Shulou(Shulou.com)06/01 Report--

CentOS vsftpd users how to manually establish the operating system, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this to learn, I hope you can gain something.

CentOS Linux has been widely used because of its compatibility with RHEL and the stability of enterprise-class applications, while allowing users to use it freely.

CentOS vsftpd installation

yum -y install vsftpd*

yum -y install pam*

yum -y install db4*

CentOS vsftpd system account

1. Host user of CentOS vsftpd service

useradd vsftpd -s /sbin/nologin

2. vsftpd virtual host user

useradd ftpuser -s /sbin/nologin

* The user concerned is not allowed to log in.

CentOS vsftpd.conf settings

1. Backup

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.ysbk

more..

less..

2. Settings

anonymous_enable=NO Set not to allow anonymous access

local_enable=YES Set local user access. Note: Mainly for virtual host users, if this item is set to NO then all virtual users will not be able to access.

write_enable=YES Set to enable write operations.

local_umask=022 Set the permission mask for the uploaded file.

anon_upload_enable=NO Disable anonymous user uploads.

anon_mkdir_write_enable=NO Prevent anonymous users from creating directories.

dirmessage_enable=YES Set to enable directory tagline functionality.

xferlog_enable=YES Set to enable logging.

connect_from_port_20=YES Set port 20 for data connection.

chown_uploads=NO Set to prohibit uploading files to change hosts.

xferlog_file=/var/log/vsftpd.log Sets the path where CentOS vsftpd service logs are saved. Note that this file does not exist by default. It has to be manually touched out, and since the CentOS vsftpd service hosting user changed here for manually established CentOS vsftpd. Care must be taken to give this user write access to the log, otherwise the service will fail to start.

xferlog_std_format=YES Sets the log to use the standard record format.

nopriv_user=vsftpd Sets the host user supporting the CentOS vsftpd service to a manually established CentOS vsftpd user. Note that once a change is made to the host user, attention must be paid to the read and write empowerment of the files associated with the service. For example, log files must be given to the user write permissions, etc.

async_abor_enable=YES Set to support asynchronous transfer functionality.

ascii_upload_enable=YES

ascii_download_enable=YES Set to support ASCII mode uploads and downloads.

ftpd_banner=Welcome to Awei FTP servers Set CentOS vsftpd login tagline.

chroot_local_user=YES Prevent local users from logging out of their FTP home directory.

pam_service_name=vsftpd Sets the authentication profile name for CentOS vsftpd under PAM service. Therefore, PAM validation will refer to the CentOS vsftpd file configuration under/etc/pam.d/.

The following are important configuration items for CentOS vsftpd virtual user support. The default Vsftpd.conf does not contain these settings, and you need to manually add your own configuration.

guest_enable=YES Set to enable virtual user functionality.

guest_username=ftpuser Specifies the host user for the virtual user.

virtual_use_local_privs=YES Sets the permissions of virtual users to match those of their host users.

user_config_dir=/etc/vsftpd/vconf Set the path where the configuration file of the virtual user's personal Vsftp is stored. That is, this specified directory will store the profile of each Vsftp virtual user personality. One thing to note is that these profiles must have the same name as the virtual user name.

3. Create CentOS vsftpd log file and change the owner to CentOS vsftpd service host user:

[root@KcentOS5 ~]# touch /var/log/vsftpd.log

[root@KcentOS5 ~]# chown vsftpd.vsftpd /var/log/vsftpd.log

4. Create virtual user profile storage path:

[root@KcentOS5 ~]# mkdir /etc/vsftpd/vconf/

IV. Making CentOS vsftpd virtual user database file

1. Create a virtual user list file:

[root@KcentOS5 ~]# touch /etc/vsftpd/virtusers

A virtual user list file is created. This file is the data file that records the username and password of CentOS vsftpd virtual users. I will name it virtusers here. To avoid file clutter, I put this list file under/etc/vsftpd/.

2. Edit virtual user list file:

[root@KcentOS5 ~]# vi /etc/vsftpd/virtusers

download

1234

upload

5678

admin

9012

Edit this virtual user list file, adding the user's username and password information to it. The format is simple: "one username, one password."

3. Generating virtual user data files:

[root@KcentOS5 ~]# db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db

5. Set PAM authentication file and specify virtual user database file to read

Add the following information to the header of/etc/pamd.vsftpd (invalid after)

auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/virtusers

account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/virtusers

VI. CentOS vsftpd configuration of virtual user

1. download user, only download, not upload or delete

write_enable=NO

2. Upload can be downloaded and uploaded but cannot be deleted

write_enable=YES

cmds_allowed=ABOR,

file_open_mode=0444

3. admin manages ftp

The default vsftpd.conf file is fine, don't make any changes.

4. Supplement:

If you want to restrict the upload directory (home directory) for uploading users, you need to add

local_root=/home/ftp/upload

The requested URL/home/ftp/upload.png was not found on this server.

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.