and downloading files with local users. (PS, I do not know why I can not upload the download operation, but I restart the system after the application)
You can also use userlist_deny=yes/no
Userlist_enalbe=yes
Userlist_file=/etc/vsftpd.user_list
These options control the user.
9, try to access the FTP service using a virtual user.
Create a password source file, the file format is the first line of user name, second line password, third line user name, line fourth password ...
[Root@main ~]# Cat Temp_pass.txt
Caocao
Caomengde
Xiaocaocao
Xiaocaomengde
Use the Db_load command to generate the authentication file. I encountered the situation is this machine did not db_load this command, the online search of the answer is missing DB4 rpm package, should be the CD-ROM DB4 the beginning of the RPM package all loaded, I am too troublesome, the use of Yum-y install db4*, installed after the db_load command.
[Root@main ~]# db_load-t-T hash-f temp_pass.txt/etc/vuser.db
Set permissions for the db file and delete the password file.
[Root@main ~]# chmod 600/etc/vuser.db
[Root@main ~]# RM temp_pass.txt
Establish the PAM profile required by the virtual user
[Root@main ~]# Vi/etc/pam.d/ftpuser.vu
#添加如下内容
Auth required/lib/security/pam_userdb.so Db=/etc/vuser
Account Required/lib/security/pam_userdb.so Db=/etc/vuser
To add a new user, consider setting up the user Nologin
[Root@main home]# Useradd vuserftp
Modify the vsftpd.conf configuration file, change it, and add it without.
Guest_enable=yes
Guest_username=vuserftp
Pam_service_name=ftpuser.vu
Restart, now access ftp://caocao@ftp can be used caomengde password access? If there are minor problems during the period, you can consider the following directory permissions issues.
10, trying to assign permissions to virtual users
Modify the VSFTPD configuration file, there are changes, no Add. Create and enter this folder.
user_config_dir=/etc/vuserftp/
[Root@main vuserftp]# mkdir/etc/vuserftp/
[Root@main vuserftp]# cd/etc/vuserftp/
Create a profile for virtual user rights
[Root@main vuserftp]# VI Caocao
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Local_root=/home/vuserftp/caocao
Create a directory for the virtual user and configure permissions.
[Root@localhost ~]# Mkdir/home/vuserftp/caocao
[Root@localhost ~]# chown vuserftp/home/vuserftp/caocao/
11, I also follow this tutorial to review the virtual user logon FTP related process. Show related configuration files and permissions, because it is only experimental, so the configuration is relatively rough. We can optimize and streamline ourselves.
[Root@localhost ~]# ll/home/vuserftp/
Total 4
Drwxr-xr-x 2 root root 4096 Mar 09:47 Caocao
[Root@localhost ~]# grep-v ' # '/etc/vsftpd.conf
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Listen=yes
Guest_enable=yes
Guest_username=vuserftp
Pam_service_name=ftpuser.vu
user_config_dir=/etc/vuserftp/
[Root@localhost ~]# Rpm-qa |grep db4-
Db4-java-4.3.29-9.fc6
Db4-devel-4.3.29-9.fc6
Db4-tcl-4.3.29-9.fc6
Db4-4.3.29-9.fc6
Db4-utils-4.3.29-9.fc6

[Root@localhost ~]# cat/etc/passwd |grep vuserftp
Vuserftp:x:500:500::/home/vuserftp:/bin/bash (can be changed to Nologin)
[Root@localhost ~]# Cat/etc/pam.d/ftpuser.vu
Auth required/lib/security/pam_userdb.so Db=/etc/vuser
Account Required/lib/security/pam_userdb.so Db=/etc/vuser