1. I have configured the following FTP server design requirements:
(1) Anonymous Users can log on to browse but cannot download
(2) set up four users of different levels to use this ftp server (virtual user) as follows:
User name: nan306 path/home/vsftpd management user, which can perform any operation on all files on the FTP server
User name: Down path/home/vsftpd/down Download user. Only files in this directory can be downloaded.
User name: Upload path/home/vstfpd/upload user. You can upload, download, delete, or perform other operations under this directory.
Username: path/home/vsftpd/File Management directory of the sensor network (WSN) lab. This directory is the internal information of this lab and is attached to the down virtual path.
2. Install vsftpd
$ Sudo apt-Get install vsftpd
After installation, no configuration is required. You can access the file anonymously. The default FTP folder is/srv/FTP.
3. Start, shut down, and restart vsftpd
$ Sudo/etc/init. d/vsftpd start # Start
$ Sudo/etc/init. d/vsftpd stop # disable
$ Sudo/etc/init. d/vsftpd restart # restart
Vsftpd is automatically started when it is started. When vsftpd is installed, it is automatically started by default. If you don't need it, you can close it. There are many ways to close it. Check it out on the Internet. I will use a command.
$ Sudo mV/etc/rc2.d/s20vsftpd/etc/rc2.d/k20vsftpd
Please refer to boot auto-start Article http://hi.baidu.com/jidaxiaobeibei/blog/item/e16309446cc0b237879473d6.html for details
3. vsftpd Configuration
This piece of online information is overwhelming. I will not list the configuration parameters here. For more information about the initial contact, see examples? Logid = 515 # commmark_241. If you are not in touch with the country, it is recommended that you first look at the content in the first website, simple and clear.
My suggestion for configuring this ftp for the first time is not to finish all the configurations and follow the instructions. I don't know which step is wrong if FTP is faulty, step by step.
My configuration process is as follows:
The configuration of vsftpd is very simple, that is, to open the/etc/vsftpd. conf file,
$ Sudo VI/etc/vsftpd. conf # I used SSH to log on to the server and configure it here. Therefore, if VI is used, sudo gedit/etc/vsftpd. conf can be used directly on the local machine.
Modify the parameters and restart the server.
$ Sudo/etc/init. d/vsftpd restart # restart to implement the configuration function.
The parameters of vsftpd. conf in the server configured by myself are as follows:
Listen = yes # enable an independent vsftpd Server
# Listen_ipv6 = yes no, comment out
Anonymous_enable = yes # anonymous access is required for this server
Local_enable = yes # use a virtual user and need local access (do not be confused about the local user and virtual user, please explain later)
Write_enable = yes # The local user needs to modify and delete the file.
# Local_umask = 022 FTP File Upload permission. The default value is 077. Each virtual user on the server has the upload permission setting. The total value is left blank and commented out.
# Anon_upload_enable = yes: whether anonymous users are allowed to upload files. You do not need to comment out the files anonymously.
# Anon_mkdir_write_enable = yes: whether to allow anonymous users to write and create directories. do not perform anonymous management or comment out
Dirmessage_enable = yes: When the directory is switched, whether to display the content of the message hidden file in the directory, which is used to display the login information set to Yes
Message_file = welcome information displayed by welcome. Create a welcome file in the FTP directory and enter the logon information. Common users often use. Message to hide files.
Xferlog_enable = yes whether to activate the upload and download logs.
Connect_from_port_20 = yes whether to start the connection request of FTP data port 20
Chown_uploads = yes whether to change the owner of the uploaded file. Here I need to change the owner of the uploaded file.
Chown_username = Virtual changes all uploaded files to virtual. This virtual user will be created later to implement virtual user login.
Xferlog_file =/var/log/vsftpd. Log default path for uploading/downloading log files
Xferlog_std_format = yes whether the standard ftpd xferlog format is used
Idle_session_timeout = 600 indicates whether the user session will be interrupted after being idle for 10 minutes.
Data_connection_timeout = 120 whether the data connection will be interrupted after being idle for 2 minutes
# Nopriv_user = ftbench cure whether to run vsftpd required non-special system users default nobody not required
# Async_abor_enable = yes: whether to allow running special FTP commands async not
Ascii_upload_enable = yes whether to enable the uploaded ASCII Transmission Mode
Ascii_download_enable = yes whether to enable the download ASCII Transmission Mode
Ftpd_banner = welcome to blah FTP service. Information is displayed after the user connects to the server.
# Deny_email_enable = yes: whether to allow anonymous users to use email addresses (default)
Max_clients = 10 # the maximum number of FTP Server users. Set this parameter to 10.
Max_per_ip = 5 # Restrict processes of each IP Address
Local_max_rate = 256000 # maximum transmission rate (B/S)
# Hide_ids = yes # Whether to hide the object owner and group information
Idle_session_timeout = 3000 # idle (in a daze) user session timeout time. If no data transmission or command input exceeds this time, the disconnection is forced. The Unit is seconds. The default value is 300.
The following is used to log on to a virtual user:
^
Guest_enable = yes use virtual user
Guest_username = Virtual: the virtual user is equivalent to the Local User Virtual
User_config_dir =/etc/vsftpd/vsftpd_user_conf virtual user configuration folder
Pam_service_name = vsftpd. vu virtual user Encryption Settings
^
Others that are not listed are considered as appropriate. If you do not understand them, keep them as they are.
Pay attention to the following points for configuration file modification:
1. Back up the configuration file before configuration. sudo CP/etc/vsftpd. CONF/etc/vsftpd. conf. back should be used for recovery after configuration error
2. Do not leave any blank lines after all configuration statements. I have not configured any space strictly, and delete all unnecessary comments, especially Chinese comments, if there are blank lines or spaces behind the configuration statement, an error is reported.
3. In order to prevent errors at, try to rewrite the configuration statement one by one. Do not copy the statements from the Internet. It is easy to have multiple spaces and press Enter.
4. Do not know if you need the configuration file as it is.
After the configuration is complete, restart FTP to check whether an error is returned and whether the connection can be established. If an error is reported or the connection cannot be established, check the configuration file. If the configuration file cannot be started, an error is returned, it is very likely that the configuration file contains spaces or carriage return, check and modify. If not, restore the configuration file and re-verify the configuration.
4. log on with a virtual user (text method)
There are many methods to achieve this. The main method is the text method and the Data Warehouse method, which are similar in fact. This article uses the text method.
Two concepts are involved: Local Users and virtual users.
A local user is a real Linux User, such as root and your login users.
Virtual users are not users in Linux, but virtual users created by themselves, used for FTP. Virtual users must be associated with a local user.
For the implementation of virtual users, refer to the official website. There are many official mistakes. It's not reasonable. I 've been doing this for a long time. The mistake is very simple, the local system user "Create local system user for virtual user" is wrong. It should be virtual, Which is changed:
Sudo useradd virtual-D/home/vsftpd-S/bin/false
Sudo chown virtual: virutal/home/vsftpd
You can change the username, but the name must be the same as the parameter of guest_username = Virtual in the configuration file vsftpd. conf.
............................................................................................................
The following is my configuration process, which can be viewed on the official website. Most of them are the same and slightly different:
First, create a folder.
Sudo mkdir/home/vsftpd
CD/home/vsftpd
Sudo mkdir down upload WSN
(1) create a virtual user database
Create a new loguser.txt file,
$ Sudo VI/home/loguser.txt
Enter the virtual user name and password in the format
Nan306
Mima1
WSN
Mima2
Upload
Mima3
Down
Mima4
Do not use multiple spaces or empty lines. Among them, nan306 and upload are virtual user names, and the other two are passwords.
Generate Database
First install a software
$ Sudo apt-Get install db4.7-util
Create a folder and place the configuration file
Sudo mkdir/etc/vsftpd
Then execute
$ Sudo db4.7 _ load-T-t hash-f/home/loguser.txt/etc/vsftpd/vsftpd_login.db
Finally, set the database file access permission.
$ Sudo chmod 600/etc/vsftpd/vsftpd_login.db
Configure the PAM File
Create/etc/PAM. d/vsftpd. vu
$ Sudo VI/etc/PAM. d/vsftpd. vu
The input content is as follows:
Auth required/lib/security/pam_userdb.so DB =/etc/vsftpd_login
Account required/lib/security/pam_userdb.so DB =/etc/vsftpd_login
* The database vsftpd_login we created in the previous step is used here
* The created virtual user will use Pam for verification. This is enabled through the statement pam_service_name = vsftpd. vu in the/etc/vsftpd. conf file. You will find it later.
(2) create a local user for a virtual user
Create a new system user vsftpd. the user's home directory is/home/vsftpd, and the user logon terminal is set to/bin/false (even if the user cannot log on to the system)
Udo useradd virtual-D/home/vsftpd-S/bin/false
Sudo chown virtual: virutal/home/vsftpd
So far, all three of our users can work, but their root directories are now/home/vsftpd, with the same permissions. So how can we achieve our goal?
(3) create the ETC/vsftpd_user_conf folder.
In the above configuration, there is such a line r_config_dir =/etc/vsftpd/vsftpd_user_conf
Now, we need to put the configuration files of each user in the/etc/vsftpd/vsftpd_user_conf directory.
Sudo mkdir/etc/vsftpd/vsftpd_user_conf
CD/etc/vsftpd/vsftpd_user_conf
Sudo touch nan306 WSN upload down
Each file is a configuration file. For example, nan306 is a system management user. The configuration is as follows:
Enable nan306
Sudo VI/etc/vsftpd/vsftpd_user_conf/nan306
Add
Write_enable = Yes
Anon_world_readable_only = No
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_other_write_enable = Yes
Local_root =/home/vsftpd
Note that there must be no space. Otherwise, an error will be prompted during logon. Same below
The management WSN folder is used for the WSN. The configuration is as follows:
Enable WSN
Sudo VI/etc/vsftpd/vsftpd_user_conf/WSN
Add
Write_enable = Yes
Anon_world_readable_only = No
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_other_write_enable = Yes
Local_root =/home/vsftpd/WSN
The Virtual Path of the down folder also needs to be mounted under the WSN directory.
Create a directory down under the WSN directory
Sudo mkdir/home/vsftpd/WSN/down
After the system starts, Mount/home/vsftpd/down to/home/vsftpd/WSN/down.
Rewrite/etc/rc. Local to enable startup
Sudo VI/etc/rc. Local
Add Mount-bind/home/vsftpd/down/home/vsftpd/WSN/down
In the upload directory
Write_enable = Yes
Anon_world_readable_only = No
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_other_write_enable = Yes
Local_root =/home/vsftpd/upload
Down directory
Local_root =/home/vsftpd/upload
Now the configuration is complete. Restart vsftpd and we can see the effect ^_^.
/Etc/init. d/vsftpd restart
500 Oops: cannot change directory:
In Linux, when FTP is enabled, the following problems occur: 500 Oops: cannot change directory:
If many Google users execute this command, OK setsebool ftpd_disable_trans 1 service vsftpd restart
But this problem occurs during execution. cocould not change active booleans: Invalid Boolean
After searching for a long time, I finally solved the problem.
Setsebool-P ftp_home_dir = 1
References:
For the basic information, see the following two
Http:// OS .51cto.com/art/201003/189123.htm
Http:// OS .51cto.com/art/200901/106622.htm
For more information, see the following two.
Http://www.linuxsir.org/main? Q = node/152 #8.4 this is good, and there are many practical settings in it
Http://www.517sou.net/blogview.asp? Logid = 515 # commmark_241 this is very comprehensive, very comprehensive, very advanced
Official virtual user configuration. If any error occurs, remember to change it.