vsftp3.0 Configuration Experience

Transferred from Baidu Experience http://jingyan.baidu.com/article/f96699bb9036f7894e3c1be1.html.

1. Installing the VSFTPD package #yum-y install vsftpd DB4 db4-utils
Turn off SELinux and iptables firewalls when the installation is complete

2. Start VSFPTD server #service vsftpd start
You can now log in with an anonymous user. The default anonymous user is ' FTP ' and the password is empty. Root directory is '/var/ftp '
Now anonymous users can only download files from the server, do not go up and create folders and so on permissions.

3. VSFTPD Configuration (/etc/vsftpd/vsftpd.conf)

A: Settings allow anonymous users to upload files to download files to create folders, etc.

Anon_upload_enable=yes #设置匿名用户有上转文件的权限
Anon_mkdir_write_enable=yes #设置匿名用户新建文件夹及文件权限
Anon_other_write_enable=yes #设置匿名用户有重命名及删除等权限
Restart the VSFTPD service after changing the above 備置

Log on to the VSFTP server after the discovery is still not able to go to files, etc., here is because/var/ftp directory ownership is root.
However, even if you change the/var/ftp property rights for FTP to achieve the effect, but you log in again you will find that the VSFTP server is not logged.
, so we change the location of the FTP folder to take effect.
#chown ftp/var/ftp/pub

OK, after completing this step, we can log in anonymously and upload the download, create delete folder, etc.

B: Settings enable local users to upload files to download files to create folders and so on. First, we need to create a local user, because VSFTPD is not allowed to log in with advanced privileges such as root for security by default.
And the body is which users can view (/etc/vsftpd/ftpusers)

#useradd-S/sbin/nologin micxp #这里用-S/sbin/nologin so that the user does not log on to the system.
#passwd MICXP #这里为给micxp用户设置密码为123
Changing password for user micxp.
New password:123
Bad Password:it is the too short
Bad Password:is too simple
Retype new password:123
Passwd:all authentication tokens updated successfully.

OK, in the vspftd.conf default settings, you can log on to the FTP server with a local user. And there are also up-turn and download
Delete Permissions like Create folder, however, you will send this user can switch to the root directory of the system. This is very not installed,
So we're going to set the profile to restrict local users to their home directories. That's/home/micxp.

Chroot_local_user=yes #这里开启把所有的本地用户限制在自己的家目录下 (The following settings will not work)

If you need to restrict some users to set the above configuration to no, and the following two to enable.
Chroot_list_enable=yes #这里开启是把需要限制的用户限制在家目. Users requiring restrictions must be written to the following chroot_list file.
# (default follows)
Chroot_list_file=/etc/vsftpd/chroot_list #这个与chroot_list_enable配对使用.

Now my configuration for local users is basically complete. For some if the speed limit and the number of client links are described in the following settings.

Here is the control of whether local users can log on to the configuration
The first of these methods
Userlist_enable=yes
Userlist_deny=yes user is not allowed to log in #则/etc/vsftpd/user_list file
The second method of
Userlist_enable=yes
Userlist_deny=no #则 A user in the/etc/vsftpd/user_list file can log in

Description: "/etc/vsftpd/user_list" is the default, there is a file "/etc/vsftpd/ftpusers" the user in this file is forbidden to log in.

C: Set up to use virtual users to upload files to download files to create folders and so on.

First set up a virtual user password text file, in the form of the singular user name, even the behavior password
As follows:
Vi/etc/vsftpd/vuser.txt
Enter the following content
VMICXP #虚拟用启名
456 #用户口令

Save and use Db_load to generate the user password library file. As follows:
#db_load-T-t hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser.db
#chmod 600/etc/vsftpd/vuser.db #为了安全设为只读.

Now edit/etc/vsftpd/vsftpd.conf to see if there are any pam_service_name=vsftpd to make sure to open. If you do not add it yourself.

Pam_service_name=vsftpd
Guest_enable=yes #这个是开启虚拟用户
Guest_username=vsftp #虚拟用户所映射的本地用户

Now to create this "vsftp" user
#useradd vsftp
Above that VSFTPD is in/etc/pam.d/vsftpd This article, open this file to comment out all the content with the # number. and add the following two lines.

Auth Required pam_userdb.so Db=/etc/vsftpd/vuser
Account Required Pam_userdb.so Db=/etc/vsftpd/vuser

It is important to note that the vuser referred to in the above DB does not need to be added ". db" or it will not be logged in.

OK, now you can log in to the VSFTP server with VMICXP, but you will find that you can log in and see nothing. Because the default permissions for virtual use are anonymous, setting "Virtual_use_local_privs=yes" in the master configuration file allows the virtual user to have the same permissions as the local user.

Virtual_use_local_privs This parameter is specified as follows.

When Virtual_use_local_privs=yes, the virtual user and the local user have the same permissions;
When Virtual_use_local_privs=no, the virtual user and the anonymous user have the same permissions, the default is No.

When Virtual_use_local_privs=yes,write_enable=yes, the virtual user has write permissions (upload, download, delete, rename).

When Virtual_use_local_privs=no,write_enable=yes,anon_world_readable_only=yes,
Anon_upload_enable=yes, virtual users can not browse the directory, only upload files, no other permissions.

When Virtual_use_local_privs=no,write_enable=yes,anon_world_readable_only=no,
Anon_upload_enable=no, virtual users can only download files, no other permissions.

When Virtual_use_local_privs=no,write_enable=yes,anon_world_readable_only=no,
Anon_upload_enable=yes, virtual users can only upload and download files, no other permissions.

When Virtual_use_local_privs=no,write_enable=yes,anon_world_readable_only=no,
Anon_mkdir_write_enable=yes, virtual users can only download files and create folders without additional permissions.

When Virtual_use_local_privs=no,write_enable=yes,anon_world_readable_only=no,
Anon_other_write_enable=yes, virtual users can only download, delete, and rename files without additional permissions.

Note You can also use user_config_dir=/etc/vsftpd/vsftpd_user_conf to set the exclusive permissions for each virtual use

#mkdir/etc/vsftpd/vsftpd_user_conf
#vi/etc/vsftpd/vsftpd_user_conf/vmicxp #vmicxp This file name corresponds to each of your virtual users.

#如为这个用设置他的家目录.

Local_root=/home/vmicxp

Okay, now it's done with the virtual user Setup.

PS if chroot fails,

Add Allow_writeable_chroot=yes.

vsftp3.0 Configuration Experience