Install and configure a VSFTP server in Linux

However, even if you change the/var/ftp attribute to ftp, you will find that you cannot log on to the vsftp server again.

1. install the vsftpd package# Yum-y install vsftpd db4 db4-utils
Disable SELinux and iptables firewall after installation.

2. start the vsfptd server# Service vsftpd start
Now you can log on with an anonymous user. The default anonymous user is 'ftp 'and the password is blank. The root directory is '/var/ftp'
Currently, anonymous users can only download files from the server without permissions such as transferring files and creating folders.

3. vsftpd configuration (/etc/vsftpd. conf)

A: allows anonymous users to upload and download files to create folders.

Anon_upload_enable = YES # set the permission for anonymous users to transfer files
Anon_mkdir_write_enable = YES # set permissions for creating folders and files for anonymous users
Anon_other_write_enable = YES # set anonymous users to have permissions such as renaming and deletion.
Restart the vsftpd service after the above Backup settings are modified.

After logging on to the vsftp server, you still cannot transfer files. this is because the directory of/var/ftp belongs to root.
However, even if you change the/var/ftp attribute to ftp, you will find that you cannot log on to the vsftp server again.
So we can change the folder in ftp to take effect.
# Chown ftp/var/ftp/pub

After completing the preceding steps, you can log on to and upload and download images and create and delete folders anonymously.

B: allows local users to upload and download files to create folders. First, we need to create a local user, because vsftpd does not allow users with advanced permissions, such as root, to ensure security by default.
Which users can view the object (/etc/vsftpd/ftpusers)

# Useradd-s/sbin/nologin micxp # Here-s/sbin/nologin is used to prevent the user from logging on to the system.
# Passwd micxp # set the password to 123 for the micxp user
Changing password for user micxp.
New password: 123
Bad password: it is WAY too short
Bad password: is too simple
Retype new password: 123
Passwd: all authentication tokens updated successfully.

Now, you can log on to the ftp server by using the default settings in vspftd. conf. And there are also transfers and downloads
Delete and create folders. However, you can switch this user to the root directory of the system. This is not installed,
Therefore, we need to set the configuration file to restrict local users to their home directories. That is,/home/micxp

Chroot_local_user = YES # enable to restrict all local users to their home directories (the following settings will be invalid)

To limit some users to set the above configuration to NO and enable the following two.
Chroot_list_enable = YES # enable this function to restrict users to the home directory. The user to be restricted must be written to the following chroot_list file.
# (Default follows)
Chroot_list_file =/etc/vsftpd/chroot_list # this pair is used with chroot_list_enable.

Now, I have basically completed the configuration for the local user. The following sections describe how to set the speed limit and the number of client connections.

The following describes how to control whether a local user can log on to the configuration.
Method 1
Userlist_enable = YES
Userlist_deny = YES # log on to the/etc/vsftpd/user_list file.
Method 2
Userlist_enable = YES
Userlist_deny = NO # you can log on to the/etc/vsftpd/user_list file

Note: "/etc/vsftpd/user_list" exists by default. users in the File "/etc/vsftpd/ftpusers" are prohibited from logging on.

C: allows virtual users to upload and download files to create folders.

First, create a text file for the virtual user password, in the format of singular behavior username, even behavior password
As follows:
Vi/etc/vsftpd/vuser.txt
Enter the following content
Vmicxp # virtual start name
456 # User password

Save and use db_load to generate the user password library file. As follows:
# Db_load-T-t hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser. db
# Chmod 600/etc/vsftpd/vuser. db # set it to read-only for security purposes.

Edit/etc/vsftpd. conf to check whether pam_service_name = vsftpd is enabled. If not.

Pam_service_name = vsftpd
Guest_enable = YES # enable virtual user
Guest_username = vsftp # Local user mapped by the Virtual User

Now, create this "vsftp" user.
# Useradd vsftp
The above vsftpd is in the/etc/pam. d/vsftpd file. open this file and comment out all the content with. And add the following two lines.

Auth required pam_userdb.so db =/etc/vsftpd/vuser
Account required pam_userdb.so db =/etc/vsftpd/vuser

Note that you do not need to add ". db" to the vuser file mentioned in the db above. Otherwise, you will not be able to log on.

Now, you can use the vmicxp user to log on to the vsftp server, but you will find that you can log on but cannot see anything. Because the default permission for virtual use is anonymous, you need to set "virtual_use_local_privs = YES" in the main configuration file so that the virtual user has the same permissions as the local user.

Virtual_use_local_privs.

When virtual_use_local_privs = YES, the virtual user and the local user have the same permissions;
When virtual_use_local_privs = NO, the virtual user and anonymous user have the same permissions. the default value is NO.
 
When virtual_use_local_privs = YES and write_enable = YES, the virtual user has the write permission (upload, download, delete, and rename ).
 
When virtual_use_local_privs = NO, write_enable = YES, anon_world_readable_only = YES,
When anon_upload_enable = YES, a virtual user cannot browse directories, but can only upload files without other permissions.
 
When virtual_use_local_privs = NO, write_enable = YES, anon_world_readable_only = NO,
When anon_upload_enable = NO, a virtual user can only download files and has NO other permissions.
 
When virtual_use_local_privs = NO, write_enable = YES, anon_world_readable_only = NO,
When anon_upload_enable = YES, a virtual user can only upload and download files without other permissions.
 
When virtual_use_local_privs = NO, write_enable = YES, anon_world_readable_only = NO,
When anon_mkdir_write_enable = YES, a virtual user can only download files and create folders without other permissions.
 
When virtual_use_local_privs = NO, write_enable = YES, anon_world_readable_only = NO,
When anon_other_write_enable = YES, a virtual user can only download, delete, and rename files, and has no other permissions.

Note that you can also use user_config_dir =/etc/vsftpd/vsftpd_user_conf to set a unique permission for each virtual user.

# Mkdir/etc/vsftpd/vsftpd_user_conf
# Vi/etc/vsftpd/vsftpd_user_conf/vmicxp # the file name of vmicxp corresponds to each of your virtual users.

# For example, set the home directory for this user.

Local_root =/home/vmicxp

Now the virtual user settings have been completed.