VSFTPD Virtual User Implementation

VSFTPD Virtual User

All virtual users will be uniformly mapped to a specified system account; Access to the shared location is the home directory for this system account each virtual user can give different access rights, specified by the permission control parameters of the anonymous user.

1 , create a virtual user's account password database file

A. Create an account password file

Format: Odd-numbered account, even-numbered behavior password

[[Email protected]~]# vim/etc/vsftpd/vusers.list

Test1 # User

123456 # Password

Test2

123456

Test3

123456

B. Convert the file to a binary database file, which needs to be implemented using the DB4 tool;

[[email protected] ~]# Yum installdb4–y # install DB4 Tools

[Email protected] ~]# cd/etc/vsftpd/

[email protected] vsftpd]# db_load-t-t hash-f vusers.list vusers.db # Generate database Files

[[email protected] vsftpd]# chmod 600vusers.* # Modify permissions to ensure password file security

2. Create an FTP directory to access

[Email protected] ~]# useradd-d/var/ftproot-s/sbin/nologin vuser

[Email protected] ~]# chmod +rx/var/ftproot/

Centos7 also needs to do the following:

[Email protected] ~]# Chmod–w/var/ftproot

[Email protected] ~]# Mkdir/var/ftproot/upload

[Email protected] ~]# setfacl-m u:vuser:rwx/var/ftproot/upload

3. Create a PAM configuration file

[Email protected] ~]# vim/etc/pam.d/vsftpd.db

Auth Required Pam_userdb.sodb=/etc/vsftpd/vusers

accountrequired pam_userdb.so Db=/etc/vsftpd/vusers

Note: The files that follow are not suffixed.

4. Specify PAM configuration file

[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf

PAM_SERVICE_NAME=VSFTPD # Set the profile name of the authentication service provided by the PAM plug-in module Guest_enable=yes # turn on the virtual user

Guest_username=vuser # Specifies a system user for virtual user mappings

PAM_SERVICE_NAME=VSFTPD.DB # Specify the virtual user account password database file

Virtual_use_local_privs=yes # Virtual users and local users have the same permissions;

After restarting the VSFTPD service, the virtual user can log on normally.

Note:selinux : Can disable selinux or perform setsebool–p ftpd_full_access 1

5, the virtual user to establish a separate configuration file

To meet the different needs of various users can create separate profiles for different virtual users to manage separately.

A. Create a separate profile for individual virtual users

[[Email protected] ~] #vim/etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/vuser.d/

B, for individual virtual User Configuration related parameters

[Email protected] vuser.d]# vim test2

Anon_upload_enable=yes # allow uploads (allows virtual users to upload files test2)

Download_enable=no # prohibit download (Disable virtual user test2 download file)

This enables the normal use of virtual users. Test1 has permission to upload, download, delete, and so on with the same permissions as its home directory,test2 can only be uploaded and not downloaded.

This article is from the "Fall" blog, please be sure to keep this source http://lxlxlx.blog.51cto.com/3363989/1885397

VSFTPD Virtual User Implementation