Use the tar package to configure high-availability vsftp

Source: Internet
Author: User
Tags ftp connection
Article Title: Use a tar package to configure high-availability vsftp. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Yesterday, I saw a friend saying that the vsftp installed with the tar package cannot be logged on with a local user. I felt very surprised. However, I have only done rpm, so I have no right to speak. Today, I successfully installed and configured a vsftp with the tar package on my machine. now I want to share my process with you and hope to help you!
  
   I. Installation
1.download the latest stable version vsftpd-1.2.1.tar.gz
  
2. uninstall the original rpm vsftpd
Rpm-e vsftpd
3. tar xvzf vsftpd-1.2.1.tar.gz
4. cd vsftpd-1.2.1
5. make
6. useradd nobody
7. mkdir/usr/share/empty
8. mkdir/var/ftp
9. useradd-d/var/ftp
10. chown root. root/var/ftp
11. chmod og-w/var/ftp
Note: If you have vsftp with rpm, just uninstalled it, you can skip step 6-11. if vsftp is not installed, proceed step by step.
12. make install
13. vi/etc/xinetd. d/vsftpd
Change disable = yes to no. save and exit. Then service xinetd restart, OK! The newly installed vsftp is ready to work!
Note: The default vsftpd installation method is xinetd. You need to perform the preceding operations. later, let's change it to a independently started service.
14. ftp 127.0.0.1
Enter the ftp user name and press enter for the password. OK! The connection is ready! Enter quit to exit. Then, reset ftp 127.0.0.1 and enter the local user and password, but the message "login faild" is displayed! Why? A local user-authenticated pam file was missing.
15. cp RedHat/vsftpd. pam/etc/pam. d/ftp (note that you cannot log on with a local user without this step !)
16. cp vsftpd. conf/etc/vsftpd. conf (currently, only anonymous users can log on by default)
17. vi/etc/vsftpd. conf
Change anonmous_enable = YES to NO (disable anonymous links, unsafe)
Remove the comments before local_enable = YES (permission for enabling local user connection)
Remove the comment before write_enable = YES (enable the write permission of the local user)
Remove the comments before local_umask = 022
Service xinetd restart
18. test again
Ftp 127.0.0.1
Login faild
Log on with a local user. OK! It is successful! Upload files. OK, too!
Is that the end? No, we usually need some special requirements to create an FTP: for example, if a user is allowed to download but not to upload, another user can download or upload, however, he cannot delete the file or rename the file. In addition, I also need to use non-conventional ports for FTP to limit the download speed. an administrator user is also required. What should we do? Please refer to the following section!
  
Ssion denied. deleting the file is also unsuccessful!
Enter quit to log out and log on as an admin user. you can have all the preceding permissions. then, rmdir lsf prompts "delete directory o [eration successful; Delete test. file" prompt "delete operation successful! OK, you are done!
4. there is also a speed limit, which limits the number of connections to the same IP address and the maximum number of connections. I have already written this article and will not repeat it here!
  
   II. Advanced Configuration
1. use independent services
A. vi/etc/xinetd. d/vsftpd: change disable = no to yes and no longer need it!
B. vi/etc/vsftpd. conf is appended with listen = YES
C. service xinetd restart
D./usr/local/sbin/vsftpd/etc/vsftpd. conf &
OK! Now vsftp is a independently started service!
2. use an unconventional port (2121)
A. vi/etc/vsftpd. conf
Add listen_port = 2121, save and exit
B. killall-9 vsftpd
C./usr/local/sbin/vsftpd/etc/vsftpd. conf &
OK! Now using ftp 127.0.0.1 will prompt that your connection has been rejected (ftp: connect: Connetion refuesd )! Then input the username and password in ftp 127.0.0.1 2121, OK! You can log on!
3. implement different permissions for different users
Now we can implement different permissions for three users:. upload users can upload, download, and create folders, but cannot delete files and folders, and cannot rename original files and folders; B. download user, only download; c. admin users and administrators can upload, download, create folders, delete and change the names of files and folders. These users are not allowed to log on to the system, and they are locked in their home directory during ftp connection and cannot enter the system folder.
A. cat < Logins.txt
> Upload
> ******* # Upload user password
> Download
> *******
> Admin
> ****************
>!
Note: the format of this text file is: singular behavior username, even behavior password
B. db_load-T-t hash-f logins.txt/etc/vsftpd_login.db
C. chmod 600/etc/vsftpd_login.db
D. cd vsftpd-1.2.1/EXAMPLE; cp VIRYUAL_USERS/vsftpd. pam/etc/pam. d/ftp. vu (go to the source code directory of your unpack and copy the authentication file of the virtual user to/etc/pam. d/lower)
E. useradd-d/home/ftpsite virtual; chmod 700/home/ftpsite; su-virtual-c "echo hello>/homt/ftpsite/test. file (create the ftp directory to be accessed by the virtual User, set the permissions to be accessed by the virtual user only, and create a file for downloading the experiment)
F. vi/etc/vsftpd. conf insert the following configuration statement in this file
Guest_enable = YES (enable virtual user)
Guest_username = virtual (ing virtual users to local virtual users)
Pam_service_name = ftp. vu (specify the PAM configuration file as ftp. vu)
User_config_dir =/etc/vsftpd_user_conf (specify the storage path for different virtual user configuration files)
Save and exit
G. mkdir/etc/vsftpd_user_conf
H. open the echo "anon_world_readable_only = MO">/etc/vsftpd_user_conf/download permission for different users (open the download permission for users-only download. do not write YES unless this parameter is specified, otherwise, files and directories cannot be listed)
Cp/etc/vsftpd_user_conf/download/etc/vsftpd_user_conf/upload
Vi/etc/vsftpd_user_conf/upload, add the following lines
Write_enable = YES (Add write permission)
Anon_upload_enable = YES (added Upload permission)
Anon_mkdir_write_enable = YES (add the permission to create a directory)
Cp/etc/vsftpd_user_conf/upload/etc/vsftpd_user_conf/admin
Add a row:
Anno_other_writer_enable = YES (add the administrator user's permission to delete/rename)
I. test
Killall-9 vsftpd;/usr/local/sbin/vsftpd/etc/vsftpd. conf &
Ftp127.0.0.1 2121
Log on with the username download and the password you set, ls, you can see the file, download, successful! Put a file, prompt
Permission denied. The rename test. file permission is also rejected; the delete test. file operation is also unsuccessful!
Enter quit to log out and use upload to log on. OK! You can upload, download, and mkdir lsf. the Message "/lsf" created; rename lsf lsf1 indicates Permission denied. the file cannot be deleted!
Enter quit to log out and log on as an admin user. you can have all the preceding permissions. then, rmdir lsf prompts "delete directory o [eration successful; Delete test. file" prompt "delete operation successful! OK, you are done!
4. there is also a speed limit, which limits the number of connections to the same IP address and the maximum number of connections. I have already written this article and will not repeat it here!
  
   III. Appendix
1. contents of my/etc/vsftpd. conf file
  
[Quote: 93f3c4a2db] # Example config file/etc/vsftpd. conf
#
# The default compiled in settings are fairly paranoid. This sample file
# Loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd. conf.5 for all compiled in defaults.
#
# Read this: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd. conf.5 manual page to get a full idea of vsftpd's
# Capabilities.
#
# Allow anonymous FTP? (Beware-allowed by default if you comment this out ).
Anonymous_enable = NO
#
# Uncomment this to allow local users to log in.
Local_enable = YES
#
# Uncomment this to enable any form of FTP write command.
Write_enable = YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# If your users CT that (022 is used by most other ftpd's)
Local_umask = 022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# Has an effect if the above global write enable is activated. Also, you will
# Obviously need to create a directory writable by the FTP user.
Anon_upload_enable = NO
#
# Uncomment this if you want the anonymous FTP user to be able to create
# New directories.
Anon_mkdir_write_enable = NO
#
# Activate directory messages-messages given to remote users when they
# Go into a certain directory.
Dirmessage_enable = YES
#
# Activate logging of uploads/downloads.
Xferlog_enable = YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data ).
Connect_from_port_20 = YES
#
# If you want, you can arrange for uploaded anonymous files to be owned
# A different user. Note! Using "root" for uploaded files is not
# Recommended!
# Chown_uploads = YES
# Chown_username = whoever
#
# You
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.