vsftpd-3.0.2 x86_64 Compile Installation

First, the environment

CentOS 5.6 x86_64
ip:192.168.10.100

Second, compile dependent component

Yum-y install gcc gcc-c++ db4-utils pam-devel libcap

Iii. compiling and installing configuration vsftpd

1, compile

wget https://security.appspot.com/downloads/vsftpd-3.0.2.tar.gz
tar-zxf vsftpd-3.0.2.tar.gz
CD vsftpd-3.0.2
#vi builddefs.h
    #define Vsf_build_tcpwrappers             //allows TCP Wrappers to be used (undef by default)
    #define Vsf_build_pam                     //allow use of PAM authentication
    #define VSF_BUILD_SSL                     //Allow SSL (default is undef) make
&& make install
mkdir/etc/vsftpd/
cp vsftpd.conf/etc/vsftpd/vsftpd.bak
grep-v ' ^# '/etc/vsftpd/vsftpd.bak >/etc /vsftpd/vsftpd.conf

#为了让vsftpd支持本地用户登录, the identity authentication module copies to the system directory
CP REDHAT/VSFTPD.PAM/ETC/PAM.D/VSFTPD

2. Configure VSFTPD to start independently

#vi/etc/xinetd.d/vsftpd

Change the No to Yes in disable

3, the creation of service startup script

In standalone mode, it is often difficult to start the service with the command above, and we do a script to start and stop the service. Create a new file/etc/rc.d/init.d/vsftpd and copy the following to the file:

#!/bin/bash # VSFTPD This Shell script takes care of starting and stopping # standalone VSFTPD. # chkconfig:-# DESCRIPTION:VSFTPD is a FTP daemon, which are the program # that answers incoming F
TP Service requests.
# processname:vsftpd # config:/etc/vsftpd/vsftpd.conf # Source function library. .
/etc/rc.d/init.d/functions # Source Networking configuration. .
/etc/sysconfig/network # Check that networking are up. [${networking} = "No"] && exit 0 [-x/usr/local/sbin/vsftpd] | |
        Exit 0 retval=0 prog= "vsftpd" Start () {# start daemons. if [-D/ETC/VSFTPD]; Then for I in ' ls/etc/vsftpd/*.conf ';
                        Do site= ' basename $i. conf ' Echo-n $ ' starting $prog for $site: "
                        /USR/LOCAL/SBIN/VSFTPD $i & retval=$? [$RETVAL-eq 0] && {touch/var/lock/subsys/$pRog Success $ "$prog $site"} Echo
        Do else retval=1 fi return $RETVAL} stop () {# Stop daemons.
        Echo-n $ "Shutting down $prog:" Killproc $prog retval=$?
echo [$RETVAL-eq 0] && rm-f/var/lock/subsys/$prog return $RETVAL} # Check how we were called.
  Case "in Start" start;;
  stop) stop;;
        Restart|reload) stop start retval=$?
  ;; Condrestart) If [-f/var/lock/subsys/$prog];
        Then stop start retval=$?
  fi;;
        Status $prog retval=$?
  ;;
 * echo $ "Usage: $ {Start|stop|restart|condrestart|status}" Exit 1 Esac Exit $RETVAL

Save the file, and then add execute permissions to the file:

# chmod 755/ETC/RC.D/INIT.D/VSFTPD

This allows us to manage the service in the following ways:

# service VSFTPD {start|stop|restart|condrestart|status}

For example, restart the service:

# service VSFTPD Restart
shutting down vsftpd: [OK]
starting vsftpd for vsftpd: [OK]

Iv. Creating virtual Users

1. Create user

[Root@ftp/] #useradd test-s/sbin/nolog-d/var/opt/test

[ROOT@FTP/] #passwd test

3. Edit VSFTPD's Pam Authentication file

[ROOT@CENTOS5/] #vi/etc/pam.d/vsftpd

If the system is 64 bits, change Lib to lib64

5. Configure vsftpd.conf

[ROOT@CENTOS5/] #vi/etc/vsftpd/vsftpd.conf
seccomp_sandbox=no
local_enable=yes
write_enable=yes
local_umask=022
idle_session_timeout=600
data_connection_timeout=120
chroot_list_enable=yes
chroot_local_user=no
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
hide_ Ids=yes
user_config_dir=/etc/vsftpd/vsftpd_user_dir
userlist_enable=no
userlist_deny=no
Userlist_file=/etc/vsftpd/user_list
Allow_writeable_chroot=yes
xferlog_file=/var/log/vsftpd.log
Xferlog_std_format=yes

6. Restart VSFTPD Service

[ROOT@CENTOS5/] #service vsftpd restart

7. User Profile

Add files and directories to the/ETC/VSFTPD directory

File chroot_list,user_list, and add user test to the file

Directory Vsftpd_user_dir, creating a user-appropriate file under the directory test

VI Test

Local_root=/var/opt/cms_video
local_umask=022
local_max_rate=500000000

Problems encountered and solutions:

/lib/libcap.so.1:could not read symbols:file into wrong format
Collect2:ld returned 1 exit status make
: * * * [vsft PD] Error 1

Workaround:

Modify the VSFTPD source pack vsf_findlibs.sh
vi vsf_findlibs.sh
locate_library/lib/libpam.so.0 && echo "/lib/ libpam.so.0 ";
Changed to locate_library/lib64/libpam.so.0 && echo "/lib64/libpam.so.0";

/lib/libcap.so.1:could not read symbols:file into wrong format
Collect2:ld returned 1 exit status make
: * * * [vsft PD] Error 1

Workaround:

Similarly modify vsf_findlibs.sh
will
# look for Libcap (capabilities)
if locate_library/lib/libcap.so.1; then
  echo " /lib/libcap.so.1 ";
else
  locate_library/usr/lib/libcap.so && echo "-lcap";
  Locate_library/lib/libcap.so && echo "-lcap";
Fi
modified to
# Look for Libcap (capabilities)
if locate_library/lib64/libcap.so.1; then
  echo "/lib64/ Libcap.so.1 ";
else
  locate_library/usr/lib64/libcap.so && echo "-lcap";
  Locate_library/lib64/libcap.so && echo "-lcap";
Fi

3 OOPS:vsftpd:refusing to run with writable root inside Chroot ()

Workaround:

This error is only after v2.3.5, see official Changlog as follows (meaning cannot use chroot limit writable root directory):

ADD stronger checks for the configuration error of running with a writeable root directory inside a chroot (). This could bite people who carelessly turned in Chroot_local_user but is life.

Well, if we enable chroot, we must ensure that the FTP root directory is not writable, so for the FTP root directly for the site root directory Users inconvenient, so it is recommended if the FTP root directory is/data, then the site structure can be divided,/data/log for the log directory,/data/ The web is the root of the Web site, so that we can remove write access to the/data directory without affecting the normal operation of the site.

chmod a-w/data

4. Report 530 login Incorrect Unable to login problem resolution

Verify that Lib is lib64 in the/etc/pam.d/vsftpd file