vsftpd-3.0.2 x86_64 Compile and install

First, the environment

CentOS 5.6 x86_64
IP: 192.168.10.100

Second, compile dependent components

Yum gcc gcc-c++ db4-utils pam-devel

Third, compile the installation configuration vsftpd

1. Compiling

wgethttps://security.appspot.com/downloads/vsftpd-3.0.2.Tar. GZTAR-ZXF vsftpd-3.0.2.tar.gzCDvsftpd-3.0.2#VIBuilddefs.h #define VSF_BUILD_TCPWRAPPERS//allow use of TCP Wrappers (default is undef) #define Vsf_build_pam Allow the use of PAM Authentication #define VSF_BUILD_SSL//Allow SSL (default is undef) Make&& make Installmkdir/etc/vsftpd/CPVsftpd.conf/etc/vsftpd/vsftpd.bakgrep-V ' ^# '/etc/vsftpd/vsftpd.bak >/etc/vsftpd/vsftpd.conf# in order for VSFTPD to support local user login, the authentication module is copied to the system directory CP Redhat/vsftpd.pam/ Etc/pam.d/vsftpd

2. Configure VSFTPD to start independently

#vi/etc/xinetd.d/vsftpd

Change the Disable no to Yes

3, the production of service startup script

In standalone mode, it is often troublesome to start the service with the above command, we make a script to start and stop the service. Create a new file/etc/rc.d/init. D/VSFTPD and copy the following to the file:

#!/bin/bash## VSFTPD ThisShellScript takes care of starting and stopping# standalone vsftpd.##Chkconfig:-50# DESCRIPTION:VSFTPD is aFTPDaemonwhichis the program # that answers incoming FTPServicerequests.# processname:vsftpd# config:/etc/vsftpd/vsftpd.conf# Source function Library. /etc/rc.d/init.d/functions# Source Networking configuration: /etc/sysconfig/network# Check that networking are up. [${networking} = "No"] &&Exit0[-X/USR/LOCAL/SBIN/VSFTPD] | |        Exit 0retval=0prog= "VSFTPD" Start () {# start daemons. if [-D/ETC/VSFTPD]; Then for I in 'ls/etc/vsftpd/*.conf '; Do site= 'basename$i. conf 'Echo-N $ "starting $prog for $site:"/usr/local/sbin/vsftpd $i & retval=$? [$RETVAL-eq 0] && {Touch/var/lock/subsys/$prog Success $ "$prog $site"} EC         Ho done Else retval=1 fi return $RETVAL}stop () {# Stop daemons.        Echo-n $ "Shutting down $prog:" Killproc $prog retval=$? echo [$RETVAL-eq 0] &&RM-f/var/lock/subsys/$prog return $RETVAL}# See how we were Called.case "$" in start) start;  stop) stop;;        Restart|reload) stop start retval=$?  ;; Condrestart) If [-f/var/lock/subsys/$prog];        Then stop start retval=$?  fi;;        Status) status $prog retval=$?  ;; *) echo $ "Usage: $ start|stop|restart|condrestart|status}" Exit 1esacexit $RETVAL

Save the file, and then add the Execute permission to the file:

chmod 755/etc/rc.d/init.d/vsftpd

This way we can manage the service in the following ways:

# service VSFTPD {start|stop|restart|condrestart|status}

For example, restart the service:

# service VSFTPD restartshutting down vsftpd: [OK]starting vsftpd for vsftpd: [OK]

Iv. Creating a virtual user

1. Add a virtual user password file

[[email protected]/] #vi/etc/vsftpd/vuser.txt

Add a virtual user name and password, a row of user names, a single line of passwords, and so on. Odd behavior user name, even behavior password.

test001 #用户名123456 #密码test002 #用户名123456 #密码

2. Generate the virtual user password Authentication file

Convert the vuser.txt virtual user password file you just added into a system-recognized password Authentication file.

[[email protected]/] #db_load-t-t hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser.db

3. Edit VSFTPD's PAM certification file

[[email protected]/] #vi/ETC/PAM.D/VSFTPD

Comment out all the other inside, add the following two lines:

Auth required/lib/security/pam_userdb.so db=/etc/vsftpd/vuseraccount required/lib/security/pam_userdb.so db=/etc/ Vsftpd/vuser

4. Establish local mapping user and set host directory permissions

All FTP virtual users need to use a system user, this system user does not need the password.

[Email protected]/]#useradd vftp-d/data-s/bin/false

5. Configure vsftpd.conf (Set virtual User Configuration items)

[[email protected]/] #vi/etc/vsftpd/vsftpd.confguest_enable=yes #开启虚拟用户guest_username =vftp #FTP虚拟用户对应的系统用户pam_ SERVICE_NAME=VSFTPD #PAM认证文件

6. Restart the VSFTPD service

[[email protected]/] #service vsftpd restart

7. Test Virtual User Login FTP

Login successful.

Configuration file Instance

/etc/vsftpd/vsftpd.conflisten=yesftpd_banner=welcome to this FTP serverlocal_enable=yesanonymous_enable=nochroot_ Local_user=yesuser_config_dir=/etc/vsftpd/userconfigguest_enable=yesguest_username=vftppam_service_name= Vsftpdwrite_enable=yesdownload_enable=yesdirlist_enable=yeshide_ids=yesuse_localtime=yescheck_shell=no

Virtual User Configuration Instance

/etc/vsftpd/userconfig/test001

The root directory for test001 is/data, and permissions are permissions that can be uploaded, downloaded, created, renamed, and deleted.

local_root=/dataanon_world_readable_only=nowrite_enable=yesanon_upload_enable=yesanon_other_write_enable= Yesanon_mkdir_write_enable=yes

Problems encountered and solutions:

Read file LD returned 1 exit statusmake: * * * [VSFTPD] Error 1

Workaround:

Modify the VSFTPD source package Vsf_findlibs.shvi vsf_findlibs.sh will locate_library/lib/libpam.so.0 && echo "/lib/libpam.so.0"; Change to locate_library/lib64/libpam.so.0 && echo "/lib64/libpam.so.0";/lib/libcap.so.1:could not read symbols:file In wrong Formatcollect2:ld returned 1 exit statusmake: * * * [VSFTPD] Error 1

Workaround:

 Similarly modified vsf_findlibs.sh will # look " For LIBCAP (capabilities) if locate_library/lib/libcap.so.1;  Then echo "/lib/libcap.so.1", Else locate_library/usr/lib/libcap.so && echo "-lcap"; Locate_library/lib/libcap.so && echo "-lcap"; fi modified to # Look for Libcap (capabilities) if locate_library/lib64/ Libcap.so.1;  Then echo "/lib64/libcap.so.1", Else locate_library/usr/lib64/libcap.so && echo "-lcap"; Locate_library/lib64/libcap.so && echo "-lcap"; Fi 

3. OOPS:vsftpd:refusing to run with writable root inside chroot()

Workaround:

This error is only after v2.3.5, see the official Changlog as follows (meaning that you cannot use chroot to restrict the writable root directory):

ADD stronger checks for the configuration error of running with a writeable root directory inside a chroot (). This could bite people who carelessly turned on chroot_local_user but such was life.

Well, if we enable chroot, we must ensure that the FTP root directory is not writable, so that the FTP root directly for the site root user is not convenient, so if the FTP root directory is/data, then the site structure can be such points,/data/log for the log directory,/data/ The web is the root of the Web site, so that we can remove the write access to the/data directory without affecting the site's normal operation.

chmod A-w /data

vsftpd-3.0.2 x86_64 Compile and install