RHEL6.x build enterprise-level FTP

RHEL6.x build enterprise-level FTP ================================ db4-utils + vsftpd build virtual users create a virtual user using mysql + vsftpd =================================================== the FTP server of a virtual user is very necessary, because the virtual user is not on the server

RHEL 6.x build enterprise FTP
====================================
Db4-utils + vsftpd build virtual user
Create a virtual user using mysql + vsftpd
====================================

It is very necessary to build an FTP server based on virtual users for enterprises, Because Virtual users do not have this user on the server, even if, attackers who maliciously damage system security cannot obtain the virtual user's account and password to log on to the system through this account, ensuring system security.

Related reading:

RHEL5 configure the yum repository http://www.linuxidc.com/Linux/2013-08/88909.htm through FTP

A problem http://www.linuxidc.com/Linux/2013-07/88132.htm in VsFTP configuration in CentOS6 X64

The simplest way to build a tFTP server under Ubuntu http://www.linuxidc.com/Linux/2013-07/87366.htm

Install Pure-FTPd build FTP server http://www.linuxidc.com/Linux/2013-05/84885.htm

1. db4-utils + vsftpd for FTP virtual users
1) install db4-utils and vsftpd
Yum-y install vsftpd db4-utils
Vsftpd's virtual user database is a database file in the Berkeley DB format. Creating this database file requires the db_load command tool, which depends on the db4-utils package, so you need to install the db4-utils.
2) create a user name and password list file in text format

Cat>/etc/vsftpd/virtual_user.list <EOF
User1 # username with an odd number of behaviors, and password of username in the first line with an even number
123
User2
456
EOF
# A space in this file also represents a line. Do not add additional lines.

3) convert the user name and password list file into a DB database file using the db_load Tool

[Root @ jie3 vsftpd] # db_load-T-t hash-f/etc/vsftpd/virtual_user.list/etc/vsftpd/virtual_user.db
[Root @ jie3 vsftpd] # file/etc/vsftpd/virtual_user.db
/Etc/vsftpd/virtual_user.db: Berkeley DB (Hash, version 9, native byte-order)
# Db_load-T: Conversion
#-T hash: specifies the basic method for reading data files
#-F/etc/vsftpd/virtual_user.list: user name and password list file
#/Etc/vsftpd/virtual_user.db: convert to the Berkeley DB database file

4) Create the root directory for accessing ftp and the system account corresponding to the virtual user

[Root @ jie3 vsftpd] # useradd-d/var/ftproot-s/sbin/nologin virtual
# This user cannot log on to the system.-d specifies the Home Directory of this user.
[Root @ jie3 vsftpd] # chown virtual: virtual/var/ftproot/
[Root @ jie3 vsftpd] # chmod 755/var/ftproot/

5) create a pam Authentication File

[Root @ jie3 vsftpd] # cat>/etc/pam. d/vsftpd. vu <EOF
# % PAM-1.0
Auth required pam_userdb.so db =/etc/vsftpd/virtual_user
Account required pam_userdb.so db =/etc/vsftpd/virtual_user
EOF
# Db =/etc/vsftpd/virtual_user point to the database file generated by the db_load command just now. The suffix. db can be left empty

6) modify the configuration file so that vsftpd supports Virtual users.

###### Modify the content of the/etc/vsftpd. conf configuration file ###############
Anonymous_enable = NO
Local_enable = YES
Write_enable = YES
Local_umask = 022
Anon_umask = 022
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Listen = YES
Userlist_enable = YES
Tcp_wrappers = YES
Guest_enable = YES # Enable User ing
Guest_username = virtual # map the user to a user created earlier that cannot log on to the system virtual
Pam_service_name = vsftpd. vu # specify the pam-authenticated File
Local_root =/var/ftproot # specify the ftp root directory
User_config_dir =/etc/vsftpd/chroot_list # specify the path for configuring the permission directory for the user

7) create a directory for assigning permissions to a virtual user and a file for setting the permissions for the virtual user. The file must be named after the virtual user name.

[Root @ jie3 vsftpd] # mkdir/etc/vsftpd/chroot_list
# Create a directory name defined by user_config_dir in the configuration file
[Root @ jie3 vsftpd] # touch/etc/vsftpd/chroot_list/user1
# Before creation, name the file as the user name. This user exists in the user name and password list file.
[Root @ jie3 vsftpd] # touch/etc/vsftpd/chroot_list/user2
[Root @ jie3 vsftpd] # cd chroot_list/
[Root @ jie3 chroot_list] # ls
User1 user2
[Root @ jie3 chroot_list] # echo "anon_upload_enable = YES">/etc/vsftpd/chroot_list/user1
# Set the object upload permission for user1.
[Root @ jie3 chroot_list] # cat>/etc/vsftpd/chroot_list/user2 <EOF
> Anon_upload_enable = YES # user2 can upload files
> Anon_mkdir_write_enable = YES # Set the file creation permission for user2.
> EOF

8) Verify the permissions of different users