Shulou(Shulou.com)06/01 Report--

This article mainly introduces "the detailed steps of setting up vsftpd virtual users in CentOS5.3 system". In the daily operation, I believe that many people have doubts about the detailed steps of setting up vsftpd virtual users in CentOS5.3 system. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "detailed steps of setting vsftpd virtual users in CentOS5.3 system". Next, please follow the editor to study!

There are three ways to log in to FTP: anonymous login, local user login and virtual user login.

Anonymous login: use the default user name when logging in to FTP, usually ftp or anonymous.

Local user login: log in using the system user, in / etc/passwd.

Virtual user login: this is a FTP proprietary user, and there are two ways to implement virtual users, local data files and database servers.

FTP virtual users are proprietary users of the FTP server. Using virtual users to log in to FTP can only access the resources provided by the FTP server, which greatly enhances the security of the system.

The Linux system of this article is CentOS 5.3.

Yum-y install vsftpd

First, establish a Vsftpd virtual user:

1. Add a virtual user password file to install Vsftpd

[root@51ou.com ~] # vi / etc/vsftpd/vftpuser.txt

Add a virtual user name and password, one line of user name, one line of password, and so on. Odd behavior user name, even behavior password.

Ftp1 # user name

123456 # password

Ftp2 # user name

123456 # password

2. Generate virtual user password authentication file

Convert the vftpuser.txt virtual user password file you just added into a password authentication file recognized by the system.

First check to see if the system has installed the software db4-utils needed to generate the password authentication file.

Let's use the db_load command to generate a virtual user password authentication file.

[root@51ou.com] # db_load-T-t hash-f / home/vuser.txt / etc/vsftpd_login.db

-bash: db_load: command not found

# #

The prompt that there is no db_load appears because some db4 packages are not installed and the following packages need to be installed:

Db4-*.rpm

Db4-tcl-*.rpm

Db4-utils-*.rpm

Or directly: yum-y install db4 db4-tcl db4-utils

The db_load command is mainly used to generate db databases.

Format:

Db_load-T-t hash-f passwd.txt / etc/vsftpd/user_passwd.db

Generate a database file of hash code type for use by ftp virtual users.

# #

[root@51ou.com] # db_load-T-t hash-f / etc/vsftpd/vftpuser.txt / etc/vsftpd/vftpuser.db

3. Edit the PAM authentication file of vsftpd

Under the / etc/pam.d directory

[root@51ou.com ~] # vi / etc/pam.d/vsftpd

Comment out the rest of it and add the following two lines:

Auth required / lib/security/pam_userdb.so db=/etc/vsftpd/vftpuser

Account required / lib/security/pam_userdb.so db=/etc/vsftpd/vftpuser

4. Set up local mapping users and set host directory permissions

All FTP virtual users need to use a system user, who does not need a password.

[root@51ou.com] # useradd-d / home/vftpsite-s / sbin/nologin vftpuser

[root@51ou.com ~] # chmod 755 / home/vftpsite / / is 700 on the Internet. FTP users do not have upload permission after setting it to 700.

5. Configure vsftpd.conf (set virtual user configuration item)

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd.conf

Guest_enable=YES # enable virtual users

Guest_username=vftpuser # FTP virtual user corresponding to the system user [useradd-d / home/vftpsite-s

/ sbin/nologin vftpuser]

Pam_service_name=vsftpd # PAM Certification File

6. Restart the vsftpd service

[root@51ou.com ~] # service vsftpd restart

7. Test virtual user login to FTP

C:\ Documents and Settings\ Administrator > ftp 192.168.2.12

Connected to 192.168.2.12.

220 (vsFTPd 2.0.5)

User (192.168.2.12: (none)): ftp1

331 Please specify the password.

Password:

500 OOPS: cannot change directory:/home/vftpsiteConnection closed by remote host

. / / 500OOPS: cannot change directory:/home/vftpsite appears when connecting to vsftpd when configuring vsftpd

, vftpsite is the local user name used when logging in.

Solution:

[root@51ou.com] # setsebool-P ftp_home_dir on

It is also said on the Internet that you enter commands at the terminal:

Setsebool-P ftpd_disable_trans 1

Service vsftpd restart

Just OK!

Test:

C:\ Documents and Settings\ Administrator > ftp 192.168.2.12

Connected to 192.168.2.12.

220 (vsFTPd 2.0.5)

User (192.168.2.12: (none)): ftp1

331 Please specify the password.

Password:

230 Login successful.

Second, advanced settings for virtual users:

1. Virtual_use_local_privs parameters

When virtual_use_local_privs=YES, virtual users and local users have the same permissions

When virtual_use_local_privs=NO, virtual users and anonymous users have the same permissions, and the default is NO.

When virtual_use_local_privs=YES,write_enable=YES, the virtual user has write permissions (upload, download, delete)

, rename).

When virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=YES

During anon_upload_enable=YES, virtual users cannot browse directories and can only upload files without other permissions.

When virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO

When anon_upload_enable=NO, virtual users can only download files and have no other permissions.

When virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO

When anon_upload_enable=YES, virtual users can only upload and download files and have no other permissions.

When virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO

When anon_mkdir_write_enable=YES, virtual users can only download files and create folders and have no other permissions.

When virtual_use_local_privs=NO,write_enable=YES,anon_world_readable_only=NO

When anon_other_write_enable=YES, virtual users can only download, delete, and rename files and have no other permissions.

two。 Establish each virtual user's own profile

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd.conf

Add:

User_config_dir=/etc/vsftpd/vsftpd_user_conf

[root@51ou.com ~] # mkdir / etc/vsftpd/vsftpd_user_conf

Edit the configuration file for ftp1

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd_user_conf/ftp1

Add:

Anon_world_readable_only=NO # opens the download permissions for ftp1 (download only). Note that this place must not be written as YES

Otherwise ftp1 will not be able to list files and directories

Edit the configuration file for ftp2

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd_user_conf/ftp2

Add:

Write_enable=YES # Open write access to ftp2

Anon_world_readable_only=NO # Open the right to download ftp2

Anon_upload_enable=YES # Open the upload permission of ftp2

Anon_mkdir_write_enable=YES # Open the permissions of ftp2 to create directories

Anon_other_write_enable=YES # Open permissions for ftp2 deletion and renaming

3. All virtual users use general configuration

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd.conf

Write_enable=YES

Anonymous_enable=NO

Local_enable=YES

Guest_enable=YES

Guest_username=vftpuser

Virtual_use_local_privs=NO

Pam_service_name=vsftpd

Anon_world_readable_only=NO # can be downloaded

Anon_upload_enable=NO (default) # cannot upload

Anon_mkdir_write_enable=NO (default) # cannot create a new folder

Anon_other_write_enable=NO (default) # cannot delete and rename files

Ftpd_banner=Welcome to yoozhu FTP server

Xferlog_enable=YES

Xferlog_file=/var/log/vsftpd.log

Xferlog_std_format=YES

Ascii_upload_enable=YES

Ascii_download_enable=YES

Tcp_wrappers=NO

Setproctitle_enable=YES

Listen_port=21

Connect_from_port_20=YES

Idle_session_timeout=600

Data_connection_timeout=120

Max_clients=0

Max_per_ip=3

Local_max_rate=512000

4. Each virtual user uses their own configuration

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd.conf

Write_enable=YES

Anonymous_enable=NO

Local_enable=YES

Guest_enable=YES

Guest_username=vftpuser

Virtual_use_local_privs=NO

Pam_service_name=vsftpd

User_config_dir=/etc/vsftpd/vsftpd_user_conf # set the directory where user profiles are stored

Ftpd_banner=Welcome to yoozhu FTP server

Xferlog_enable=YES

Xferlog_file=/var/log/vsftpd.log

Xferlog_std_format=YES

Ascii_upload_enable=YES

Ascii_download_enable=YES

Tcp_wrappers=NO

Setproctitle_enable=YES

Listen_port=21

Connect_from_port_20=YES

Idle_session_timeout=600

Data_connection_timeout=120

Max_clients=0

Max_per_ip=3

Local_max_rate=512000

[root@51ou.com ~] # mkdir / etc/vsftpd/vsftpd_user_conf

Edit the configuration file for ftp1

[root@51ou.com ~] # vi / etc/vsftpd/vsftpd_user_conf/ftp1

Anon_world_readable_only=NO

Edit the configuration file for ftp2

[root@CentOS5 /] # vi / etc/vsftpd/vsftpd_user_conf/ftp2

Anon_world_readable_only=NO

Anon_upload_enable=YES

Anon_mkdir_write_enable=YES

Anon_other_write_enable=YES

At this point, the study on "the detailed steps of setting up vsftpd virtual users in CentOS5.3 system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.