Shulou(Shulou.com)06/01 Report--

Centos how to read vsftpd virtual files, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

I. installation

Yum-y install vsftpd*

Yum-y install pam*

Yum-y install db4*

II. System account

1. The host user of centos vsftpd service

Useradd vsftpd-s / sbin/nologin

The default Vsftpd service host user is root, but this does not meet the security needs. Here we create a user named vsftpd and use him as the service host user that supports Vsftpd. Since the user is only used to support Vsftpd services, it is not necessary to allow him to log in to the system, and set him as a user who cannot log in to the system.

2. Centos vsftpd virtual host user

Useradd ftp-s / sbin/nologin (one user is ftp when the server is finished)

This article mainly introduces the virtual users of Vsftp, virtual users are not system users, that is to say, these FTP users do not exist in the system. In fact, their overall authority is concentrated on a certain user in the system, the so-called Vsftpd virtual host user is such a host user who supports all virtual users. Because he supports all the virtual users of FTP, then his own permissions will affect these virtual users, therefore, in the consideration of security, we should also pay attention to the control of the rights of this user, and there is absolutely no need for this user to log in to the system, and he is also set here as a user who cannot log in to the system.

Relevant users are not allowed to log in.

3. Centos vsftpd.conf setting

1. Backup

Cp / etc/vsftpd/vsftpd.conf / etc/vsftpd/vsftpd.conf.bak

Anonymous_enable=NO

Set not to allow anonymous access

Local_enable=YES

Make it accessible to local users. Note: mainly for virtual host users, if the project is set to NO, then all virtual users will not be able to access it.

Write_enable=YES

Set to be able to write.

Local_umask=022

Set the permission mask for the uploaded file.

Anon_upload_enable=NO

Anonymous users are prohibited from uploading.

Anon_mkdir_write_enable=NO

Anonymous users are prohibited from creating directories.

Dirmessage_enable=YES

Set to enable the directory slogan function.

Xferlog_enable=YES

Set to turn on logging.

Connect_from_port_20=YES

Set port 20 for data connection.

Chown_uploads=NO

Set to prohibit the upload of files to change the host.

Xferlog_file=/var/log/vsftpd.log

Set the service log save path for centos vsftpd. Note that the file does not exist by default. It is necessary to manually touch out, and because the service host user of the Vsftpd has been changed here is the manually established centos vsftpd. Care must be taken to give the user write permissions to the log, otherwise the service will fail to start.

Xferlog_std_format=YES

Set the log to use a standard record format.

Nopriv_user=vsftpd

Set the host user of the supporting centos vsftpd service to be a manually established Vsftpd user. Note that once a change is made to the host user, attention must be paid to the read and write authorization of the read and write files associated with the service. For example, the log file must give the user write permission and so on.

Async_abor_enable=YES

Set to support asynchronous transmission.

Ascii_upload_enable=YES

Ascii_download_enable=YES

Set the upload and download functions that support ASCII mode.

Ftpd_banner=Welcome to Awei FTP servers

Set the login slogan for Vsftpd.

Chroot_local_user=YES

Local users are prohibited from logging out of their FTP home directory.

Pam_service_name=vsftpd

Set the authentication profile name of the centos vsftpd under the PAM service. Therefore, PAM verification will refer to the vsftpd file configuration under / etc/pam.d/.

The following are important configuration items for centos vsftpd virtual user support. These settings are not included in the default Vsftpd.conf, so you need to add your own configuration manually.

Guest_enable=YES

Set to enable the virtual user feature.

Guest_username=ftp

Specifies the host user for the virtual user.

Virtual_use_local_privs=YES

Set the permissions of virtual users in line with their host users.

User_config_dir=/etc/vsftpd/vconf

Set the storage path of the virtual user's personal centos vsftpd profile. In other words, this specified directory will store the profile of each centos vsftpd virtual user's personality, a

The place is that these centos vsftpd profile names must be the same as the virtual user name. [color=Red] [b] (for example, the configuration file of vsftpd.conf. If you copy it to this directory, you need to mv it and configure it as the name of the virtual user) [/ b] [/ color]--

3. Establish the log file of Vsftpd, and change the owner to the service host user of Vsftpd:

[root@KcentOS5 ~] # touch / var/log/vsftpd.log

[root@KcentOS5 ~] # chown vsftpd.vsftpd / var/log/vsftpd.log

4. Establish the storage path of the centos vsftpd virtual user profile:

[root@KcentOS5 ~] # mkdir / etc/vsftpd/vconf/

Fourth, create centos vsftpd virtual user database files

1. First, create a virtual user list file:

[root@KcentOS5 ~] # touch / etc/vsftpd/virtusers

A virtual user list file is created, which is a data file to record the username and password of the vsftpd virtual user. I name it virtusers here. To avoid file clutter, I put the list file under / etc/vsftpd/.

two。 Edit the virtual user list file:

[root@KcentOS5 ~] # vi / etc/vsftpd/virtusers

Download

1234

Upload

5678

Admin

9012

Edit the virtual user list file and add the user name and password information to it. The format is simple: "one user name, one password".

3. Generate a virtual user data file:

[root@KcentOS5] # db_load-T-t hash-f / etc/vsftpd/virtusers / etc/vsftpd/virtusers.db

Set the PAM authentication file and specify the virtual user database file to read

Add the following information to the file header of / etc/pam.d/vsftpd (invalid later)

Auth sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/virtusers

Account sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/virtusers

VI. Configuration of centos vsftpd virtual users

Local_root=/var/www/html

Specify the specific primary path of the virtual user.

Anonymous_enable=NO

Set not to allow anonymous users to access.

Write_enable=YES

Set to allow write operations.

Local_umask=022

Set the permission mask for uploading files.

Anon_upload_enable=NO

Anonymous users are not allowed to upload.

Anon_mkdir_write_enable=NO

The setting does not allow anonymous users to establish directories.

Idle_session_timeout=600

Sets the idle connection timeout.

Data_connection_timeout=120

Set a single continuous transmission time.

Max_clients=10

Sets the number of concurrent client accesses.

Max_per_ip=5

Set the number of threads for a single client. This configuration is mainly used to take care of Flashget, Thunderbolt and other multithreaded downloads.

Local_max_rate=50000

Set the * * transmission rate of the user in b _ s.

Here, the original vsftpd.conf configuration file is simplified and saved as a template for the centos vsftpd virtual user profile. There will not be much configuration content to be specified here, and the main framework and restrictions will be defined by Vsftpd's main configuration file centos vsftpd.conf, that is, configuration items not mentioned in the virtual user profile will refer to the settings in the master configuration file. Here, as a virtual user's profile template, you only need to leave some configuration items with user flow control and access mode control. The key item here is the local_root configuration, which is used to specify the FTP primary path of the centos vsftpd virtual user. [B] [color=Red] there is a major problem here, that is, the host and host users of the directory are not virtual users. After we have set up the directory, we can only download, not upload and download. If you want to upload, you have to use the chown command.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.