Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to set up the account of the CentOS vsftpd installation system. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

CentOS vsftpd is still quite commonly used, so I studied CentOS vsftpd and took it out here to share with you. I hope it will be useful to you. CentOS vsftpd setup (virtual user) ftp needs to be configured on several servers in front of the school, but it has not been successful. This time, one thing is finally done, the configuration of vsftp under centos is completed.

The step is simple: requirements: (virtual users download users / download, upload but cannot delete users / administrative users)

1. CentOS vsftpd installation

Yum-y install vsftpd* yum-y install pam* yum-y install db4*

II. CentOS vsftpd system account

1. The host user of CentOS vsftpd service

Useradd vsftpd-s / sbin/nologin the default service host user for Vsftpd is root, but this does not meet the security needs. Here we create a user named CentOS vsftpd and use him as the service host user that supports CentOS vsftpd. Since the user is only used to support Vsftpd services, it is not necessary to allow him to log in to the system, and set him as a user who cannot log in to the system.

2. CentOS vsftpd virtual host user

Useradd ftp-s / sbin/nologin (one user is ftp when installed on the server) this article mainly introduces the virtual users of CentOS vsftpd, who are not system users, that is to say, these FTP users do not exist in the system. In fact, their overall authority is concentrated on a certain user in the system, the so-called CentOS vsftpd virtual host user is such a host user who supports all virtual users. Because he supports all the virtual users of FTP, then his own permissions will affect these virtual users, therefore, in the consideration of security, we should also pay attention to the control of the rights of this user, and there is absolutely no need for this user to log in to the system, and he is also set here as a user who cannot log in to the system. Relevant users are not allowed to log in.

3. CentOS vsftpd.conf setting

1. Back up cp / etc/vsftpd/vsftpd.conf / etc/vsftpd/vsftpd.conf.bak

2. Setting anonymous_enable=NO setting does not allow anonymous access local_enable=YES setting local users can access. Note: mainly for virtual host users, if the project is set to NO, then all virtual users will not be able to access it.

The write_enable=YES setting allows you to write. Local_umask=022 sets the permission mask for uploaded files.

Anon_upload_enable=NO forbids anonymous users to upload. Anon_mkdir_write_enable=NO forbids anonymous users from creating directories. The dirmessage_enable=YES setting enables the directory slogan function. Xferlog_enable=YES setting enables logging. Connect_from_port_20=YES sets port 20 for data connection. The chown_uploads=NO setting forbids uploading files to change the host.

Xferlog_file=/var/log/vsftpd.log sets the service log save path for CentOS vsftpd. Note that the file does not exist by default. It is necessary to manually touch out, and because the service host user of the CentOS vsftpd has been changed here is the manually established CentOS vsftpd. Care must be taken to give the user write permissions to the log, otherwise the service will fail to start.

The xferlog_std_format=YES setting log uses the standard record format nopriv_user=vsftpd to set up the host user of the CentOS vsftpd service as the manually established CentOS vsftpd user. Note that once a change is made to the host user, attention must be paid to the read and write authorization of the read and write files associated with the service.

For example, the log file must give the user write permission and so on. The async_abor_enable=YES setting supports asynchronous transfer. The ascii_upload_enable=YESascii_download_enable=YES setting supports upload and download functions in ASCII mode. Ftpd_banner=Welcome to Awei FTP servers sets the login slogan for CentOS vsftpd. Chroot_local_user=YES forbids local users from logging out of their FTP home directory. Pam_service_name=vsftpd sets the authentication profile name of CentOS vsftpdd under the PAM service.

Therefore, PAM verification will refer to the CentOS vsftpd file configuration under / etc/pam.d/. The following are important configuration items for CentOS vsftpd virtual user support. These settings are not included in the default Vsftpd.conf, so you need to add your own configuration manually. The guest_enable=YES setting enables the virtual user feature. Guest_username=ftp specifies the host user for the virtual user.

Virtual_use_local_privs=YES sets the permissions of virtual users in line with their host users. User_config_dir=/etc/vsftpd/vconf sets the configuration file storage path of the virtual user's personal Vsftp. In other words, each Vsftp virtual user's personality profile will be stored in this specified directory, and one thing to note is that these profile names must be the same as the virtual user name. [color=Red] [b] (for example, the configuration file of vsftpd.conf. If you copy it to this directory, you need to mv it and configure it as the name of the virtual user) [/ b] [/ color]--

3. Establish the log file of CentOS vsftpd, and change the owner to the service host user of Vsftpd:

[root@KcentOS5 ~] # touch / var/log/vsftpd.log

[root@KcentOS5 ~] # chown vsftpd.vsftpd / var/log/vsftpd.log

4. Establish a virtual user profile storage path:

[root@KcentOS5 ~] # mkdir / etc/vsftpd/vconf/

The above is the editor for you to share how to set up the account of the CentOS vsftpd installation system, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.