{"id":6417,"date":"2017-01-03T11:35:48","date_gmt":"2017-01-03T03:35:48","guid":{"rendered":"http:\/\/rmohan.com\/?p=6417"},"modified":"2017-01-03T11:35:48","modified_gmt":"2017-01-03T03:35:48","slug":"centos-6-8-ftp-service-installation-and-configuration-based-on-local-users-and-virtual-users","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6417","title":{"rendered":"CentOS 6.8 ftp service installation and configuration based on local users and virtual users"},"content":{"rendered":"<p><strong>CentOS 6.8 ftp service installation and configuration based on local users and virtual users<\/strong><\/p>\n<p>First, install ftp services<\/p>\n<p>1, check whether the installation<\/p>\n<p># rpm -qa | grep ftp<\/p>\n<p>ftp-0.17-54.el6.x86_64<\/p>\n<p>vsftpd-2.2.2-21.el6.x86_64<\/p>\n<p>2, if not installed to install<\/p>\n<p># yum -y install vsftp<\/p>\n<p># yum -y install ftp<\/p>\n<p>\/ \/ If the offline environment on the Internet to go ahead to download ftp rpm package for manual installation<\/p>\n<p>3, ftp service command<\/p>\n<p># \/etc\/init.d\/vsftpd start\u00a0\u00a0\u00a0\u00a0\u00a0 Start the ftp service manually<\/p>\n<p>service vsftpd start<\/p>\n<p># chkconfig vsftpd on\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 set to boot from the start<\/p>\n<p># service vsftpd stop<\/p>\n<p># service vsftpd restart<\/p>\n<p># service vsftpd status<\/p>\n<p>Second, the allocation of ftp<\/p>\n<p>1, configure the vsftpd configuration file<\/p>\n<p># vi \/etc\/vsftpd\/vsftpd.conf<\/p>\n<p># Disable anonymous user anonymous login<\/p>\n<p>anonymous_enable=NO<\/p>\n<p># Enable the local user to log in<\/p>\n<p>local_enable=YES<\/p>\n<p># Make the logged-in user have write permission (upload, delete)<\/p>\n<p>write_enable=YES<\/p>\n<p># Default umask<\/p>\n<p>local_umask=022<\/p>\n<p># Save the log of the transfer log to \/var\/log\/vsftpd.log<\/p>\n<p>xferlog_enable=YES<\/p>\n<p>xferlog_file=\/var\/log\/vsftpd.log<\/p>\n<p>xferlog_std_format=NO<\/p>\n<p># Enable ASCII mode<\/p>\n<p>ascii_upload_enable=YES<\/p>\n<p># Enable the ASCII mode download<\/p>\n<p>ascii_download_enable=YES<\/p>\n<p># Use port 20 to transmit data<\/p>\n<p>connect_from_port_20=YES<\/p>\n<p># Welcome slogan<\/p>\n<p>ftpd_banner=Welcome to use my test ftp server.<\/p>\n<p># The next three configurations are important<br \/>\n# Chroot_local_user set YES, then all users will be chroot by default,<\/p>\n<p># Also the user directory is limited to their own home, can not change the directory up.<\/p>\n<p># Chroot_list_enable Set YES to enable the chroot user list.<\/p>\n<p># If chroot_local_user is set to YES, then chroot_list_file<\/p>\n<p># Set the file, the user is not chroot (you can change the directory up)<\/p>\n<p># If chroot_local_user is set to NO, then chroot_list_file<\/p>\n<p># Set the file, the user is chroot (can not change the directory up)<\/p>\n<p>chroot_list_enable=YES<\/p>\n<p># touch \/etc\/vsftpd\/chroot_list New<\/p>\n<p>chroot_list_file=\/etc\/vsftpd\/chroot_list<\/p>\n<p>use_localtime=YES<\/p>\n<p># Run on ipv4 in standalone mode<\/p>\n<p>listen=YES<\/p>\n<p># PAM authentication service name, here is the default vsftpd, when the installation has been created vsftpd the pam file,<\/p>\n<p># In \/etc\/pam.d\/vsftpd, according to the pam file settings, \/ etc \/ vsftpd \/ ftpusers<\/p>\n<p># File users will be prohibited from logging in ftp server, such as root so sensitive to the user, so you want to prohibit other users<\/p>\n<p># Log in, you can also add the user to \/etc\/vsftpd\/ftpusers<\/p>\n<p>pam_service_name=vsftpd<\/p>\n<p>* Reboot vsftpd<\/p>\n<p># service vsftpd restart<\/p>\n<p>Third, create a local user<\/p>\n<p>Create a user<\/p>\n<p># useradd -d \/home\/ftpuser\/zzp -s \/sbin\/nologin -M zzp123<\/p>\n<p>Set the user to the folder<\/p>\n<p># chown -R username \/home\/ftpuser\/zzp<\/p>\n<p>Setting permissions<\/p>\n<p># chown -R 777 \/home\/ftpuser\/zzp<\/p>\n<p>Add a password<\/p>\n<p># passwd zzp<\/p>\n<p>Fourth, create a virtual user<\/p>\n<p>Install the Generating Tool for file-based authentication databases based on common files<\/p>\n<p># rpm -qa | grep db4-utils<\/p>\n<p># yum -y install db4-utils<\/p>\n<p>Edit the virtual user account and password file, the odd-line user name, and even-action passwords<\/p>\n<p># vi \/etc\/vsftpd\/vu.txt<\/p>\n<p>test<\/p>\n<p>1234<\/p>\n<p>&#8230;<\/p>\n<p>usernameN<\/p>\n<p>passwordN<\/p>\n<p>File-based database generation for authentication<\/p>\n<p># db_load -T -t hash -f \/etc\/vsftpd\/vu.txt \/etc\/vsftpd\/vu.db<\/p>\n<p>Modify permissions<\/p>\n<p># chmod 600 \/etc\/vsftpd\/vu.*<\/p>\n<p>Modify the default VSFTP authentication mode, based on just generated file-based database<\/p>\n<p># vi \/etc\/pam.d\/vsftpd.vu<\/p>\n<p>auth\u00a0\u00a0\u00a0\u00a0\u00a0 required\u00a0 \/lib64\/security\/pam_userdb.so db=\/etc\/vsftpd\/vu<\/p>\n<p>account\u00a0 required\u00a0 \/lib64\/security\/pam_userdb.so db=\/etc\/vsftpd\/vu<\/p>\n<p>**note**:<\/p>\n<p>1. The system acquiescence to read the document is \/etc\/pam.d\/vsftpd This can also be added directly to the above content<\/p>\n<p>2. 64-bit system may not recognize the path of pam_userdb.so db, it is necessary to write the full path, otherwise the time will be logged in ftp login login incorrect error 530<\/p>\n<p>Create a system user that maps virtual users<\/p>\n<p># useradd\u00a0 -d \/home\/vsftp\/ftp -s \/sbin\/nologin -M vsftp<\/p>\n<p>Create a virtual user profile directory<\/p>\n<p># mkdir \/etc\/vsftpd\/conf.vu<\/p>\n<p>Modify the VSFTP configuration file<\/p>\n<p># vi \/etc\/vsftpd\/vsftpd.conf<br \/>\nanon_umask=022\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # file 644, folder 755<br \/>\nanonymous_enable=NO\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Turn off anonymous logins<br \/>\npam_service_name=vsftpd.vu\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Modify the PAM authentication module (the system default is vsftpd)<br \/>\nguest_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Allow the virtual user to log in<br \/>\nguest_username=vsftp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # The system user who mapped the virtual user<br \/>\nuser_config_dir=\/etc\/vsftpd\/conf.vu\u00a0\u00a0\u00a0 # The virtual user profile directory<br \/>\npasv_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Passive mode<br \/>\npasv_max_port=20999\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Maximum port<br \/>\npasv_min_port=20000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # minimum port<br \/>\nxferlog_enable=YES<br \/>\nxferlog_std_format=YES<br \/>\nxferlog_file=\/var\/log\/xferlog\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Log: record upload, download, delete, create<br \/>\ndual_log_enable=YES<br \/>\nvsftpd_log_file=\/var\/log\/vsftpd.log\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Log: Server transfer log<\/p>\n<p>Create the virtual user&#8217;s directory and configuration file<\/p>\n<p># mkdir \/home\/vsftp\/ftp\/username<br \/>\n# chmod 700 \/home\/vsftp\/ftp\/username<br \/>\n# chown vsftp.vsftp \/home\/vsftp\/ftp\/username<br \/>\n# vi \/etc\/vsftpd\/conf.vu\/username<br \/>\nwrite_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # The current virtual user write permission<br \/>\nanon_world_readable_only=NO\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Current virtual user download permissions<br \/>\nanon_upload_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # The current virtual user upload privilege<br \/>\nanon_mkdir_write_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Create the directory permissions for the current virtual user<br \/>\nanon_other_write_enable=YES\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Delete and rename permissions for the current virtual user<br \/>\nlocal_root=\/bigdisk\/ftp\/username1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # Current virtual home directory<br \/>\n# chmod 600 \/etc\/vsftpd\/conf.vu\/*<\/p>\n<p>Finally restart vsftpd<\/p>\n<p># service vsftpd restart<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CentOS 6.8 ftp service installation and configuration based on local users and virtual users<\/p>\n<p>First, install ftp services<\/p>\n<p>1, check whether the installation<\/p>\n<p># rpm -qa | grep ftp<\/p>\n<p>ftp-0.17-54.el6.x86_64<\/p>\n<p>vsftpd-2.2.2-21.el6.x86_64<\/p>\n<p>2, if not installed to install<\/p>\n<p># yum -y install vsftp<\/p>\n<p># yum -y install ftp<\/p>\n<p>\/ \/ If the offline environment on the [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6417"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6417"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6417\/revisions"}],"predecessor-version":[{"id":6418,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6417\/revisions\/6418"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}