Recommended configuration for-VSFTPD virtual user for CentOS

VSFTPD Configuration of virtual users

System:linux centos6.5 2.6.32-431.el6.x86_64

Vsftpd-2.2.2-21.el6.x86_64

First step, installation

#cd/etc/yum.repos.d/

# RM-RF *

# wget Http://docs.linuxtone.org/soft/lemp/CentOS-Base.repo

# Yum Clean All

# yum-y Install VSFTPD

# yum-y Install Db4-utils

Step two, create a virtual user

#vim/home/loginuser.txt

User1

Password1

User2

Password2

User3

Password4

The format is the first behavior of the user name, the second behavior of the password, and so on

DB database is created and only the root user can read and write

# db_load-t-T hash-f/home/loginuser.txt/etc/vsftpd/vsftpd_login.db

# chmod 600/etc/vsftpd/vsftpd_login.db

Configuring the Pam File

# VIM/ETC/PAM.D/VSFTPD.VU (64-bit system)

Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

Account Required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

# VIM/ETC/PAM.D/VSFTPD.VU (32-bit system)

Auth sufficient/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

Account Sufficient/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

#vim/ETC/PAM.D/VSFTPD (64-bit system)

Auth sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

Establish real users of the system for virtual users

Useradd jboss-d/data-s/sbin/nologin

Chown Jboss.jboss/data

Note: On the virtual host server with Nginx, the user is www

Step three, modify the configuration file

# Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bak

# vim/etc/vsftpd/vsftpd.conf

Anonymous_enable=no

Local_enable=yes

Write_enable=no

Dirmessage_enable=yes

Xferlog_enable=yes

Xferlog_file=/var/log/vsftpd.log

Connect_from_port_20=yes

Xferlog_std_format=yes

Listen=yes

Userlist_enable=yes

Chroot_local_user=yes

Tcp_wrappers=yes

#guest_enable =yes

#guest_username =jboss

Pam_service_name=vsftpd.vu

User_config_dir=/etc/vsftpd/vsftpd_user_conf

Virtual_use_local_privs=yes

pasv_min_port=50000

pasv_max_port=50010

Pasv_enable=yes

max_clients=200

Max_per_ip=4

idle_session_timeout=600

Ftpd_banner=welcome to Windows2008 FTP Service.

Comments are as follows:

Anonymous_enable=no

Setting does not allow anonymous access

Local_enable=yes

Set the local user to be accessible. Note: Primarily for virtual hosting users, if the item is set to No then all virtual users will not be able to access it.

Write_enable=yes

The settings can be written.

local_umask=022

Sets the permission mask for the file after uploading.

Anon_upload_enable=no

Prohibit anonymous users from uploading.

Anon_mkdir_write_enable=no

Prevents anonymous users from creating directories.

Dirmessage_enable=yes

Set the Open Directory banner feature.

Xferlog_enable=yes

Set the Enable Logging function.

Connect_from_port_20=yes

Set port 20 for the data connection.

Chown_uploads=no

Set prohibit upload file change host.

Xferlog_file=/var/log/vsftpd.log

Set the VSFTPD Service log save path. Note that the file does not exist by default. You have to touch it manually, and because of this change, the VSFTPD service host user is the manually established VSFTPD. You must be aware of the Write permission to the log for that user, or the service will fail to start.

Xferlog_std_format=yes

The settings log uses a standard record format.

Nopriv_user=vsftpd

Sets the host user that supports the VSFTPD service as a manually established VSFTPD user. Note that once you make changes to the host user, you must be aware of the read and write rights of the read-write files associated with the service. For example, the log file must give the user write permission, and so on.

Async_abor_enable=yes

Setting supports asynchronous transfer functions.

Ascii_upload_enable=yes

Ascii_download_enable=yes

Set up upload and download features that support ASCII mode.

Ftpd_banner=welcome to Awei FTP servers

Set the VSFTPD landing banner.

Chroot_local_user=yes

Prevents local users from logging out of their own FTP home directory.

Pam_service_name=vsftpd

Set the authentication profile name for the VSFTPD under the PAM service. Therefore, Pam validation will refer to the vsftpd file configuration under/etc/pam.d/.

The following are important configuration items for VSFTPD virtual user support. These settings are not included in the default vsftpd.conf, and you need to manually add the configuration yourself.

Guest_enable=yes

Set the Enable Virtual User feature.

Guest_username=ftp

Specifies the host user for the virtual user.

Virtual_use_local_privs=yes

Set permissions for virtual users to match their host users.

User_config_dir=/etc/vsftpd/vsftpd_user_conf

Set the profile storage path for the virtual user's personal vsftp. In other words, this designated directory, will be stored in each vsftp virtual user personality profile, a need to pay attention to the

The place is that these configuration filenames must be the same as the virtual user name.

Fourth step, build the log

Because the default VSFTPD log file does not exist, it needs to be created manually and given permissions

# Touch/var/log/vsftpd.log

Fifth step, establish the virtual User configuration file

# mkdir/etc/vsftpd/vsftpd_user_conf

All permissions

# Vim/etc/vsftpd/vsftpd_user_conf/user1

Write_enable=yes

Anonymous_enable=no

Anon_world_readable_only=no

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

local_umask=022

Download_enable=yes

Local_root=/data/user1

Upload Permissions

# Vim/etc/vsftpd/vsftpd_user_conf/user2

Write_enable=yes

Anon_world_readable_only=no

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

local_umask=022

Download_enable=no

Local_root=/data/user2

Download only

# Vim/etc/vsftpd/vsftpd_user_conf/user3

Write_enable=no

Anon_world_readable_only=no

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Anon_other_write_enable=no

local_umask=022

Download_enable=yes

Local_root=/data/user3

Sixth step, close SELinux

#vi/etc/selinux/config

Selinux=disabled

#setenforce 0 Do not restart to turn off SELinux to take effect

Seventh step, turn off the firewall or open 21, 20 ports

#setup

Start the service

#service vsftpd Start

Look at the log:

#tail-F/var/log/vsftpd.log

#tail-F/var/log/secure

Support SSL

If you need to support SSL secure connections

#vi/etc/vsftpd/vsftpd.conf

Ssl_enable=yes

Rsa_cert_file=/etc/vsftpd/vsftpd.pem

Ssl_ciphers=high

Require_ssl_reuse=no

Survival key: Put in the rsa_cert_file=/etc/vsftpd/directory

#openssl req-new-x509-nodes-out vsftpd.pem-keyout vsftpd.pem-days 1095

Restart Service:

#service vsftpd Restart

This article is from the "Chen blog" blog, make sure to keep this source http://chenshengang.blog.51cto.com/4399161/1791305

Recommended configuration for-VSFTPD virtual user for CentOS