Vsftp set up virtual users different directories assign different permissions operation steps detailed

Source: Internet
Author: User
Tags ftp login

VSFTPD Server supports anonymous users, local Users and virtual users three types of user accounts, the use of virtual user account can provide a centrally managed FTP root directory, convenient for administrator management, while the user name for FTP login, password and system user account, Further enhance the security of the FTP server.

1. Add or change the following configuration statement in/etc/vsftpd/vsftpd.conf:

*************************************************************************************************************** ******

Note: Add a split file in vsftpd.conf. user_config_dir=/etc/vsftpd

Build a user with the same name in/etc/vsftpd, and write the following in it (upload only)

Write_enable=yes
Cmds_allowed=abor,cwd,list,mdtm,mkd,nlst,pass,pasv,port,pwd,quit,rnfr,rnto,size,stor,type,user,rest,cdup,help, Mode,noop,rein,stat,stou,stru,syst,feat
file_open_mode=0444

*************************************************************************************************************** ***********

Copy CodeThe code is as follows:
Anonymous_enable=no (Of course you can also set the Yes, while allowing anonymous users to log in)
Local_enable=yes (must be set to Yes, because the virtual user is mapped to the local user of Vsan to access)
Guest_enable=yes (Enable virtual user)
Guest_username=virtual (created in the 5th step, mapping the virtual user to a local virtual user)
Pam_service_name=vsftpd.vu (created in 2nd step, specify PAM configuration file, file already exists in/etc/pam.d/)
User_config_dir=/etc/vsftpd/user_conf (7th, 8-step creation, specifying the storage path for different virtual user profiles)

2, modify the file vsftpd.vu in/etc/pam.d/, compare the contents:

Copy CodeThe code is as follows:
Auth Required pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Required Pam_userdb.so Db=/etc/vsftpd/vsftpd_login


(/etc/vsftpd/vsftpd_login in 3rd, 4 steps to create, user account password database file)

3, set up the user list/tmp/logins.txt content as follows

Copy CodeThe code is as follows:
Web (account number)
(User password)
Download (account number)
(User password)
Admin (account number)
(User password)


Note: Do not have a blank line, one line of account password; Odd behavior account number, even behavior password

4. Create Visitor data file (if not available: Yum install db4-utils)
#db_load-T-t hash-f/tmp/logins.txt/etc/vsftpd/vsftpd_login.db

5. Establish a local virtual user:

Copy CodeThe code is as follows:
#useradd-D/home/ftp-s/sbin/nologin virtual

6. Create a directory in/home/ftp/and change its properties and its host

Copy CodeThe code is as follows:
#chown virtual/home/ftp
#chmod 700/home/ftp

7. Create FTP User Configuration file directory:/etc/vsftpd/user_conf

Copy CodeThe code is as follows:
#mkdir/etc/vsftpd/user_conf

8. Create a user-named profile Web, download, admin in the/etc/vsftpd/user_conf directory

The contents of the "download" file are as follows:

Copy CodeThe code is as follows:
Local_root=/home/ftp (Of course, you can also be happy to set the other, but pay attention to the virtual user's permissions on this directory)
Anon_world_readable_only=no (enable download users to download, can only download; write Yes, you will not be able to list files and directories)

The contents of the "admin" file are as follows:

Copy CodeThe code is as follows:
Local_root=/home/ftp
Anon_world_readable_only=no
Write_enable=yes (Write permission)
Anon_mkdir_write_enable=yes (new directory permission)
Anon_upload_enable=yes (upload permission)
Anon_other_write_enable=yes (delete/rename permissions)

The contents of the Web file are as follows:

Copy CodeThe code is as follows:
Local_root=/var/www
Anon_world_readable_only=no
anon_umask=022 (due to the particularity of the Web page, so separate set upload file permission is 755, this mask value can be changed depending on the situation)
Write_enable=yes (Write permission)
Anon_mkdir_write_enable=yes (new directory permission)
Anon_upload_enable=yes (upload permission)
Anon_other_write_enable=yes (delete/rename permissions)

9. Finally, restart VSFTPD

Copy CodeThe code is as follows:
#/etc/init.d/vsftpd restart

Vsftp set up virtual users different directories assign different permissions operation steps detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.