CentOS 6.8 ftp service installation and configuration based on local users and virtual users

CentOS 6.8 ftp service installation and configuration based on local users and virtual users

First, install ftp services

1, check whether the installation

# rpm -qa | grep ftp

ftp-0.17-54.el6.x86_64

vsftpd-2.2.2-21.el6.x86_64

2, if not installed to install

# yum -y install vsftp

# yum -y install ftp

/ / If the offline environment on the Internet to go ahead to download ftp rpm package for manual installation

3, ftp service command

# /etc/init.d/vsftpd start      Start the ftp service manually

service vsftpd start

# chkconfig vsftpd on           set to boot from the start

# service vsftpd stop

# service vsftpd restart

# service vsftpd status

Second, the allocation of ftp

1, configure the vsftpd configuration file

# vi /etc/vsftpd/vsftpd.conf

# Disable anonymous user anonymous login

anonymous_enable=NO

# Enable the local user to log in

local_enable=YES

# Make the logged-in user have write permission (upload, delete)

write_enable=YES

# Default umask

local_umask=022

# Save the log of the transfer log to /var/log/vsftpd.log

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

# Enable ASCII mode

ascii_upload_enable=YES

# Enable the ASCII mode download

ascii_download_enable=YES

# Use port 20 to transmit data

connect_from_port_20=YES

# Welcome slogan

ftpd_banner=Welcome to use my test ftp server.

# The next three configurations are important
# Chroot_local_user set YES, then all users will be chroot by default,

# Also the user directory is limited to their own home, can not change the directory up.

# Chroot_list_enable Set YES to enable the chroot user list.

# If chroot_local_user is set to YES, then chroot_list_file

# Set the file, the user is not chroot (you can change the directory up)

# If chroot_local_user is set to NO, then chroot_list_file

# Set the file, the user is chroot (can not change the directory up)

chroot_list_enable=YES

# touch /etc/vsftpd/chroot_list New

chroot_list_file=/etc/vsftpd/chroot_list

use_localtime=YES

# Run on ipv4 in standalone mode

listen=YES

# PAM authentication service name, here is the default vsftpd, when the installation has been created vsftpd the pam file,

# In /etc/pam.d/vsftpd, according to the pam file settings, / etc / vsftpd / ftpusers

# File users will be prohibited from logging in ftp server, such as root so sensitive to the user, so you want to prohibit other users

# Log in, you can also add the user to /etc/vsftpd/ftpusers

pam_service_name=vsftpd

* Reboot vsftpd

# service vsftpd restart

Third, create a local user

Create a user

# useradd -d /home/ftpuser/zzp -s /sbin/nologin -M zzp123

Set the user to the folder

# chown -R username /home/ftpuser/zzp

Setting permissions

# chown -R 777 /home/ftpuser/zzp

Add a password

# passwd zzp

Fourth, create a virtual user

Install the Generating Tool for file-based authentication databases based on common files

# rpm -qa | grep db4-utils

# yum -y install db4-utils

Edit the virtual user account and password file, the odd-line user name, and even-action passwords

# vi /etc/vsftpd/vu.txt

test

1234

…

usernameN

passwordN

File-based database generation for authentication

# db_load -T -t hash -f /etc/vsftpd/vu.txt /etc/vsftpd/vu.db

Modify permissions

# chmod 600 /etc/vsftpd/vu.*

Modify the default VSFTP authentication mode, based on just generated file-based database

# vi /etc/pam.d/vsftpd.vu

auth      required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

account  required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

**note**:

1. The system acquiescence to read the document is /etc/pam.d/vsftpd This can also be added directly to the above content

2. 64-bit system may not recognize the path of pam_userdb.so db, it is necessary to write the full path, otherwise the time will be logged in ftp login login incorrect error 530

Create a system user that maps virtual users

# useradd  -d /home/vsftp/ftp -s /sbin/nologin -M vsftp

Create a virtual user profile directory

# mkdir /etc/vsftpd/conf.vu

Modify the VSFTP configuration file

# vi /etc/vsftpd/vsftpd.conf
anon_umask=022                                # file 644, folder 755
anonymous_enable=NO                      # Turn off anonymous logins
pam_service_name=vsftpd.vu               Modify the PAM authentication module (the system default is vsftpd)
guest_enable=YES                                # Allow the virtual user to log in
guest_username=vsftp                        # The system user who mapped the virtual user
user_config_dir=/etc/vsftpd/conf.vu    # The virtual user profile directory
pasv_enable=YES                                 # Passive mode
pasv_max_port=20999                        # Maximum port
pasv_min_port=20000                          # minimum port
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog                # Log: record upload, download, delete, create
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log       # Log: Server transfer log

Create the virtual user’s directory and configuration file

# mkdir /home/vsftp/ftp/username
# chmod 700 /home/vsftp/ftp/username
# chown vsftp.vsftp /home/vsftp/ftp/username
# vi /etc/vsftpd/conf.vu/username
write_enable=YES                        # The current virtual user write permission
anon_world_readable_only=NO               # Current virtual user download permissions
anon_upload_enable=YES                  # The current virtual user upload privilege
anon_mkdir_write_enable=YES             # Create the directory permissions for the current virtual user
anon_other_write_enable=YES              # Delete and rename permissions for the current virtual user
local_root=/bigdisk/ftp/username1       # Current virtual home directory
# chmod 600 /etc/vsftpd/conf.vu/*

Finally restart vsftpd

# service vsftpd restart