Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Vsftp server building

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Vsftpd+pam= virtual user logs in to FTP server

1. Configure anonymous user login

Close firewalld and selinux

Yum install-y vsftpd

Edit the main profile

Vim / etc/vsftpd/

Anonymous_enable=YES

Write_enable=YES

Local_umask=022

Anon_upload_enable=YES # allows anonymous users to upload files

Anon_mkdir_write_enable=YES # allows anonymous users to set up directories

Anon_other_write_enable=YES # allows anonymous users to have permissions other than new and upload

Cd / var/ftp

Mkdir upload

Chmod 777 upload

Systemctl restart vsftpd

Client access using ftp://192.168.1.10

two。 Configure virtual user login (independent of 1)

2.1 create a virtual user account and password

Vim / tmp/logins.txt

Test1

Pw1

Test2

Pw2

2.2 Establishment of a virtual user database

Db_load-T-t hash-f / tmp/logins.txt / etc/vsftpd_login.db

File / etc/vsftpd_login.db

Chmod 600 / etc/vsftpd_login.db

2.3 create a PAM file and tell the system that you want to use your own database

Vim / etc/pam.d/vsftpd (comment out others to make the following effective)

Auth required / lib64/security/pam_userdb.so db=/etc/vsftpd_login

Account required / lib64/security/pam_userdb.so db=/etc/vsftpd_login

2.4 create folders and authorize virtual users

Useradd-d / ftp/-s / sbin/nologin virtual

Chown-R virtual.virtual / ftp/

2.5 Editing the master configuration document

Vim / etc/vsftpd/vsftpd.conf (modified below)

Anonymous_enable=NO

Local_enable=YES

Connect_from_port_20=YES

Listen=YES

Listen_port=21

Tcp_wrappers=YES

Guest_enable=YES (# allow virtual users to log in)

Guest_username=virtual (# specifies that virtual users are mapped to virtual system users)

User_config_dir=/etc/vsftpd/user_config_dir (# specify the profile location of the virtual user)

Pam_service_name=vsftpd

Allow_writeable_chroot=YES (without this entry, you may not have write permission)

2.6 establish a user profile

Mkdir / etc/vsftpd/user_config_dir

Echo "anon_world_readable_only=NO" > / etc/vsftpd/user_config_dir/test1

# Grant read-only access to users test1 and test2

Echo "write_enable=YES" > > / etc/vsftpd/user_config_dir/test1

# Grant write permissions to users test1 and test2

Echo "anon_upload_enable=YES" > > / etc/vsftpd/user_config_dir/test1

# Grant upload permissions to users test1 and test2

Echo "anon_other_write_enable=YES" > > / etc/vsftpd/user_config_dir/test1

# give users test1 and test2 permission to change and delete

Echo "local_root=/ftp/test1" > > / etc/vsftpd/user_config_dir/test1

# give users test1 and test2 access to the directory

Echo "anon_mkdir_write_enable=YES" > > / etc/vsftpd/user_config_dir/test1

# Grant users test1 and test2 permissions to create directories

Mkdir / ftp/test1

Touch test

2.7 start the service

Systemctl start vsftpd

Note: if selinux is enabled, the following settings are required

Setsebool-P ftp_home_dir on

Setsebool-P ftpd_anon_write on

Semanage fcontext-a-t public_content_rw_t "/ ftp/test1 (/. *)?"

Restorecon-R-v / ftp/test1

Ali Cloud vsftp configuration example

# usually use passive mode anonymous_enable=NO for public network access # do not allow anonymous users to access local_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESpasv_enable=YES # enable passive mode pasv_min_port=6010 # passive mode data transfer port range pasv_max_port=6015pasv_address=* # the public network of the ftp IPpasv_addr_resolve=yesxferlog_std_format=YESlisten=YESlisten_port=2121 # modify listening port tcp_wrappers=YESguest_enable=YESguest_username=virtualuser_config_dir=/etc/vsftpd/user_config_dirpam_service_name=vsftpdanon_umask=022 Note: the above passive port and listening port need to be opened at the firewall Which ip can be accessed in the corresponding public network IP security rules of Ali Cloud; if the public network ip is a load balancer ip, you need to configure the load balancer to listen on the above passive ports and listening ports.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: User permissions configuration port file login monitor data mode directory service balance database document system Ali server security location instance vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Redmi NVidia Shulou Tech Info Linux Shulou Information vpn macOS Xiaomi MariaDB OPPO Reno Shulou Technology Huawei Microsoft MySQL Docker Apple Redmi NVidia Shulou Tech Info Linux Shulou Information vpn macOS Xiaomi MariaDB OPPO Reno Shulou Technology Huawei Microsoft MySQL Docker Apple

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report