Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to build a VSftpd service based on virtual users". In daily operation, I believe many people have doubts about how to build VSftpd services based on virtual users. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to establish VSftpd services based on virtual users". Next, please follow the editor to study!

First, establish a virtual user password file

You can use the vi command to create a user password file, which is a text file in which the odd behavior user, the even behavior user password, and the file name can be arbitrary. For example, I create a file named login.txt that contains the following contents:

A

Abc123~

B

Abc123~

Where an and b are the users and abc123~ is the user's password.

Second, generate vsftpd password authentication file

After creating the virtual user password file, the next step is to use the db_load command to create the password authentication file. By default, the db_load command is not installed on the system, it is in the db4_utils package.

Liwei@linux# rpm-qa | grep db4-utils

Liwei@linux# rpm-vih / media/Server/db4-utils- version number .rpm

After installing this software, you can use the db_load command to generate a password authentication file, as follows:

Liwei@linux# db_load-T-t hash-f login.txt / etc/vsftpd/vsftpuser.db

Use the above command to create the vsftpuser.db password authentication file in the / etc/vsftpd/ directory. After it is created, we modify the permissions for it for security reasons:

Liwei@linux# chmod 600 / etc/vsftpd/vsftpuser.db

Third, establish the PAM configuration file required by the virtual user

After generating the vsftpd password authentication file, create a new file under / etc/pam.d/ and edit and add two records:

Liwei@linux# vi / etc/pam.d/vsftpd.v

Auth required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpuser

Account required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpuser

Save and exit after editing.

Fourth, establish the directory needed for virtual user access.

After creating the PAM profile required by the virtual user, it is time to establish the working environment of the virtual user. The purpose of this step is to map all the virtual users, as shown below:

Liwei@linux# useradd-s / sbin/nologin virtual / / you can specify a specific directory by using-d in this step.

Liwei@linux# chmod 700 / home/virtual

5. Modify vsftpd.conf configuration file

Once you have established the directories required for virtual user access, you can modify the vsftpd.conf main configuration file. Add the following options to the configuration file:

Anonymous_enable=NO

Local_enable=YES

Write_enable=YES

Anon_upload_enable=NO

Anon_mkidr_write_enable=NO

Anon_other_write_enable=NO

Chroot_local_user=YES

Pam_service_name=vsftpd.v

Guest_enable=YES

Guest_username=virtual

User_config_dir=/etc/vsftpd/vsftpuser_conf / / create a separate profile for virtual users, optional

After you modify the profile, create a separate profile directory for the virtual user, and then add the profile for the user:

Liwei@linux# mkdir / etc/vsftpd/vsftpuser_conf

Liwei@linux# mkdir / home/virtual/a

Liwei@linux# chown virtual:virtual / home/virtual/a

Liwei@linux# vi / etc/vsftpd/vsftpusr_conf/a

Add separate configuration options for a virtual user in this file:

Local_root=/home/virtual/a

Anon_world_readable_only=NO

Write_enable=YES

Anon_upload_enable=YES

Anon_mkdir_write_enable=YES

Anon_other_wirte_enable=YES

Save exit

Restart the service using the command service vsftpd restart.

Create the configuration file and directory of virtual user b in the same way.

6. After completing the above steps, the whole experiment will be OK. When it is time to test, go to the Windows or linux client to see if you can use virtual users an and b to access the FTP server.

Common mistakes are:

1.530 Login incorrect / / login denied

This error is caused by no pam file for vsftpd in the system. If this error occurs, please check the PAM file.

2.500 OOPS: cannot change directory: directory

Login failed

This error is that the directory name specified in your configuration file is incorrect. Please check the directory to solve the problem.

3. There is also a 550 error, which is generally caused by the permissions of the directory. Checking the permissions of the directory should be excluded.

At this point, the study on "how to build a VSftpd service based on virtual users" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.