Install vsftpd and configure virtual users in CentOS6.4

To use the FPT service in LINUX, you must learn how to configure and install vsftpd. vsftpd is a well-known FTP server in Linux. of course, this is the first choice to build an FTP server. This article describes how to install vsftpd in CentOS6.4 and configure a virtual user to log on to FTP. CentOSVSFTP

1. install vsftpd

Check whether vsftpd has been installed

Copy codeThe code is as follows:
Rpm-qa | grep vsftpd

If not, install and set the startup

Copy codeThe code is as follows:
Yum-y install vsftpd
Chkconfig vsftpd on

II. Virtual User-based configuration
Virtual users do not use real accounts, but only map to real accounts and set permissions. A virtual user cannot log on to the CentOS system.

Modify configuration file
Open/etc/vsftpd. conf and configure as follows:

Copy codeThe code is as follows:
Anonymous_enable = NO // set that anonymous access is not allowed
Local_enable = YES // set that the local user can access. Note: if a virtual host user is used, all virtual users cannot access the project if the project is set to NO.
Chroot_list_enable = YES // prevents the user from leaving the main directory
Ascii_upload_enable = YES
Ascii_download_enable = YES // sets the support for uploading and downloading in ASCII mode.
Pam_service_name = vsftpd // PAM authentication file name. PAM will be authenticated according to/etc/pam. d/vsftpd

The following are important configurations supported by vsftpd virtual users. by default, vsftpd. conf does not contain these Configuration Items. you must manually add

Copy codeThe code is as follows:
Guest_enable = YES // Set to enable the virtual user function
Guest_username = ftp // specifies the host user of the virtual user. CentOS already has the built-in ftp user.
User_config_dir =/etc/vsftpd/vuser_conf // set the path for storing the CentOS FTP service file of the virtual user's personal vsftp. CentOS FTP service file that stores Virtual User Personality (configuration file name = Virtual User name

Perform authentication
First, install the Berkeley DB Tool. many people cannot find db_load. The problem is that this package is not installed.

Copy codeThe code is as follows:
Yum install db4 db4-utils

Then, create the user password text/etc/vsftpd/vuser_passwd.txt, note that the odd line is the user name, even the line is the password

Copy codeThe code is as follows:
Test
123456

Then, generate the database file for Virtual User Authentication

Copy codeThe code is as follows:
Db_load-T-t hash-f/etc/vsftpd/vuser_passwd.txt/etc/vsftpd/vuser_passwd.db

Then, edit the authentication file/etc/pam. d/vsftpd, comment out all the original statements, and add the following two sentences:

Copy codeThe code is as follows:
Auth required pam_userdb.so db =/etc/vsftpd/vuser_passwd
Account required pam_userdb.so db =/etc/vsftpd/vuser_passwd

Finally, create a virtual user configuration file

Copy codeThe code is as follows:
Mkdir/etc/vsftpd/vuser_conf/
Vi/etc/vsftpd/vuser_conf/test // the file name is equal to the account name in vuser_passwd.txt; otherwise, the following settings are invalid.

The content is as follows:

Copy codeThe code is as follows:
Local_root =/ftp/www // Virtual User root directory, which can be modified as needed
Write_enable = YES // writable
Anon_umask = 022 // mask
Anon_world_readable_only = NO
Anon_upload_enable = YES
Anon_mkdir_write_enable = YES
Anon_other_write_enable = YES

Set Selinux

Copy codeThe code is as follows:
Setsebool-P ftp_home_dir = 1 // you can set the home directory for ftp.
Sersebool-P allow_ftpd_full_access = 1 // you can set all permissions for ftp users.

Set FTP root directory permissions

Copy codeThe code is as follows:
Mkdir/ftp/www // create a directory
Chmod R 755/ftp
Chmod R 777/ftp/www

The latest vsftpd requires no write permission for the main directory, so ftp is 755, and the sub-directories under the main directory are set with the 777 permission.

Set firewall
Open/etc/sysconfig/iptables
In "-a input-m state -- state NEW-m tcp-p-dport 22-j ACCEPT", add:

Copy codeThe code is as follows:
-A input m state -- state NEW m tcp p dport 21 j ACCEPT

Save and close the file. run the following command in the terminal to refresh the firewall configuration:

Copy codeThe code is as follows:
Service iptables restart

OK. run "service vsftpd start" to access your FTP server.

Configure PASV mode
PASV mode is not enabled by default in vsftpd. Currently, FTP can only be connected in PORT mode. to enable PASV, you must use the following configuration.
Open/etc/vsftpd. conf and add

Copy codeThe code is as follows:
Pasv_enable = YES // enable PASV mode
Pasv_min_port = 40000 // minimum port number
Pasv_max_port = 40080 // maximum port number
Pasv_promiscuous = YES

Enable ports 40000 to 40080 in the firewall configuration

Copy codeThe code is as follows:
-A input m state -- state NEW m tcp p dport 40000: 40080 j ACCEPT

Restart iptabls and vsftpd

Copy codeThe code is as follows:
Service iptables restart
Service vsftpd restart

Now you can connect to your FTP server in PASV mode ~