In CentOS6.3, vsftpd shares virtual user files through pam Authentication.
The full name of FTP is File Transfer Protocol (File Transfer Protocol), which is specially used to Transfer files. it works on the Seventh Layer of the OSI model, that is, the application layer, using TCP transmission instead of UDP. in this way, the FTP client and the server need to go through a "three-way handshake" process before establishing a connection. another important feature of the FTP service is that it can be independent from the platform.
There are many FTP services in Linux, including vsftpd, Wu-ftpd, and Proftp. In Red Hat Enterprise Linux, vsftpd is installed by default.
Generally, access to the FTP server requires verification. Only after verification is performed on the FTP server can users access and transmit files. vsftpd provides three ftp logon modes:
(1) anonymous (anonymous account)
Anonymous is a widely used FTP server. if you do not have an account on the FTP server, you can use anonymous as the username and your email address as the password to log on. after an anonymous user logs on to the FTP server, the logon directory is/var/FTP. to reduce the load on the FTP server, the upload function of an anonymous account should be disabled.
(2) real (real account)
Real, also known as a local account, is used to log on with a real user name and password, provided that the user has his/her own account on the FTP server. after you log on with a real account, the user's directory is used to log on. This directory is automatically created when the system creates an account.
(3) guest (virtual account)
If you have an account on the FTP server, but this account can only be used for file transfer services, this account is guest, and guest is a form of real accounts. The difference between them is that, after logging on to the FTP server, geust cannot access contents other than the home directory.
The following describes in detail.
Next we will start to implement the vsftpd virtual user function:
1. Install the vsftpd program in yum:
[Root @ master ~] # Yum install vsftpd-y
2. modify the configuration file
Backup and modify the configuration file
[Root @ master ~] # Cd/etc/vsftpd
[Root @ master vsftpd] # ll
Total 28
-Rw -------. 1 root 125 Oct 18 07:54 ftpusers
-Rw -------. 1 root 361 Oct 18 07:54 user_list
-Rw -------. 1 root 4599 Oct 18 07:54 vsftpd. conf
-Rw -------. 1 root 4599 Jan 6 10:53 vsftpd. conf. bak
-Rwxr -- r --. 1 root 338 Oct 18 07:54 vsftpd_conf_migrate.sh
[Root @ master vsftpd] # cp vsftpd. conf {,. bak}
[Root @ master vsftpd] # cat vsftpd. conf | grep "^ [^ #]"
Anonymous_enable = NO // whether to allow anonymous to log on to the FTP server, which is allowed by default.
Local_enable = YES // whether to allow local users to log on to the FTP server. The default value is YES
Write_enable = YES // whether to allow users to execute write operations in FTP server files. By default
Anon_umask = 022 // sets the virtual user's file generation mask to 022, and the default value is 077.
Dirmessage_enable = YES // activates the directory information. When a remote user changes the directory, a prompt is displayed.
Xferlog_enable = YES // enable the log upload and download Functions
Connect_from_port_20 = YES // Connection Request for enabling the FTP data port
Xferlog_file =/var/log/vsftpd. log // set the log file name and storage path, which is the default
Xferlog_std_format = YES // whether the standard ftpd xferlog log file format is used
Listen = YES // make vsftpd in independent Startup Mode
User_config_dir =/etc/vsftpd/vuser_dir // use the directory of the virtual user configuration file
Pam_service_name =/etc/pam. d/ftp. vu // set the name of the configuration file for the PAM Authentication Service, which is stored in the/etc/pam. d/directory.
Userlist_enable = NO // whether the user in the user list is allowed to log on to the FTP server. By default
Chroot_list_enable = YES // if you want to log on to a directory other than your own directory, you need to set this item
Tcp_wrappers = YES // use tcp_wrqppers as the host Access Control Method
Guest_enable = YES // whether to enable Guest users (that is, enabling virtual Users)
Guest_username = root // If a virtual user is enabled, upload the file and modify the file User Name
Chown_uploads = YES // whether to enable file upload and change it to the specified owner
Chown_username = root // whether to enable file upload and change it to the specified owner
3. Create two directories under/etc/vsftpd/
Vuser_db # subsequent storage of virtual user configuration files
Vuser_dir # stores virtual User Authentication Files
[Root @ master vsftpd] # mkdir vuser_db vuser_dir
[Root @ master vsftpd] # cd vuser_db/
[Root @ master vuser_db] # ll
Total 20
-Rw-r --. 1 root 69 Jan 5 11: 25 login_vuser
-Rw-r --. 1 root 12288 Jan 5 11: 26 vuser. db
[Root @ master vuser_db] # vim login_vuser
// The following is the account password format of the login_vuser virtual user, which is an odd-number username and a double-number username.
User003
20150105
User004
20150106
User005
20150107
// Generate database files
// Option-T allows the application to load text files into the database. Since the virtual user information is stored in the file as a file, this option must be used to enable the Vsftpd application to load user data through text.
If option-T is specified, follow the sub-option-t.
Suboption-t, appended to the-T option, used to specify the type of the database for translation loading. Extended introduction, the data types that can be specified by-t include Btree, Hash, Queue, and Recon database.
-F: the parameter is followed by a text file containing the user name and password. The file content is: Odd-line user name, even-line Password
[Root @ master vuser_db] # db_load-T-t hash-f/etc/vsftpd/vuser_db/login_vuser/etc/vsftpd/vuser_db/vuser. db
4. Change the pam Authentication Module
[Root @ master vuser_db] # cd/etc/pam. d/
[Root @ master vuser_db] # vim ftp. vu // the file name must be the same as that specified by pam_service_name in the main configuration file
// The Last vuser is vuser. db, but the suffix here does not need to be written.
Auth required/lib64/security/pam_userdb.so db =/etc/vsftpd/vuser_db/vuser
Account required/lib64/security/pam_userdb.so db =/etc/vsftpd/vuser_db/vuser
5. Create a corresponding file for the virtual user
[Root @ master vsftpd] # cd/etc/vsftpd/vuser_dir/
[Root @ master vuser_dir] # ll // login_vuser creates multiple virtual user files for each account
Total 6
-Rw-r --. 1 root 177 Jan 5 17:03 user003
-Rw-r --. 1 root 177 Jan 5 17:09 user004
-Rw-r --. 1 root 177 Jan 5 17:19 user005
[Root @ master vuser_dir] # vim user003
Anon_world_readable_only = NO
Write_enable = YES
Anon_upload_enable = YES
Anon_mkdir_write_enable = YES
Anon_other_write_enable = YES
Local_root =/data/www/test // specifies the directory to which the virtual user has the permission to log on.
Chown_upload_mode = 0777 // permission setting for virtual users to upload files
The configuration is complete. You can start the vsftpd service:
Root @ master vsftpd] # service vsftpd start
Then, you can log on to the windows Server and test it:
OK. The configuration of the vsftpd virtual User Authenticated by pam is fully implemented here, And the FTP login function of the virtual user can be realized.
Four Advanced configurations of vsftpd Server:
VsFTPd configuration Tutorial:
Simple and practical Ubuntu FTP setup
Set up FTP server and Apache server on Ubuntu
Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04
Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform
Install vsftpd source code in Linux
Install and configure the FTP server vsftpd in openSUSE 13.2/13.1
This article permanently updates the link address: