Use vsftp to set up an ftp server

Use vsftp to set up the ftp server-Linux Enterprise Application-Linux server application information. The following is a detailed description. Link: http://www.syitren.com/bbs/thread-1376-1-1.html
Reprinted please note!

VSFTPD is a secure and fast FTP server in UNIX/Linux and has been used by many large websites. VSFTPD support

Store the user name and password in a database file or database server. VSFTPD calls this form of user as a virtual user. Relative

For FTP local (system) users, virtual users are only private users of the FTP server, and virtual users can only access

Resources, which greatly enhances the security of the system itself. Compared with anonymous users, virtual users need the user name and password to obtain FTP

The files in the server increase the manageability of users and downloads. If you need to provide the download service, but do not want everyone to renew

Name download. Virtual users are an excellent choice for managing download users, taking into account host security and convenient management of FTP sites.

Good solution. This article describes how to save the VSFTPD virtual user name and password in the MySQL database server on centos.

1) install vsftp

# Tar-zxvf vsftpd-2.0.6.tar.gz

# Cd vsftpd-2.0.6

For installation steps, refer to the INSTALL file in the directory.

# Mkdir/usr/share/empty/

# Mkdir/var/ftp/

# Useradd-d/var/ftp

# Chown root. root/var/ftp

# Chmod og-w/var/ftp

# Make; make install

# Cp vsftpd/usr/local/sbin/vsftpd

# Mkdir/usr/local/man

# Cp vsftpd. conf.5/usr/local/man/man5

# Cp vsftpd.8/usr/local/man/man8

# Cp RedHat/vsftpd. pam/etc/pam. d/ftp

# Cp vsftpd. conf/etc

# Vi/etc/vsftpd. conf

Add a row at the end

Listen = YES

Start vsftp Service

#/Usr/local/sbin/vsftpd &

Use anonymous or an ftp user to test the password. The password is empty.

Allow local users to log on:

# Vi/etc/vsftpd. conf

Local_enable = YES

Pam_service_name = ftp

Create a new user and restart the service to log on and test it.

# Killall-HUP vsftpd // restart the vsftpd service

Main directory of banned users:

# Touch/etc/vsftpd. chroot_list

A. restrict all users from switching Directories

Chroot_local_user = YES

B. The specified user cannot switch directories.

Chroot_local_user = NO

Chroot_list_enable = YES

Chroot_list_file =/etc/vsftpd. chroot_list

Input the user who needs to ban the home directory to the/etc/vsftpd. chroot_list file.






Store usernames and passwords in the database

A) create a virtual user password library file, set the username for odd lines in the password library file, and set the password for even lines.

# Cat logins.txt

Aaa

123456

Bbb

123456

B) generate the authentication File For vsftpd

# Db_load-T-t hash-f logins.txt/etc/vsftpd_login.db

# Chmod 600/etc/vsftpd_login.db

C) Create the PAM Configuration File required by the virtual user

# Cat/etc/pam. d/ftp (comment out all the original files)

Auth required/lib/security/pam_userdb.so db =/etc/vsftpd_login

Account required/lib/security/pam_userdb.so db =/etc/vsftpd_login

D) create a virtual user and the directory to be accessed and set the corresponding Permissions

# Useradd-d/home/ftpsite virtual

# Chmod 700/home/ftpsite/

E) add the virtual user configuration content to the configuration file/etc/vsftpd. conf.

Guest_enable = YES

Guest_username = virtual

Pam_service_name = ftp // This line has already been added

Restart the vsftp service and use aaa and bbb to test the service.

Set different permissions for virtual users

# Vi/etc/vsftpd. conf

Add User Configuration File directory settings and add a line

User_config_dir =/etc/vsftpd_user_conf

Create a virtual user's configuration file directory

# Mkdir/etc/vsftpd_user_conf

Create a separate configuration file for the virtual user. The name of the configuration file is the same as the user name.

/Etc/vsftpd_user_conf/aaa

/Etc/vsftpd_user_conf/bbbb

Each FTP virtual user can independently set its permissions and different home directories.

# Cat/etc/vsftpd_user_conf/aaa

Anon_world_readable_only = NO

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

Local_root =/var/aaa


Use mysql to store virtual users

A) install mysql

# Tar-zxvf mysql-5.0.67.tar.gz

# Cd mysql-5.0.67

#./Configure -- prefix =/usr/local/mysql

# Make; make install

# Cp support-files/my-medium.cnf/etc/my. cnf

# Useradd mysql

# Chown-R root. root/usr/local/mysql/

Initialize Database

#/Usr/local/mysql/bin/mysql_install_db

# Chown-R root. root/usr/local/mysql/

# Chown-R mysql. mysql/usr/local/mysql/var

#/Usr/local/mysql/bin/mysqld_safe -- user = mysql &

B) install pam_mysql

Because mysql is compiled and installed, errors may occur in this step. You can do the following link:

# Ln-s/usr/local/mysql/lib/mysql/usr/lib/mysql

# Ln-s/usr/local/mysql/include/mysql/usr/include/mysql

# Tar-zxvf pam_mysql-0.6.2.tar.gz

# Cd pam_mysql-0.6.2

#./Configure -- with-mysql =/usr/local/mysql? With-openssl

# Make; make install

# Cp/usr/lib/security/pam_mysql.so/lib/security/

C) set the database

Mysql> create database vftp;

Mysql> use vftp;

Mysql> create table users (name char (16) binary, passwd char (16) binary );

Mysql> insert into users (name, passwd) values ('test1', '123 ');

Mysql> insert into users (name, passwd) values ('test2', '123 ');

Mysql> quit

D) create a file required for pam Authentication

# Vi/etc/pam. d/ftp

Add the following two lines

Auth required/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vftp

Table = users usercolumn = name passwdcolumn = passwd crypt = 0

Account required/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vftp

Table = users usercolumn = name passwdcolumn = passwd crypt = 0

Note:

# Crypt = 0: plaintext Password

# Crypt = 1: Use the crpyt () function (corresponding to encrypt () in SQL data, encrypt () to randomly generate salt)

# Crypt = 2: Use the password () function in MYSQL for encryption.

# Crypt = 3: indicates the md5 hash mode # the preceding two statements are configured. The first sentence is based on auth, and the second sentence is based on account.

.

E) virtual user configuration

The configuration of vsftpd. conf is the same as the user name and password of the database.