Vsftp virtual user configuration

A virtual user can only access the FTP service provided by the server, but cannot access other resources of the system. Therefore, if you want to grant the write permission to the FTP server station but do not allow access to other system resources, you can use virtual users to improve system security.

In vsftp, virtual users are authenticated using a separate password library file (pam_userdb), which is authenticated by the pluggable authentication module (PAM. This method is safer and more flexible.
The following describes the configuration process.

1. Generate a virtual user password library file. To create a password library file, you must first generate a text file. The file format is as follows: singular behavior username, even behavior password:

# Vi account.txt
Ylg
1234
Zhanghong
4321
GoU
5678
 

2. Generate a password library file and modify its permissions:

# Db_load-T-t hash-F./account.txt/etc/vsftpd/account. DB
# Chmod 600/etc/vsftpd/account. DB
 

3. Create a virtual user's Pam file. Add the following two lines:

# Vi/etc/PAM. d/vsftp. vu
Auth required/lib/security/pam_userdb.so DB =/etc/vsftpd/account
Account required/lib/security/pam_userdb.so DB =/etc/vsftpd/account
 

4. Create a virtual user, set the directory to be accessed by the user, and set the virtual user access permissions:

# Useradd-D/home/ftpsite virtual_user
# Chmod 700/home/ftpsite
 

After this step,/home/ftpsite is the home directory of virtual_user, and this user is also the owner of the ftpsite directory. Except the root user, only the user has the permission to read, write, and execute the directory.

5. Edit the/etc/vsftpd. conf file so that the content of the entire file is as follows (the comment is removed ):

Anonymous_enable = No
Local_enable = Yes
Local_umask = 022
Xferlog_enable = Yes
Connect_from_port_20 = Yes
Xferlog_std_format = Yes
Listen = Yes
Write_enable = Yes
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_other_write_enable = Yes
One_process_model = No
Chroot_local_user = Yes
Ftpd_banner = Welcom to my FTP server.
Anon_world_readable_only = No
Guest_enable = Yes
Guest_username = virtual_user
Pam_service_name = vsftp. vu
 

In the code above, guest_enable = Yes indicates that a virtual user is enabled; guest_username = Virtual indicates that a virtual user is mapped to a local user, so that the virtual user can log on to the local user's virtual directory/ftpsite; pam_service_name = vsftp. the configuration file of PAM specified by VU is vsftp. vu.

6. Restart vsftp:
# Service vsftpd restart

7. test with a virtual user GoU (this account is not available in Linux:

# Ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1 ).
220 Welcom to my FTP server.
Name (127.0.0.1: Root): GoU
331 please specify the password.
Password:
230 login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
 

On the virtual FTP server, you can also set permissions for each user. Add the following line to the/etc/vsftpd. conf file:
User_config_dir = user configuration file directory

Then, create the corresponding user configuration file under the user configuration file directory. For example, create a configuration file for the user named Gou (assuming the configuration file directory is/etc/vsftpd_user_conf ):

# Vi/etc/vsftpd_user_conf/gou
Write_enable = No
Anono_upload_enable = No
 
8. Virtual user personal directory settings

You can find that no matter which virtual user is, the directory in which the user logs on is/home/ftpsite, which is the home directory of the guest user. The following describes how to create a directory for each virtual user.
One way is to use the local_root option in the virtual user's personal configuration file to specify the virtual user's own directory. Take Gou as an example. Based on step 1, add the following to the/etc/vsftpd_user_conf/Gou file:
Local_root =/home/ftpsite/gou

Create a Gou directory under/home/ftpsite and set the permission to virtual_user:

9. Add an FTP user

1.add the user name and password to account.txt

2. Run the following command to add the user name and password to the database.

Db_load-T-t hash-F./account.txt/etc/vsftpd/account. DB

3. Create a new folder in/home/ftpsite.

4. Create a file in the vsftpd_user_conf folder with the same username and add
Local_root =/home/ftpsite/User Name