Shulou(Shulou.com)06/03 Report--

1.vim / etc/selinux/config

The profile is SELINUX=disable

two。 Turn off firewall setenforce 0

3.yum-y install vsftpd

4.cp / etc/vsftpd/vsftpd.conf {, .bak}

Back up the vsftpd master configuration file

5.vim / etc/vsftpd/vir_user

Create a virtual user

Such as: yuxin

4343

6. Generate a virtual user database

Yum-y install libdb-utils

Db_load-T-t hash-f / etc/vsftpd/vir_user / etc/vsftpd/vir_user.db

Chmod 700 / etc/vsftpd/vir_user.db

Configure the vsftpd pam authentication file:

Back up the files before repair

Cp / etc/pam.d/vsftpd {, .bak}

8. Comment out all the configuration lines of auth and account, and add the following two lines {comment out all, precede the string with #}

Vim / etc/pam.d/vsftpd

Auth required pam_userdb.so db=/etc/vsftpd/vir_user

Account required pam_userdb.so db=/etc/vsftpd/vir_user

9. Add a system user 'virftp' to which all virtual users will read and write to the file system:

Mkdir / ftproot

Useradd-d / ftproot-s / sbin/nologin virftp

Chown-R virftp:virftp / ftproot

Set up the vsftpd main profile:

Vim / etc/vsftpd/vsftpd.conf

# prohibit anonymous users from logging in

Anonymous_enable=NO

# allow local users to log in

Local_enable=YES

# enable virtual account

Guest_enable=YES

# Mapping a virtual account to a system account virftp

Guest_username=virftp

# using virtual user authentication (PAM authentication)

Pam_service_name=vsftpd

# set the directory where each virtual user profile is stored (the same file as the virtual user name in this directory is his profile)

User_config_dir=/etc/vsftpd/vsftpd_viruser

# when chroot is enabled, the virtual user root directory allows writing

Allow_writeable_chroot=YES

[if you have the same string, modify yes or no, and add if you don't]

Configure the virtual user's respective profiles:

Create a storage directory for 'virtual user profile'

Mkdir / etc/vsftpd/vsftpd_viruser/

11. Create and configure respective profiles for virtual users with the file name 'virtual user name'

Vim / etc/vsftpd/vsftpd_viruser/user1

[copy and paste all]

# allow writing

Write_enable=YES

# allow browsing of FTP directories and downloads

Anon_world_readable_only=NO

# allow virtual users to upload files

Anon_upload_enable=YES

# allow virtual users to create directories

Anon_mkdir_write_enable=YES

# allow virtual users to perform other operations (such as renaming, deleting)

Anon_other_write_enable=YES

# the mask for uploading files, such as 022, the permissions for uploading directories and files are 755 and 644 respectively

Anon_umask=022

# specify the virtual directory of the virtual user (the home directory after the virtual user logs in)

Local_root=/ftproot/admin/

twelve。 Create the root directory of the virtual user, and ensure that the system user mapped by the virtual user has read and write access to this root directory.

Mkdir-p / ftproot/admin/

Chown-R virftp.virftp / ftproot/admin/

13. Test configuration results:

Restart the vsftpd service

Systemctl restart vsftpd

Systemctl enable vsftpd

14. Turn off the firewall or turn on the '21' port number

Systemctl stop firewalld or firewall-cmd-- add-port=21/tcp

15. Use the 'FlashFXP' tool to connect the test [port 21]

First test the connection to the ftp://192.168.xx on the computer

After the connection is successful, there will be a file. The test creates a new file, but cannot do the following steps [at this time, the FlashFXP tool also failed to connect] vim / etc/vsftpd/vsftpd_viruser/yuxin

Change this file to create a virtual user file with a content of 11 steps

17.setsebool-P allow_ftpd_full_access on

Setsebool-P ftp_home_dir on

18. Restart vsftpd

Systemctl restart vsftpd

Testing tools to connect virtual users

Cd / etc/vsftpd/

Ls view catalog, edit vim ftpusers

There are user names in it, all commented out with #

Restart systemctl restart vsftpd

And check whether users such as root can connect [if you can't connect, ok]

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.