Install and configure vsFTP in CentOS
The customer company wants to set up two FTP servers for the branch offices in two locations, but the two servers are old, one HP rjg5 and one HP 380 G4, so they planned to use linux, and they didn't say what version they used, so I planned to use CentOS6.2. In fact, the installation and configuration of vsFTP are very simple, and there are a lot of problems online, but I should record it in detail.
Environment: CentOS6.0 + vsFTP. 2.2-6. el6_2.1
Step 1: Install vsftp pam db4
Yum install vsftpd pam * db4 *-y
========================================================== ========================================================== ==========
Installed:
Db4-cxx.i686 0: 4. 7.25-16. el6 db4-devel.i686 0: 4. 7.25-16. el6 db4-devel-static.i686 0: 4. 7.25-16. el6 db4-java.i686 0: 4. 7.25-16. el6
Db4-tcl.i686. 7.25-16. el6 pam-devel.i686. 1.1-10. el6 pam_ldap.i686 0: 185-11.el6 pam_pkcs11.i686. 6.2-11.1.el6
Pam_ssh_agent_auth.i686. 9-70.el6_2.2 vsftpd. i686. 2.2-6. el6_2.1
Dependency Installed:
Pcsc-lite-libs.i686 0: 1. 5.2-6. el6
========================================================== ========================================================== ==========
Configure system services and firewalls through setup, and then reboot the system
Or use the command to configure vsftp as a system service.
Chkconfig -- level 35 vsftpd on
Step 2: configure the host of the vsftpd service
# Useradd vsftpdadmin-s/sbin/nologin
This vsftpdadmin is only used to replace the root user and does not need to be logged on.
Step 3: Create an ftp virtual host account
# Useradd ftpuser-s/sbin/nologin
This ftpuser only has virtual account hosts and does not need to be logged on.
Step 4: Configure vsftpd. conf
Back up the configuration before changing it
Vim/etc/vsftpd. conf
The red font below is changed to the blue font. The Purple font is the original configuration.
Anonymous_enable = YES --> anonymous_enable = NO // anonymous users are not allowed to access the service. The default value is allow.
# Chroot_list_enable = YES --> chroot_list_enable = YES // FTP users are not allowed to leave their home directories, which are commented out by default.
# Chroot_list_file =/etc/vsftpd/chroot_list --> chroot_list_file =/etc/vsftpd/chroot_list // If chroot_list_enable = YES is enabled, this must be enabled, this is the location where the login user can only be locked in the home directory. If the user login is not enabled, the error 500 OOPS will be reported.
Note:/etc/vsftp/chroot_list itself does not exist. In this case, create vim/etc/vsftp/chroot_list, input one line to the account, and save it.
Local_enable = YES // allow access by local users. The default value is YES.
Write_enable = YES // write allowed. The default value is YES.
Local_umask = 022 // permission mask of the uploaded file.
Dirmessage_enable = YES // enable the directory. The default value is YES. It doesn't matter if it is not enabled. I will do it by default.
Xferlog_enable = YES // enable log. The default value is YES.
Connect_from_port_20 = YES // set the connection Port 20
Xferlog_std_format = YES // set the path for saving vsftpd service logs.
(Several operations are required after this step to run, that is, the touch file (see step 5), because it does not exist and the permission to write to the file is also required)
# Idle_session_timeout = 600 --> idle_session_timeout = 600 // The session times out. The client connects to the ftp but is not operated. It is commented out by default and can be modified as needed.
# Async_abor_enable = YES --> async_abor_enable = YES // support for asynchronous transmission. It is commented out by default. Remove the comment.
# Ascii_upload_enable = YES --> ascii_upload_enable = YES // supports the download feature in ASCII mode. By default, it is commented out. Remove the annotation.
# Ascii_download_enable = YES --> ascii_download_enable = YES // supports the upload function in ASCII mode. By default, this function is commented out.
# Ftpd_banner = Welcome to blah FTP service // The FTP logon Welcome message, which is commented out and can be omitted
# Chroot_local_user = YES --> chroot_local_user = YES // disable local users from logging out of their FTP home directories. The local users are commented out and commented out.
Pam_service_name = vsftpd // set the authentication configuration file name for vsftpdd In the pam service.
Userlist_enable = YES // reject the logon username list. Do not change
TCP_wrappers = YES // restrict the access of the host to the VSFTP server. You do not need to change it (configured through the/etc/hosts. deny and/etc/hosts. allow files)
Add
Guest_enable = YES // set to enable the virtual user function.
Guest_username = ftpuser // specify the host user of the virtual user.
Virtual_use_local_privs = YES // sets the permissions of virtual users to conform to their host users.
User_config_dir =/etc/vsftpd/vconf // set the path for storing the configuration file of the virtual user's personal Vsftp
Step 5: Create a log file
# Touch/var/log/vsftpd. log // log File
# Chown vsftpdadmin. vsftpdadmin/var/log/vsftpd. log // belongs to the vsftpdadmin host.
Step 6: create a virtual User File
# Mkdir/etc/vsftpd/vconf/
# Touch/etc/vsftpd/vconf/vir_user
Step 7: create a virtual user
# Vim/etc/vsftpd/vconf/vir_user
Virtualuser // User Name
12345678 // Password
Note: The first line is the user name, the second line is the password of the user name in the previous line, and so on.
Step 8: generate a database
# Db_load-T-t hash-f/etc/vsftpd/vconf/vir_user/etc/vsftpd/vconf/vir_user.db
Step 9: Set Database File Access Permissions
# Chmod 600/etc/vsftpd/vconf/vir_user.db
# Chmod 600/etc/vsftpd/vconf/vir_user
Step 10: Modify/etc/pam. d/vsftpd content
Echo "auth required pam_userdb.so db =/etc/vsftpd/vconf/vir_user" & gt;/etc/pam. d/vsftpd
Echo "account required pam_userdb.so db =/etc/vsftpd/vconf/vir_user" & gt;/etc/pam. d/vsftpd
Step 10: create a user's configuration file
Note: The user configuration file name must correspond to the created "virtual user" name.
# Touch/etc/vsftpd/vconf/virtualuser
# Vim/etc/vsftpd/vconf/virtualuser
Input:
Local_root =/home/virtualuser // path of the virtual user's personal directory
Anonymous_enable = NO
Write_enable = YES
Local_umask = 022
Anon_upload_enable = NO
Anon_mkdir_write_enable = NO
Idle_session_timeout = 600
Data _ connection_timeout = 120
Max_clients = 10
Max_per_ip = 5
Local_max_rate = 1048576 // The maximum transmission speed of the local user. The unit is Byts/s and I set it to 10 MB.
Step 2: create a virtual user directory
If you do not create a personal directory for a virtual user, all the directories in which the virtual user logs on are under the same directory.
# Mkdir/home/virtualuser
# Chown ftpuser. ftpuser./virtualuser
# Chmod 600/home/virtualuser
The configuration is complete. If you want to add new users, you only need to follow the steps 7 and 10 above.
Problems encountered
In fact, there are not many problems this time.
1,450: An error occurred while reading the directory list.
After the first vsftp is configured (the preceding configuration is used), the second vsftp is used in the same process. After the configuration is complete, the client and the browser cannot log on to the system and report the following error:
450: An error occurred while reading the directory list.
Ls is correct only when ftp 192.168.88.30 is used at the command prompt and Termin.
Compared with the previous configuration, each step is correct, but it is difficult to solve the PASV problem, so I added pasv_enable = NO to vsftpd. conf, and then ...... No, everything is normal.
2. Chinese garbled characters
This is a common problem. It seems that there has been no good solution, and i18n has been proposed on the Internet. However, the customer does not need to change the i18n. Their company mainly uses English documents, I am also saving trouble, but I should record it as a problem.
3. 500 OOPS: cannot change directory:/home/pmfile
After the user is created, the logon error is reported. At first, I thought it was a problem with selinux. Later, I thought it was wrong. Other accounts are okay. I'm sure selinux has been disabled just now. This is a permission problem, I forgot to grant the permission to the virtual ftp HOST: chown-R ftpuser. ftpuser/home/publicfile
4. Error 530: Login incorrect.
This is a funny question for me. I can use my own client (FileZilla) to log on to the second vsftp service, but the client cannot log on with his own client, the same software is used. The difference is that I use Ubuntu and I use win7, but at the command prompt of win7, he can also log on to and use ls, which is not a permission issue, no pam problem. I tried both of them and found that the client entered a wrong password on the terminal. Before that, I repeatedly asked him if he had entered the wrong password, he certainly said no. the result ......
5. Unable to log on to the Internet. Error 550. Error: failed to read directory list
This problem is very scratching your head. After completing the second server, let the customer log on from the Intranet first. Everything is normal, and it will appear when logging on from the Internet."550 Permission denied." "error: Connection timeout" "error: failed to read the Directory List". What is the difficulty?
I tried to test all PASV and permission changes (I really don't want to do this step. If the logon user has a permission problem, I cannot log on to the Intranet ), finally, let the customer's network management take me to check their router configuration, and I found that their intranet ing did not open the TCP20 port. After opening the network, it will be OK.