RedHat6 establishes vsFTP for virtual users based on firewall and SELinux

Install vsftp software yuminstallvsftpd Based on RedHat6 the version we install here is vsftpd-2.2.2-6.el6.i686 because we want to create an anonymous account vsftpd so also install db4 and db4_utils two packages, redhat6 has been installed by default. modify/etc/vsftpd. conf [root @ mailftp] # grep-v '^ #'

Based on RedHat6

InstallVsftp SoftwareYum install vsftpd The installed version here isVsftpd-2.2.2-6.el6.i686 Because we want to create an anonymous accountVsftpd So installDb4 AndDb4_utils Two software packages, Redhat6 Installed by default. Modify/Etc/vsftpd. conf [root @ mail ftp] # grep-v '^ #'/etc/vsftpd. conf anonymous_enable = YES Local_enable = YES Write_enable = YES Local_umask = 022 Anon_root =/ftp/public ; Root directory of anonymous accountXferlog_enable = YES ; Enable logConnect_from_port_20 = YESxferlog_file =/var/log/vsftpd. logxferlog_std_format = YESidle_session_timeout = 600 ; Delete idle10 Users in minutesData _ connection_timeout = 120 ; Delete idle2 Download in minutesAccept_timeout = 60 ; Deletion suspended1 Passive connections in minutesConnect_timeout = 60 ; Delete pending1 Active connections in minutesFtpd_banner = Welcome to zzu ftp. chroot_local_user = YES ; Local Account restriction on Home DirectoryLs_recurse_enable = YES ; Disable dangerous placesLs-R CommandListen = YES pam_service_name = vsftpduserlist_enable = YEStcp_wrappers = YES hide_ids = YES ; Hide the owner and group information of a fileMax_clients = 300 ; Maximum number of connected users300 ItemsMax_per_ip = 4 ; Maximum per person4 ConnectionsAnon_max_rate = 100000 ; Maximum anonymous user rate100 K/slocal_max_rate = 1000000 ; Maximum rate of local users1 M/s guest_enable = YES ; Enable virtual userGuest_username = ftp ; Local user mapped by virtual userUser_sub_token = $ USERlocal_root =/ftp/virtual/$ USER ; Root directory of a virtual userUser_config_dir =/etc/vsftpd/userdir ; Virtual User Permissions On Files Virtual account settingsMkdir/etc/vsftpd/vuservim/etc/vsftpd/vuser/vu ftp1123ftp2123 First Act account second act Password Generate database filesDb_load-T-t hash-f/etc/vsftpd/vuser/vu. db Virtual account PermissionsMkdir/etc/vsftpd/userdirvim/etc/vsftpd/userdir/ftp1 anon_upload_enable = YESanon_mkdir_write_enable = YESanon_other_write_enable = YES Grant ftp1 the maximum permissionVim/etc/vsftpd/userdir/ftp2 anon_upload_enable = YES Grant ftp2 upload permission  Modify Account Verification ModeVim/etc/pam. d. vsftpd ChangedAuth Required pam_userdb.so db =/etc/vsftpd/vuser/vuAccount Required pam_userdb.so db =/etc/vsftpd/vuser/vu 

650) this. width = 650; "border = 0>

Firewall andSuLinuxAll are enabled.

Change the corresponding policy

650) this. width = 650; "border = 0>

 

Setsebool-P allow_ftpd_anon_write = 1
Setsebool-P allow_ftpd_full_access = 1
Setsebool-P ftp_home_dir = 1

650) this. width = 650; "border = 0>

Create ftp-related folders
Mkdir-p/ftp/public/ftp/virtual/ftp1/ftp/virtual/ftp1
Chown ftp. ftp/virtual /*
Modify security environment
Chcon -- reference/var/ftp-R/ftp

Start the service

Service vsftpd start

Test

 

650) this. width = 650; "border = 0>