Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to make virtual user database files in CentOS vsftpd". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Create a virtual user database file

1. First create a virtual user list file: [root@KcentOS5 ~] # touch / etc/vsftpd/virtusers establishes a virtual user list file, which is a data file to record the user name and password of the CentOS vsftpd virtual user. I name it virtusers here. To avoid file clutter, I put the list file under / etc/vsftpd/.

two。 Edit the virtual user list file:

[root@KcentOS5 ~] # vi / etc/vsftpd/virtusers kanecruise 123456near 123456near mello 123456mello

Edit the virtual user list file and add the user name and password information to it. The format is simple: "one user name, one password".

3. Generate a virtual user data file:

[root@KcentOS5 ~] # db_load T t hash f / etc/vsftpd/virtusers / etc/vsftpd/virtusers.db here, by the way, I will briefly explain how to use the db_load command of viewing db4:

[root@KSRV2 vsftpd] # db_load usage: db_load [nTV] [c name=value] [f file] [h home] [P password] [t btree | hash | recno | queue] db_file usage: db_load r lsn | fileid [h home] [P password] db_file

Explain that in this article, several related options of the db_load command are very arguments.

The T option allows nonBerkeley DB applications to easily load text files into databases.

If the database to be created is of type Btree or Hash, or the keyword keys is specified as set, the input must be paired

Lines of text, where the first line of the pair is the key item, and the second line of the pair is its corresponding data

Item. If the database to be created is of type Queue or Recno and the keywork keys is not set, the input must be lines of text, where each line is a new data item for the database.

Option T allows the application to load the text file translation into the database. Since we then store the virtual user's information in the file as a file, in order to make CentOS vsftpd

Applications can load user data through text, and you must use this option.

If the T option is specified, the underlying access method type must be specified using the t option. If option T is specified, be sure to follow the suboption tSpecify the underlying access method. If no t option is specified, the database will be loaded into a database of the same type as was dumped; for example, a Hash database will be created if a Hash database was dumped.

Btree and Hash databases may be converted from one to the other. Queue and Recno databases may be converted from one to the other. If the k option was specified on the call to db_dump then Queue and Recno databases may be converted to Btree or Hash, with the key being the integer record number.

The suboption t, appended after the T option, is used to specify the type of database to be loaded by translation. Under the extension introduction, the data types that t can specify are Btree, Hash, Queue and Recon databases. Here, the next thing we need to specify is the hash type.

4. View the generated virtual user data file

[root@KcentOS5 ~] # ll / etc/vsftpd/virtusers.db rwrr 1 root root 12288 Sep 16 03:51 / etc/vsftpd/virtusers.db

It is important to note that when you want to add a virtual user later, you only need to add the new user name and password to the virtual user list file in the format of "one-line username, one-line password". But this is not enough, it will not take effect! Also execute the command "db_load T t hash f virtual user list file virtual user database file. Db" again to make

Only if it takes effect!

Set the PAM authentication file and specify the virtual user database file to read

1. Check the original Vsftp PAM authentication configuration file: [root@KcentOS5 ~] # cat / etc/pam.d/vsftpd

#% PAM1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include systemauth account include systemauth session include systemauth session required pam_loginuid.so

two。 Make a backup before editing: [root@KcentOS5 ~] # cp / etc/pam.d/vsftpd / etc/pam.d/vsftpd.backup

3. Edit CentOS vsftpd's PAM authentication configuration file [root@KcentOS5 ~] # vi / etc/pam.d/vsftpd

#% PAM1.0 auth sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/virtusers account sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/virtusers

The above two items are added manually to verify the security and account permissions of the virtual user. Auth here refers to the authentication of the user's username and password. In this case, accout refers to validating the permissions and restrictions on the user's account.

The following sufficient indicates the sufficient condition, that is, once the verification is passed here, you do not have to go through the remaining verification steps below. On the contrary, if it does not pass, it will not be immediately blocked by the system, because the failure of sufficient does not determine the failure of the entire verification, which means that the user will have to go through the rest of the verification audit.

The following / lib/security/pam_userdb.so indicates that the audit will be carried out by calling the library function pam_userdb.so. The db=/etc/vsftpd/virtusers of * * specifies that the verification library function will call the data in the specified database for verification.

# KC: The entries for VsftpdPAM are added above. Session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include systemauth account include systemauth session include systemauth session required pam_loginuid.so

Configuration of CentOS vsftpd virtual user

1. Plan the main path of virtual users: [root@KcentOS5 ~] # mkdir / opt/vsftp/

two。 Set up the FTP user directory of the test user: [root@KcentOS5 ~] # mkdir / opt/vsftp/kanecruise/ / opt/vsftp/mello/ / opt/vsftp/near/

3. Create a virtual user profile template: [root@KcentOS5 ~] # cp / etc/vsftpd/vsftpd.conf.backup / etc/vsftpd/vconf/vconf.tmp

4. Customize the virtual user template profile: [root@KcentOS5 ~] # vi / etc/vsftpd/vconf/vconf.tmp

Local_root=/opt/vsftp/virtuser specifies the specific primary path of the virtual user.

The anonymous_enable=NO setting does not allow anonymous users to access.

The write_enable=YES setting allows write operations.

Local_umask=022 sets the permission mask for uploading files.

The anon_upload_enable=NO setting does not allow anonymous users to upload.

The anon_mkdir_write_enable=NO setting does not allow anonymous users to establish directories.

Idle_session_timeout=600 sets the idle connection timeout.

Data_connection_timeout=120 sets a single continuous transmission time.

Max_clients=10 sets the number of concurrent client accesses.

Max_per_ip=5 sets the number of * * threads for a single client. This configuration is mainly used to take care of Flashget, Thunderbolt and other multithreaded downloads.

Local_max_rate=50000 sets the * * transmission rate of the user in b * * s.

Here, the original CentOS vsftpd.conf configuration file is simplified and saved as a template for the virtual user profile. There will not be much configuration content to be specified here, and the main framework and restrictions will be defined by CentOS vsftpd's main configuration file CentOS vsftpd.conf, that is, configuration items not mentioned in the virtual user profile will refer to the settings in the master configuration file. Here, as a virtual user's profile template, you only need to leave some configuration items with user flow control and access mode control. The key item here is the local_root configuration, which is used to specify the FTP primary path of the virtual user.

5. Change the home directory of the virtual user to the virtual host user: [root@KcentOS5 ~] # chown R overlord.overlord / opt/vsftp/

6. Check permissions:

[root@KcentOS5 ~] # ll / opt/vsftp/ total 24 drwxrxrx 2 overlord overlord 4096 Sep 16 05:14 kanecruise drwxrxrx 2 overlord overlord 4096 Sep 16 05:00 mello drwxrxrx 2 overlord overlord 4096 Sep 16 05:00 near

Customize for test users:

1. Copy from the virtual user template profile: [root@KcentOS5 ~] # cp / etc/vsftpd/vconf/vconf.tmp / etc/vsftpd/vconf/kanecruise

two。 Customize for specific users: [root@KcentOS5 ~] # vi / etc/vsftpd/vconf/kanecruise

Local_root=/opt/vsftp/kanecruise anonymous_enable=NO write_enable=YES local_umask=022 anon_upload_enable=NO anon_mkdir_write_enable=NO idle_session_timeout=300 data_connection_timeout=90 max_clients=1 max_per_ip=1 local_max_rate=25000

CentOS vsftpd Startup Service:

[root@KcentOS5] # service vsftpd start Starting vsftpd for vsftpd: [OK] "how to create a virtual user database file by CentOS vsftpd" ends here. Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.