Newbie School: Vsftp configuration in Linux

Article Title: newbie School: Vsftp configuration in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Reinstall and configure virtual users in vsftp in Linux

Reinstall and configure virtual users

The following operations are performed under the root user:

# Tar zxvf vsftpd-2.0.5.tar.gz -- Extract

# Cd vsftpd-2.0.5.tar.gz --after decompression into the vsftpd-2.0.5.tar.gz directory

# Mkdir/usr/share/empty/-- the default VSFTPD setting requires an empty directory:/usr/share/empty

# Mkdir/var/ftp/-- if anonymous users (anonymous) are allowed, you will need an "ftp" user and its home directory (this home directory does not belong to the "ftp" user, and "ftp" users do not have the write permission) in your system.

# Adduser and press enter to add two users "nobody" and "ftp" according to the program instructions. 'nobody' generally exists. If the user already exists when the user is added, you don't need to add it. When 'ftp 'is set, the home directory is located in/var/ftp

# Chmod 755/var/ftp -- set the/var/ftp directory permission to drwxr-xr-x

# Make

# Make install

# Cp vsftpd. conf/etc -- "make install" won't copy the default configuration file, so you can copy it manually. Different system locations may be different. If you have a/etc/vsftp directory, copy it to/etc/vsftp.

Installation is complete.

Test:

Edit/etc/vsftpd. conf and add the following line at the bottom:

Listen = YES

Make sure you have not run other FTP services (otherwise, VSFTPD cannot occupy port 21 required by FTP ).

#/Usr/local/sbin/vsftpd &

[1] 306

If everything works, you will be connected to the FTP server.

# Ftp localhost

Connected to localhost (127.0.0.1 ).

220 (vsFTPd 2.0.1)

Name: ftp

331 Please specify the password.

Password:

230 Login successful. Have fun.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

Running Mode:

VSFTPD can run in standalone or start with inetd.

Standalone is the method used in the previous test. Add "listen = YES" to vsftpd. conf"

Start with xinetd service

Please go to/etc/xinetd. d/vsftpd

Service ftp

{

Socket_type = stream

Wait = no

User = root

Server =/usr/local/sbin/vsftpd

# Server_args =

# Log_on_success + = DURATION USERID

# Log_on_failure + = USERID

Nice = 10

Disable = no

}

Configure vsftp

Modify/etc/vsftpd. conf,

Vsftpd. conf is relatively simple and many options are not listed. For details, refer to another article in the blog.

Several frequently-used but not listed in vsftpd. conf are as follows:

The maximum number of connections supported by vsFTP is 100. Each IP Address can support up to five connections. Therefore, we should add the following two lines in vsftpd. conf:

Max_clients = 100

Max_per_ip = 5

Anon_max_rate = number -- this is an anonymous download speed

Local_max_rate = number -- this is the download speed of common users on the vsFTP server.

Note: The unit of this number is byte, so we need to calculate it. For example, if I want anonymous users and users on vsFTP to download data in 1024 kb, this number should be 100x102400 =. Therefore, we need to add the following two lines in vsftpd. conf:

Anon_max_rate = 102400

Local_max_rate = 102400

Directory description:

In the vsftpd. cof file, there is dirmessage_enable = YES, and then create a file ". message" in the directory and write the description about the directory in the file.

Configure vsftp virtual users

1. Generate a virtual user password library file. To create a password library file, you must first generate a text file. The file format is as follows: singular behavior username, even behavior password:

# Vi account.txt

Ylg

1234

Zhanghong

4321

Gou

5678

2. Generate a password library file and modify its permissions:

# Db_load-T-t hash-f./account.txt/etc/account. db

# Chmod 600/etc/account. db

3. Create a virtual user's PAM file. Add the following two lines:

# Vi/etc/pam. d/vsftp. vu

Auth required/lib/security/pam_userdb.so db =/etc/account

Account required/lib/security/pam_userdb.so db =/etc/account

4. Create a virtual user, set the directory to be accessed by the user, and set the virtual user access permissions:

# Useradd-d/ftpsite virtual_user

# Chmod 700/ftpsite

After this step,/ftpsite is the home directory of the virtual_user user, which is also the owner of the/ftpsite directory. Except the root user, only the user has the permission to read, write, and execute the directory.

5. Generate a test file. First switch to the virtual_user user identity, and then create a file in the/ftpsite directory:

# Su-virtual_user

$ Vi/ftpsite/mytest

This is a test file.

$ Su-root

6. Edit the/etc/vsftpd. conf file so that the content of the entire file is as follows (the comment is removed ):

Anonymous_enable = NO

Local_enable = YES

Local_umask = 022

Xferlog_enable = YES

Connect_from_port_20 = YES

Xferlog_std_format = YES

Listen = YES

Write_enable = YES

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

One_process_model = NO

Chroot_local_user = YES

Ftpd_banner = Welcom to my FTP server.

Anon_world_readable_only = NO

Guest_enable = YES

Guest_username = virtual_user

Pam_service_name = vsftp. vu

In the code above, guest_enable = YES indicates that a virtual user is enabled; guest_username = virtual indicates that a virtual user is mapped to a local user, so that the virtual user can log on to the local user's virtual directory/ftpsite; pam_service_name = vsftp. the configuration file of PAM specified by vu is vsftp. vu.