Shulou(Shulou.com)06/01 Report--

FTP is a file transfer protocol that allows hosts to share files. FTP uses TCP to generate a virtual connection for control information, and then a separate TCP connection for data transfer.

Vsftpd is the most mainstream FTP server program in the LINUX distribution; it is characterized by compact, light, safe and easy to use; it can give full play to and master its own characteristics. It is dangerous to use system users to log in to FTP, so we mainly use vsftpd virtual users to log in to the FTP server for common operations, of course, the configuration is relatively complicated. (centos7 installation)

1. First install FTP and the software and authentication modules that virtual users need to use.

Yum install vsftpd-yyum install pam* libdb4-utils libdb4--skip-broken-y

Create and generate the vsftpd database file vim / etc/vsftpd/vuser_passwd.txt as follows:

The first behavior FTP virtual user, login user name, second behavior password, third behavior user name, and so on.

[root@server vsftpd] # cat / etc/vsftpd/vuser_passwd.txt test1123456test2456789

2. Generate database file command

[root@server vsftpd] # db_load-T-t hash-f / etc/vsftpd/vuser_passwd.txt / etc/vsftpd/vuser_ passwd.db [root @ server vsftpd] # chmod 700 / etc/vsftpd/vuser_passwd.db

3. Configure PAM verification file

Change the configuration file vim / etc/pam.d/vsftpd to the following two lines of authentication statement: (if it is 32-bit, lib64 needs to be changed to lib. If RedHat, the statement added is different, please note)

[root@server vsftpd] # vim / etc/pam.d/vsftpd #% PAM-1.0auth required / lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd account required / lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd

4. Create vsftpd to map local users

All FTP virtual users need to use a system user who does not need a password or login. It is mainly used for virtual user mapping.

[root@server vsftpd] # useradd-s / sbin/nologin ftpuser

5. Modify the full version of vsftpd.conf configuration file

[root@server vsftpd] # vim / etc/vsftpd/vsftpd.confanonymous_enable=NO / / prohibit anonymous users from accessing local_enable=YES / / allow local users to log in to FTP write_enable=YES / / allow users to have write permissions in the FTP directory local_umask=022 / / set the file generation mask for local users to 022, and the default is 077dirmessage_enable=YES / / activate directory information When the remote user changes the directory, there will be a message xferlog_enable=YES / / enable upload and download log function connect_from_port_20=YES / / enable FTP data port connection request xferlog_file=/var/log/xferlog xferlog_std_format=YES / / whether to use the standard ftpd xferlog log file format ascii_upload_enable=YES / / Set upload function that supports ASCII mode ascii_download_enable=YES / / set download function that supports ASCII mode listen=YES / / use vsftpd in independent startup listening port mode guest_enable=YES / / set to enable virtual user function guest_username=ftpuser / / specify the host user of the virtual user There is already a built-in ftpuser user in CentOS. Pam_service_name=vsftpd / / sets the PAM authentication service profile name. Whether users whose files are stored in the / etc/pam.d/ directory userlist_enable=YES / / user list are allowed to log in to the FTP server By default, tcp_wrappers=YES / / is not allowed to use tcp_wrappers as the host access control method user_config_dir=/etc/vsftpd/vsftpd_user_conf / / to set the CentOS FTP service file storage path of the virtual user's personal vsftp. CentOS FTP service file for storing virtual user personality (profile name = virtual user name) virtual_use_local_privs=YES / / Virtual user and local user have the same permissions vsftpd_log_file=/var/log/vsftpd.log

Save the restart and service vsftpd restart can log in as a virtual user, when all virtual users use the / home/ftpuser directory to upload and download.

6. If you want to use your own separate directory, you can create your own configuration files in the / etc/vsftpd/vsftpd_user_conf directory, such as

Test1 creates a separate profile:

[root@server vsftpd] # vim / etc/vsftpd/vsftpd_user_conf/test1 / / is as follows to create your own FTP directory. Local_root=/home/ftpuser/test1 / / Lock the virtual wugk user's directory after logging in to FTP write_enable=YES / / indicates that the user has the permission to create and delete anon_world_readable_only=YES / / indicates that the user can browse the FTP directory and download the file anon_upload_enable=YES / / indicates that the user can upload the file anon_mkdir_write_enable=YES / / indicates that the user has The permission to create and delete directories anon_other_write_enable=YES / / indicates that the user has the right to rename and delete files [root@server vsftpd] # vim / etc/vsftpd/vsftpd_user_conf/test2 / / as follows Create your own FTP directory. Local_root=/home/ftpuser/test2write_enable=YESanon_world_readable_only=YESanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES

To create / home/ftpuser/test1 and / home/ftpuser/test2

[root@server vsftpd] # mkdir-p / home/ftpuser/ {test1,test2} [root@server vsftpd] # chown-R ftpuser:ftpuser / home/ftpuser if vsftpd logging is enabled, manually create a log file [root@server vsftpd] # touch / var/log/xferlog [root@server vsftpd] # touch / var/log/vsftpd.log

Restart, log in to FTP using the client, and test it.

7. Configure PASV mode (optional)

Vsftpd does not enable PASV mode by default. Now FTP can only be connected through PORT mode. To enable PASV, you need to go through the following configuration by default.

Open / etc/vsftpd/vsftpd.conf and add at the end

# enable PASV mode

Pasv_enable=YES

# minimum port number

Pasv_min_port=61000

# maximum port number

Pasv_max_port=61200pasv_promiscuous=YES

# Open ports 40000 to 40080 in the firewall configuration

-An INPUT-m state-- state NEW-m tcp-p-dport 4000pur40080-j ACCEPT

# restart iptabls and vsftpd

Service iptables restart

Service vsftpd restart

Now you can use PASV mode to connect to your FTP server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.