VSFTP installation Combat (successful)

I'm using a vsftpd-2.0.5.tar.gz.
First decompression: TAR-ZXFV vsftpd-2.0.5.tar.gz
Before compiling, open: builddefs.h
#ifndef Vsf_builddefs_h
#define Vsf_builddefs_h

#undef vsf_build_tcpwrappers
#define Vsf_build_pam
#undef VSF_BUILD_SSL

Over here #define VSF_BUILD_PAMVSFTPD is specified to support Pam, so don't change it to #undef vsf_build_pam
and change all undef to define

After checking builddefs.h, make compiles and checks that the generated vsftpd file is loaded with the LDD command/lib/libpam.so.0

# LDD VSFTPD

Reference:

libwrap.so.0 =>/usr/lib/libwrap.so.0 (0x003f4000)

Libnsl.so.1 =>/lib/libnsl.so.1 (0x003a4000)

libpam.so.0 =>/lib/libpam.so.0 (0x00c38000)

Libdl.so.2 =>/lib/libdl.so.2 (0x00ac6000)

Libresolv.so.2 =>/lib/libresolv.so.2 (0x00c14000)

Libutil.so.1 =>/lib/libutil.so.1 (0x00479000)

Libcap.so.1 =>/lib/libcap.so.1 (0x00af1000)

Libssl.so.4 =>/lib/libssl.so.4 (0x0036e000)

Libcrypto.so.4 =>/lib/libcrypto.so.4 (0x0022f000)

Libc.so.6 =>/lib/tls/libc.so.6 (0x0099a000)

libaudit.so.0 =>/lib/libaudit.so.0 (0x00c29000)

/lib/ld-linux.so.2 (0x00981000)

Libgssapi_krb5.so.2 =>/usr/lib/libgssapi_krb5.so.2 (0x0031a000)

Libkrb5.so.3 =>/usr/lib/libkrb5.so.3 (0x00123000)

Libcom_err.so.2 =>/lib/libcom_err.so.2 (0x0011e000)

Libk5crypto.so.3 =>/usr/lib/libk5crypto.so.3 (0x00207000)

Libz.so.1 =>/usr/lib/libz.so.1 (0x00bce000)
If you do not have libpam.so.0 then you need to install the Pam-devel package:

If you don't have libssl.so.4 then you need to install OpenSSL packs
Then recompile vsftpd:
Make clean
Make

1. Copy the following files to the specified location after successful compilation:
CP vsftpd/usr/local/sbin/vsftpd #这个是vsftpd执行文件, where it doesn't matter, replication does not copy can
CP Vsftpd.conf.5/usr/local/share/man/man5
CP VSFTPD.8/USR/LOCAL/SHARE/MAN/MAN8
CP vsftpd.conf/etc/vsftpd/#vsftpd主配置文件
CP redhat/vsftpd.pam/etc/pam.d/ftp #PAM验证文件 to allow local users to log on VSFTPD

2. Add a system user as an FTP virtual user, set up a virtual user account and password in MySQL
# Useradd Vsftpdguest
# chown/var/ftp Vsftpdguest.vsftpdguest
# chmod 700/var/ftp
To ensure that the/etc/passwd file is modified securely, change the corresponding entry in Vsftpdguest to:
Vsftpdguest:x:511:511::/var/ftp:/sbin/nologin

Make the Vsftpdguest account only as an FTP user, but not as a system user login.
The following creates a MySQL database for login verification:
Mysql>create database Vsftpdvu;
Mysql>use Vsftpdvu;
Mysql>create Table Users (name char () binary,passwd char () binary);
Mysql>insert into users (NAME,PASSWD) VALUES (' Xiaotong ', password (' Qqmywife '));
Mysql>insert into users (NAME,PASSWD) VALUES (' Xiaowang ', password (' Ttmywife '));
　　
Mysql> Grant Select on Vsftpdvu.users to Vsftpdguest@localhost
Mysql> Set password for sftpdguest@localhost =password (' 123456 ')
Mysql>quit

3. Configure Pam_mysql

Edit/etc/pam.d/ftp File:
The content is modified as follows:
Auth required/lib/security/pam_mysql.so user=vsftpdguest passwd=123456 host=localhost db=vsftpdvu Usercolumn=name passwdcolumn=passwd crypt=2
Account required/lib/security/pam_mysql.so user=vsftpdguest passwd=123456 host=localhost db=vsftpdvu table=users Usercolumn=name passwdcolumn=passwd crypt=2

The above bold parts are as follows: Pam_mysql security and thorough module package location, MySQL database username, password, database server address, database name, virtual user table, virtual user Name column, virtual user password column, encryption mode: 0 for plaintext, 1 for the operating system RAS encryption, 2 encryption for the MySQL password method

4. Configure vsftpd.conf
Anonymous_enable=no #禁止匿名
Local_enable=yes #允许本地登录
Write_enable=yes #允许写, if you want to upload, you must
local_umask=027 #将上传文件的权限设置为: 777-local_umask
Anon_upload_enable=yes #允许虚拟用户和匿名用户 Upload
Anon_other_write_enable=yes #允许虚拟用户和匿名用户修改文件名和删除文件
Dirmessage_enable=yes
Xferlog_enable=yes #打开日志记录
Connect_from_port_20=yes
Xferlog_file=/var/log/vsftpd.log #日志存放位置
Xferlog_std_format=yes #标准日志格式
idle_session_timeout=600 #空闲连接超时
data_connection_timeout=120
Ftpd_banner=welcome to chinarise FTP service #欢迎信息
Guest_enable=yes #允许虚拟用户
Guest_username=vsftpdguest #虚拟用户使用的系统账号
Virtual_use_local_privs=yes #虚拟用户拥有本地系统权限

Chroot_local_user=no
Chroot_list_enable=yes
#以下两行将虚拟用户限制在其目录下, you cannot access other directories, or you can directly use the
Chroot_local_user=yes

Listen=yes #监听/Passive mode
Listen_port=21 #监听端口

Chroot_list_file=/etc/vsftpd/vsftpd.chroot_list #虚拟用户名单保存在文件/etc/vsftpd/vsftpd.chroot_list.
User_config_dir=/etc/vsftpd/vsftpd_user_conf #每个虚拟用户名的更加详细的培植保存在/etc/vsftpd/vsftpd_user_conf.

5. Other settings for virtual users

Write the name of the virtual user allowed to log in the/etc/vsftpd/vsftpd.chroot_list file, one for each line
Create a file in the/etc/vsftpd/vsftpd_user_conf folder named after the user name of the virtual user.
Write: Local_root =/var/ftp/subdirectory name
Then create a corresponding directory under/VAR/FTP.

6. There are two problems after the installation is completed:

1:500 OOPS:vsftpd:both Local and anonymous access disabled!
by resolving Local_enable=yes in vsftpd.conf

2: [Right] oops:cannot locate user entry:ftpsecure
[Right] Oops:child died
3. Can upload the empty folder, may download, but cannot upload the file
This is because the company hardware firewall settings caused by the FTP upload stream intercepted, so that caused transmission errors.