The method of integration Vsftp of Linux system Web server

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Yesterday we wrote a "Linux (Fedora, redhat) configuration Web+ftp Server full tutorial" said the Web server installed the entire process, today we continue to say on the APAHCE server integration Vsftp, And the Apache and VSFTP virtual account permissions configuration.

Iii. FTP installation configuration under Web server

Linux under a lot of FTP open source software, we choose here is vsftp, it's information you can go to ask Niang, do not explain, directly into the installation configuration, the same we use the Yum command.

Yum Install vsftpd pam DB4 "Install VSFTPD Main program/pam verify/DB4 Tool"

Chkconfig vsftpd on "Set vsftpd boot Up"

Service VSFTPD Start VSFTPD Services

1, configure VSFTPD configuration file:

VSFTPD profile default location in:/etc/vsftpd/vsftpd.conf, usually we choose to back up a copy of the original configuration file, and then edit, the following steps:

MV vsftpd.conf vsftpd.conf-old "rename vsftpd.conf file to Vsftpd.conf-old backup"

vi/etc/vsftpd/vsftpd.conf New and edit vsftpd.conf file

My habit is to rename the original profile and then create a new file to write the required configuration information, you can also copy the original file, and then modify.

Then open the new vsftpd.conf file and write as follows:

Anonymous_enable=no

Anonymous Logon is not allowed, usually FTP on our web server does not allow anonymous logons

Local_enable=no

Prohibit (or allow) local user logon

Write_enable=yes

Give writable permission

Chroot_local_user=yes

Lock user Directory, FTP user logon FTP can only operate in their own directory

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Prohibit anonymous users from uploading, creating new directory Permissions

Dirmessage_enable=yes

Allow FTP users to list file directories

Xferlog_enable=yes

Write to log

Connect_from_port_20=yes

Listen=yes

Use port 20, which is usually the default

Pam_service_name=vsftpdpamconf

Userlist_enable=yes

Tcp_wrappers=yes

The first row is more important, specifying the configuration file for Pam validation

Guest_enable=yes

Open Virtual User

Guest_username=apache

Specifies that virtual users have access to local user Apache * This is particularly important, the FTP virtual user on the Web server must be set to Apache permissions, otherwise ftp uploaded files can not be normal access, and can not modify the Web site generated files.

User_config_dir=/etc/vsftpd/vuser_conf

Location of configuration files for virtual users

Virtual_use_local_privs=yes

The virtual user has local user rights, which is available, otherwise the FTP user cannot change the file permissions

Then save and exit the VI editor, this step of our vsftp.conf configuration, implementation: Service VSFTPD Restart restart VSFTPD Services Test configuration file is correct.

2, add vsftpd virtual account:

Above we have configured the virtual user's authentication file type is Pam, the filename is vsftpdpamconf, the following steps we want to enter the directory/ETC/VSFTPD to establish the virtual User DB Library:

VI vuservsftpd.txt "New and edit file Vuservsftpd.txt"

Write the virtual user and password you want to create, one line for the username double behavior password, note that there can be no spaces, examples:

Vuser1

Password1

Vuser2

Password2

..................

Save the exit after the build is complete, and then use the DB command to generate the virtual user library files that VSFTPD authentication requires:

Db-t-T hash-f vuservsftpd.txt vsftpdpamconf.db

Note the DB filename will be the same as the PAM authentication name set in vsftpd.conf

Group after we for security can be deleted just newly created vuservsftpd.txt, the next need to add a username and then new, you can also set the Vsftpdpamconf.db file permissions to 644.

3, add vsftpd Virtual account configuration file:

Only new account verification is not enough, because the virtual account does not have the corresponding configuration file does not take effect, 1 steps inside we identified the virtual account in the vsftpd.conf file directory as:/etc/vsftpd/vuser_conf, below we enter this directory work:

The configuration file must be named the same as the virtual account name, so we created two new files: Vuser1, Vuser2, and write the following configuration information as needed:

Local_root=/var/www/html/demo

Set the virtual user's more directory, because we need to implement each site an FTP account management, so his root directory is the site we need to manage the virtual directory.

Write_enable=yes

Download_enable=yes

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

Give virtual users the ability to write, download, upload, create new directories, etc.

Anon_world_readable_only=no

Currently do not understand the meaning of this, but must exist

Above is my configuration file, you can add or write off some permissions as needed, log off only need to precede the statement with the "#" number, of course, you can also directly delete.

Here our Linux WEB+FTP can be configured successfully, you can also use FTP software login upload program and install your site.

The above are configured to complete the Web site or inaccessible and can not log on to ftp how to do?

When you have done the above configuration, and ensure that you do not have a problem with the configuration, you have to consider the firewall and Linux default security mechanism, some systems by default is to open the SELinux and iptable firewall, then we need to close it to verify the configuration success:

Setenforce 0

Service Iptables Stop

Temporarily shut down SELinux and iptables firewalls, reboot and restore

Above is the temporary shutdown security mechanism SELinux and firewall iptables method, usually does not recommend the permanent shutdown, because our service needs to protect, if the test above the web and vsftp can be normal access after the shutdown then we will slowly configure firewall rules, For the 88iptables configuration we will continue the discussion in the next article.

The author of this article: Feng Zhiqiang, the original text: http://www.crazyer.org reprinted annotated.