Vsftp Virtual User Configuration

1: Prepare before configuration:

Yum Install pam*
Yum Install db4*

First install the PAM (for user authentication) and DB4 (the db file used to generate the user name password for the virtual user).
2, Installation vsftpd
Yum Install vsftpd
Set VSFTPD boot:
Chkconfig vsftpd on
Viewing startup items through Chkconfig--list

3. Configure vsftpd.conf

Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Xferlog_enable=yes
Xferlog_file=/etc/vsftpd/vsftpd.log
Xferlog_std_format=yes
Connect_from_port_20=yes
idle_session_timeout=600
Listen=yes
Pam_service_name=vsftpd
Userlist_enable=yes
Tcp_wrappers=yes
Guest_enable=yes
Guest_username=ftp
User_config_dir=/etc/vsftpd/virtualuser_conf
* Important Parameter Description:
Anonymous_enable=no does not allow anonymous access
Local_enable=yes Local Users can access, if set to No, FTP this system local users are not able to access, and all of the FTP client is certainly not able to upload and download.
Write_enable=yes #可写 (can be uploaded)
Xferlog_enable=yes
Xferlog_file=/etc/vsftpd/vsftpd.log
Xferlog_std_format=yes
These 3 items because of setting the log log, remember to create a new Vsftpd.log file under/etc/vsftpd/.
Guest_enable=yes #启用虚拟用户
Guest_username=ftp #虚拟用户借用的系统本地用户名
user_config_dir=/etc/vsftpd/virtualuser_conf# the profile path of the virtual user, so don't forget to create a new virtualuser_conf folder under the/etc/vsftpd/directory

This can be completely ignored, add the following three lines under your own configuration file OK.

Guest_enable=yes #启用虚拟用户
guest_username=ftp #虚拟用户借用的系统本地用户名
user_config_dir=/etc/vsftpd/virtualuser_conf# The profile path of the virtual user, so don't forget to create a new virtualuser_conf folder under the/etc/vsftpd/directory

4 Configure virtual User
For example, I want to add a user named Admin1, the FTP client uses the user name (after password settings) for uploading and downloading, in the/etc/vsftpd/ virtualuser_conf a new file called Admin1: Admin1. The contents of the file are:
Local_root=/var/www/virtualftp # This directory needs to be created by itself
Write_enable=yes
anon_umask=022
Anon_world_ Readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
* Parameter description:
Local_root=/home/ftpuser #该虚拟用户上传下载的根目录
Write_enable=yes #可写 (can be uploaded)
anon_umask=022 #掩码
Next in/etc/ vsftpd/directory Create a new text document that records the user name password for all client users (virtual users):
Touch virtualuser_passwd.txt

contents:
Admin1
mypassword1
admin2
Mypassword2
Odd Line is user name, even line is password , two virtual users were built here, but the admin2 user did not give the settings.
Next, generate a DB file for virtual user authentication
db_load-t-T hash-f/etc/vsftpd/virtualuser_passwd.txt/etc/vsftpd/virtualuser_ Passwd.db
Then, edit the authentication file/etc/pam.d/vsftpd, all comment out the original statement
and add the following two sentences
Auth required pam_userdb.so db=/etc/vsftpd /VIRTUALUSER_PASSWD
Account required pam_userdb.sodb=/etc/vsftpd/virtualuser_passwd

5. Set directory permissions on the server
Because this set of upload download root directory for/var/www/virtualftp, so the permissions of this folder is very important, start new when it is Root:root, belongs to the root user, belongs to the root group, and later changed to Root:ftp, that is changed to the FTP group, Because the client uploads the download with the help of the FTP user on the server, the FTP user belongs to the FTP group. This can be accessed to download, but there is a problem with the download, a variety of permissions, and finally changed the directory directly to ftp:ftp all the problems are not, and the FTP user to the directory has rwx (readable writable executable) permissions:
Chown-r Root:ftp/home/ftpuser
chmod 077/home/ftpuser
6, the following can be restarted vsftp and then test the virtual user, but at this time the virtual user can log in, but our local users will not be able to login! It's very uncomfortable, it is said that the problem of Pam module authentication does not allow virtual users and local users to coexist. So I changed the contents of the PAM configuration:

The following are the contents of/ETC/PAM.D/VSFTPD:
#%pam-1.0
Auth required pam_userdb.so db=/etc/vsftpd/virtualuser_passwd
Account Required PAM_USERDB.SODB=/ETC/VSFTPD/VIRTUALUSER_PASSWD

Session optional pam_keyinit.so Force revoke
Auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
Auth Required pam_shells.so
auth include Password-auth
Account include Password-auth
Session Required Pam_loginuid.so
session include Password-auth

Virtual user Pam Authentication required configuration entries, the following is the original VSFTPD authentication configuration rules, you can see that the local user is Password-auth, from here can be seen if the virtual users and local users coexist, both parts can not be commented. Comment out the following section on the Web, which is a situation where local users cannot log on. Remove comments from local and virtual users and restart Vsftp. (However, I can not log in at the same time, this will be updated later)

Vsftp Virtual User Configuration