Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
Yesterday we wrote a "Linux (Fedora, redhat) configuration Web+ftp Server full tutorial" said the Web server installed the entire process, today we continue to say on the APAHCE server integration Vsftp, And the Apache and VSFTP virtual account permissions configuration.
Iii. FTP installation configuration under Web server
Linux under a lot of FTP open source software, we choose here is vsftp, it's information you can go to ask Niang, do not explain, directly into the installation configuration, the same we use the Yum command.
Yum Install vsftpd pam DB4 "Install VSFTPD Main program/pam verify/DB4 Tool"
Chkconfig vsftpd on "Set vsftpd boot Up"
Service VSFTPD Start VSFTPD Services
1, configure VSFTPD configuration file:
VSFTPD profile default location in:/etc/vsftpd/vsftpd.conf, usually we choose to back up a copy of the original configuration file, and then edit, the following steps:
MV vsftpd.conf vsftpd.conf-old "rename vsftpd.conf file to Vsftpd.conf-old backup"
vi/etc/vsftpd/vsftpd.conf New and edit vsftpd.conf file
My habit is to rename the original profile and then create a new file to write the required configuration information, you can also copy the original file, and then modify.
Then open the new vsftpd.conf file and write as follows:
Anonymous_enable=no
Anonymous Logon is not allowed, usually FTP on our web server does not allow anonymous logons
Local_enable=no
Prohibit (or allow) local user logon
Write_enable=yes
Give writable permission
Chroot_local_user=yes
Lock user Directory, FTP user logon FTP can only operate in their own directory
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Prohibit anonymous users from uploading, creating new directory Permissions
Dirmessage_enable=yes
Allow FTP users to list file directories
Xferlog_enable=yes
Write to log
Connect_from_port_20=yes
Listen=yes
Use port 20, which is usually the default
Pam_service_name=vsftpdpamconf
Userlist_enable=yes
Tcp_wrappers=yes
The first row is more important, specifying the configuration file for Pam validation
Guest_enable=yes
Open Virtual User
Guest_username=apache
Specifies that virtual users have access to local user Apache * This is particularly important, the FTP virtual user on the Web server must be set to Apache permissions, otherwise ftp uploaded files can not be normal access, and can not modify the Web site generated files.
User_config_dir=/etc/vsftpd/vuser_conf
Location of configuration files for virtual users
Virtual_use_local_privs=yes
The virtual user has local user rights, which is available, otherwise the FTP user cannot change the file permissions
Then save and exit the VI editor, this step of our vsftp.conf configuration, implementation: Service VSFTPD Restart restart VSFTPD Services Test configuration file is correct.
2, add vsftpd virtual account:
Above we have configured the virtual user's authentication file type is Pam, the filename is vsftpdpamconf, the following steps we want to enter the directory/ETC/VSFTPD to establish the virtual User DB Library:
VI vuservsftpd.txt "New and edit file Vuservsftpd.txt"
Write the virtual user and password you want to create, one line for the username double behavior password, note that there can be no spaces, examples:
Vuser1
Password1
Vuser2
Password2
..................
Save the exit after the build is complete, and then use the DB command to generate the virtual user library files that VSFTPD authentication requires:
Db-t-T hash-f vuservsftpd.txt vsftpdpamconf.db
Note the DB filename will be the same as the PAM authentication name set in vsftpd.conf
Group after we for security can be deleted just newly created vuservsftpd.txt, the next need to add a username and then new, you can also set the Vsftpdpamconf.db file permissions to 644.
3, add vsftpd Virtual account configuration file:
Only new account verification is not enough, because the virtual account does not have the corresponding configuration file does not take effect, 1 steps inside we identified the virtual account in the vsftpd.conf file directory as:/etc/vsftpd/vuser_conf, below we enter this directory work:
The configuration file must be named the same as the virtual account name, so we created two new files: Vuser1, Vuser2, and write the following configuration information as needed:
Local_root=/var/www/html/demo
Set the virtual user's more directory, because we need to implement each site an FTP account management, so his root directory is the site we need to manage the virtual directory.
Write_enable=yes
Download_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Give virtual users the ability to write, download, upload, create new directories, etc.
Anon_world_readable_only=no
Currently do not understand the meaning of this, but must exist
Above is my configuration file, you can add or write off some permissions as needed, log off only need to precede the statement with the "#" number, of course, you can also directly delete.
Here our Linux WEB+FTP can be configured successfully, you can also use FTP software login upload program and install your site.
The above are configured to complete the Web site or inaccessible and can not log on to ftp how to do?
When you have done the above configuration, and ensure that you do not have a problem with the configuration, you have to consider the firewall and Linux default security mechanism, some systems by default is to open the SELinux and iptable firewall, then we need to close it to verify the configuration success:
Setenforce 0
Service Iptables Stop
Temporarily shut down SELinux and iptables firewalls, reboot and restore
Above is the temporary shutdown security mechanism SELinux and firewall iptables method, usually does not recommend the permanent shutdown, because our service needs to protect, if the test above the web and vsftp can be normal access after the shutdown then we will slowly configure firewall rules, For the 88iptables configuration we will continue the discussion in the next article.
The author of this article: Feng Zhiqiang, the original text: http://www.crazyer.org reprinted annotated.