Vsftpd virtual user configuration (Linux FTP)

Linux (Ubuntu server 11.10) FTP server-vsftpd virtual user configuration
Vsftp is an FTP server software released based on GPL on Unix-like systems. Its full name is very secure ftp. From this name, the author's original intention is Code Security. Security is the original intention of vsftp writing. In addition to the inherent security features, high speed and high stability are also two important features of vsftp.
In terms of speed: when data is downloaded in ASCII code mode, the speed of vsftp is twice that of Wu-FTP. If the Linux host uses 2. 4. * The download speed of the kernel on Gigabit Ethernet is up to 86 Mb/s.
In terms of stability: vsftp is even better. vsftp supports simultaneous connection of more than 4000 concurrent users on a single machine (non-cluster). Based on the data of the RedHat FTP Server (ftp.redhat.com, vsftp server supports 15000 concurrent users
This article describes how to configure vsftp virtual user mode:
Install vsftp: sudo apt-Get install vsftpd
Install the database package: sudo apt-Get install DB-util
Configure virtual users (enter/etc/vsftpd)
1. Create a virtual user password Library File
# Vim vusers. List (The first line writes the user name, the second line writes the password, save and quit)
User1
User1pwd
User2
User2pwd
2. Generate the authentication File For vsftpd
# Db_load-T-t hash-F vusers. LIST/etc/vsftpd/vsftpd_login.db (generate authentication file)
# Chmod 600/etc/vsftpd/vsftpd_login.db (authorization)
3. Create the PAM Configuration File required by the virtual user
# Vim/etc/PAM. d/vsftpd (Add the following content and add all other comments .)
Auth required pam_userdb.so DB =/etc/vsftpd/vsftpd_login
Account required pam_userdb.so DB =/etc/vsftpd/vsftpd_login
4. Create a directory to be accessed by a virtual user and Set permissions
# Useradd-D/home/ftp-S/sbin/nologin virtual
# Chmod 777/home/FTP/
Add the following parameter configuration items in vsftpd. conf:
Guest_enable = Yes
Guest_username = Virtual
5. set different permissions for different virtual users
# Mkdir/etc/vsftpd/vsftpd_user_conf
# Vim/etc/vsftpd/vsftpd_user_conf/user1 (Create a separate configuration file for the user. The file name is the user name)
Local_root =/home/FTP/user1 # The virtual user directory can be modified according to the actual situation.
Write_enable = Yes
Virtual_use_local_privs = Yes # Virtual users have write permissions (upload, download, delete, and rename)
Add the following parameter configuration items in vsftpd. conf:
User_config_dir =/etc/vsftpd/vsftpd_user_conf
6. Banned ftp users in the Home Directory
Write the user name to be banned to the "vsftpd. chroot_list" file.
# Vim/etc/vsftpd. chroot_list
User1
User2
Add the following parameter configuration items in vsftpd. conf:
Chroot_list_enable = Yes
Chroot_list_file =/etc/vsftpd. chroot_list
The following describes how to set the FTP passive connection port. The FTP protocol works in two ways: Port and PASV. The Chinese meaning is active and passive.
The active connection process is that the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the client uses the PORT command on the command link to tell the server: "I opened port XXXX and you came to connect to me ". The server sends a connection request from Port 20 to port XXXX of the client and establishes a data link to transmit data.
PASV (passive) connection process: the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the server uses the PASV command on the command link to tell the client: "I opened port XXXX, and you came to connect to me ". Therefore, the client sends a connection request to port XXXX of the server and establishes a data link to transmit data.
If the FTP client software sets a passive connection, you must set a passive port in the vsftp configuration file:

Add the following parameter configuration items in vsftpd. conf:
Pasv_min_port = 3000
Pasvanderbilt max_port = 3010
If you enable the iptables firewall, you must configure the following:
Iptables-A input-p tcp-s 0/0 -- dport 3000-J accept
Iptables-A input-p tcp-s 0/0 -- dport 3000: 3010-J accept
If SELinux is started, SELinux blocking must be removed:
# Setsebool-P ftpd_disable_trans 1
# Service vsftpd restart
Note:Virtual_use_local_privs Parameter
When virtual_use_local_privs = Yes, the virtual user and the local user have the same permissions;
When virtual_use_local_privs = No, the virtual user and anonymous user have the same permissions. The default value is no.

When virtual_use_local_privs = yes and write_enable = Yes, the virtual user has the write permission (upload, download, delete, and rename ).

When virtual_use_local_privs = No, write_enable = Yes, anon_world_readable_only = Yes,
When anon_upload_enable = Yes, a virtual user cannot browse directories, but can only upload files without other permissions.

When virtual_use_local_privs = No, write_enable = Yes, anon_world_readable_only = No,
When anon_upload_enable = NO, a virtual user can only download files and has no other permissions.

When virtual_use_local_privs = No, write_enable = Yes, anon_world_readable_only = No,
When anon_upload_enable = Yes, a virtual user can only upload and download files without other permissions.

When virtual_use_local_privs = No, write_enable = Yes, anon_world_readable_only = No,
When anon_mkdir_write_enable = Yes, a virtual user can only download files and create folders without other permissions.

When virtual_use_local_privs = No, write_enable = Yes, anon_world_readable_only = No,
When anon_other_write_enable = Yes, a virtual user can only download, delete, and rename files, and has no other permissions.