Article Title: newbie School: Vsftp configuration in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Reinstall and configure virtual users in vsftp in Linux
Reinstall and configure virtual users
The following operations are performed under the root user:
# Tar zxvf vsftpd-2.0.5.tar.gz -- Extract
# Cd vsftpd-2.0.5.tar.gz --after decompression into the vsftpd-2.0.5.tar.gz directory
# Mkdir/usr/share/empty/-- the default VSFTPD setting requires an empty directory:/usr/share/empty
# Mkdir/var/ftp/-- if anonymous users (anonymous) are allowed, you will need an "ftp" user and its home directory (this home directory does not belong to the "ftp" user, and "ftp" users do not have the write permission) in your system.
# Adduser and press enter to add two users "nobody" and "ftp" according to the program instructions. 'nobody' generally exists. If the user already exists when the user is added, you don't need to add it. When 'ftp 'is set, the home directory is located in/var/ftp
# Chmod 755/var/ftp -- set the/var/ftp directory permission to drwxr-xr-x
# Make
# Make install
# Cp vsftpd. conf/etc -- "make install" won't copy the default configuration file, so you can copy it manually. Different system locations may be different. If you have a/etc/vsftp directory, copy it to/etc/vsftp.
Installation is complete.
Test:
Edit/etc/vsftpd. conf and add the following line at the bottom:
Listen = YES
Make sure you have not run other FTP services (otherwise, VSFTPD cannot occupy port 21 required by FTP ).
#/Usr/local/sbin/vsftpd &
[1] 306
If everything works, you will be connected to the FTP server.
# Ftp localhost
Connected to localhost (127.0.0.1 ).
220 (vsFTPd 2.0.1)
Name: ftp
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
Running Mode:
VSFTPD can run in standalone or start with inetd.
Standalone is the method used in the previous test. Add "listen = YES" to vsftpd. conf"
Start with xinetd service
Please go to/etc/xinetd. d/vsftpd
Service ftp
{
Socket_type = stream
Wait = no
User = root
Server =/usr/local/sbin/vsftpd
# Server_args =
# Log_on_success + = DURATION USERID
# Log_on_failure + = USERID
Nice = 10
Disable = no
}
Configure vsftp
Modify/etc/vsftpd. conf,
Vsftpd. conf is relatively simple and many options are not listed. For details, refer to another article in the blog.
Several frequently-used but not listed in vsftpd. conf are as follows:
The maximum number of connections supported by vsFTP is 100. Each IP Address can support up to five connections. Therefore, we should add the following two lines in vsftpd. conf:
Max_clients = 100
Max_per_ip = 5
Anon_max_rate = number -- this is an anonymous download speed
Local_max_rate = number -- this is the download speed of common users on the vsFTP server.
Note: The unit of this number is byte, so we need to calculate it. For example, if I want anonymous users and users on vsFTP to download data in 1024 kb, this number should be 100x102400 =. Therefore, we need to add the following two lines in vsftpd. conf:
Anon_max_rate = 102400
Local_max_rate = 102400
Directory description:
In the vsftpd. cof file, there is dirmessage_enable = YES, and then create a file ". message" in the directory and write the description about the directory in the file.
Configure vsftp virtual users
1. Generate a virtual user password library file. To create a password library file, you must first generate a text file. The file format is as follows: singular behavior username, even behavior password:
# Vi account.txt
Ylg
1234
Zhanghong
4321
Gou
5678
2. Generate a password library file and modify its permissions:
# Db_load-T-t hash-f./account.txt/etc/account. db
# Chmod 600/etc/account. db
3. Create a virtual user's PAM file. Add the following two lines:
# Vi/etc/pam. d/vsftp. vu
Auth required/lib/security/pam_userdb.so db =/etc/account
Account required/lib/security/pam_userdb.so db =/etc/account
4. Create a virtual user, set the directory to be accessed by the user, and set the virtual user access permissions:
# Useradd-d/ftpsite virtual_user
# Chmod 700/ftpsite
After this step,/ftpsite is the home directory of the virtual_user user, which is also the owner of the/ftpsite directory. Except the root user, only the user has the permission to read, write, and execute the directory.
5. Generate a test file. First switch to the virtual_user user identity, and then create a file in the/ftpsite directory:
# Su-virtual_user
$ Vi/ftpsite/mytest
This is a test file.
$ Su-root
6. Edit the/etc/vsftpd. conf file so that the content of the entire file is as follows (the comment is removed ):
Anonymous_enable = NO
Local_enable = YES
Local_umask = 022
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Listen = YES
Write_enable = YES
Anon_upload_enable = YES
Anon_mkdir_write_enable = YES
Anon_other_write_enable = YES
One_process_model = NO
Chroot_local_user = YES
Ftpd_banner = Welcom to my FTP server.
Anon_world_readable_only = NO
Guest_enable = YES
Guest_username = virtual_user
Pam_service_name = vsftp. vu
In the code above, guest_enable = YES indicates that a virtual user is enabled; guest_username = virtual indicates that a virtual user is mapped to a local user, so that the virtual user can log on to the local user's virtual directory/ftpsite; pam_service_name = vsftp. the configuration file of PAM specified by vu is vsftp. vu.