Yum Install Vsftpd-y
Yum Install pam* db4*--skip-broken–y
Create and generate the VSFTPD database file Vi/etc/vsftpd/ftpusers.txt, as follows:
First act FTP virtual user, login user name, second behavior password, third behavior user name, and so on.
Wugk
1
Wugk1
1
Generate Database File command:
Db_load-t-T Hash-f/etc/vsftpd/ftpuser.txt/etc/vsftpd/vsftpd_login.db
chmod 700/etc/vsftpd/vsftpd_login.db
To configure the PAM validation file:
At the beginning of the configuration file vi/etc/pam.d/vsftpd, add the following two lines of authentication statement, note all other lines: (if it is 32 bits, lib64 need to change to Lib, if Redhat, add the statement is not the same, you need to note)
Auth sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
To create a vsftpd map local User:
All FTP virtual users need to use a system user, this system user does not need the password, also does not need to log in. Used primarily to do virtual user mapping.
useradd-d/home/ftpuser-s/sbin/nologin Ftpuser
The vsftpd.conf full version of the configuration file reads as follows:
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
#port_enable =yes (if active mode, please remove "#", comment the two lines pasv_min_port=30001,pasv_max_port=30010)
Connect_from_port_20=yes
Xferlog_file=/var/log/vsftpd.log
Xferlog_std_format=yes
Ascii_upload_enable=yes
Ascii_download_enable=yes
Listen=yes
Guest_enable=yes
Guest_username=ftpuser
pam_service_name=vsftpd
user_config_dir=/etc/vsftpd/vsftpd_user_conf
Virtual_use_local_privs=yes
#pasv_enable =no
pasv_min_port=30001
pasv_max_port=30010
Chroot_local_user=yes
Save restart,/etc/init.d/vsftpd Restart can use virtual user login, this time all virtual users
Common use of/home/ftpuser directory upload download, if you want to use their own separate directory, you can
The/etc/vsftpd/vsftpd_user_conf directory creates individual configuration files, such as creating a separate profile for WUGK:
VI/ETC/VSFTPD/VSFTPD_USER_CONF/WUGK, the content is as follows, create your own FTP directory.
LOCAL_ROOT=/HOME/FTPSITE/WUGK #数据存放的目录, can be changed (e.g./data/ftp)
Write_enable=yes #写入权限
Anon_world_readable_only=yes
Anon_upload_enable=yes #上传权限
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Modify Permissions:
Chown-r ftpuser.ftpuser/data/ftp
Restart, use the client login FTP, test can.
===================================================
If you want to use encryption for the FTP user name and password, follow this method:
Generate FTPS:
Mkdir/etc/vsftpd/ssl
OpenSSL req-x509-nodes-days 365-newkey rsa:1024-keyout/etc/vsftpd/ssl/vsftpd.pem-out/etc/vsftpd/ssl/vsftpd.pe M #365是证书的有效时间
CP vsftpd.conf vsftpsd.conf
at the end of the vsftpsd.conf configuration file, add the following:
Ssl_enable=yes
Ssl_tlsv1=yes
Ssl_sslv2=yes
Ssl_sslv3=yes
Allow_anon_ssl=no
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
Rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
listen_port=101
Restart , use the client login FTP, the test can see the certificate information.
Setting up an FTP server