Shulou(Shulou.com)06/03 Report--

Vsftp installation and configuration of virtual users

I. installation

Install with yum

[root@VM_64_122_centos vsftpd] # yum installvsftpd

The default configuration file for vsftpd after the installation is completed is / etc/vsftpd

Second, the process of establishing virtual users

1. Create a virtual user text file and add a virtual user and password

[root@VM_64_122_centos vsftpd] # vivuser.txt

The odd line is the user name and the even number is the password.

For example:

Admin123 unyunyingyunyingshejishejichanpinchanpin

2, generate virtual database files

Db_load is not installed by default before yum installdb4-utils db4-devel db4 installation can use it.

[root@VM_64_122_centos vsftpd] # yum installdb4-utils db4-devel db4

Execute the following command to generate a virtual database file

[root@VM_64_122_centos vsftpd] # db_load-Tmurt hash-f / etc/vsftpd/vuser.txt / etc/vsftpd/vuser.db

3. Configure the PAM file to validate the client. Annotate everything, then add:

[root@VM_64_122_centos vsftpd] # vi/etc/pam.d/vsftpdauth required pam_userdb.so db=/etc/vsftpd/vuseraccount required pam_userdb.so db=/etc/vsftpd/vuser

Note: cannot be written as db=/etc/vsftpd/vuser.db

4. The permission to modify the virtual database file vuser.db is 700.

[root@VM_64_122_centos vsftpd] # chmod 700vuser.db

5, add a system user vuser, use it to correspond to all virtual users, virtual users use system users to access the ftp server.

Useradd vusermkdir / var/ftp/vuserchown vuser.vuser / var/ftp/vuser

6. Modify the vsftpd.conf configuration file so that virtual users can access the vsftpd server by adding the following parameters

Pam_service_name=vsftpd # use PAM to verify guest_enable=YES # enable virtual user # activate virtual account guest_username=vuser # bind the virtual account to the system account vuseruser_config_dir=/etc/vsftpd/vsftpd_user_conf # Virtual user profile directory

Third, control the access of virtual users

1. Set up the directory of vsftpd_user_conf configuration files

Mkdir / etc/vsftpd/vsftpd_user_conf

2. Set the virtual user profile with the same name as the virtual account.

[root@VM_64_122_centos vsftpd] # vi/etc/vsftpd/vsftpd_user_conf/admin

3. Edit the configuration file admin of the virtual account admin, and set the corresponding permissions. Add the following

Anon_world_readable_only=NO # browse FTP directories and download anon_upload_enable=YES # allow uploading anon_mkdir_write_enable=YES # allow creation and deletion of directories anon_other_write_enable=YES # allow renaming and deletion of files local_root=/var/ftp/vuser # # # specify the path of the virtual user under the system user Limit the home directory of the virtual user and the home directory after the virtual user logs in.

4, restart the ftp service

[root@VM_64_122_centos vsftpd] # servicevsftpd restart

4. Modify SELinux settings

SELinux, whose full name is SecurityEnhanced Linux (Security enhanced Linux), is an implementation of MAC (Mandatory Access Control, mandatory access Control system), which aims to specify which resources (files, network ports, etc.) can be accessed by a certain process.

SElinux is to specify which resources the process can access, and if it accesses unspecified resources, SElinux will block it and tell the program that you do not have permission to access it.

Therefore, you need to modify the permission access settings of SELinux, otherwise there will be some abnormal errors in the connection to ftp. For example:

500 OOPS: cannot change directory:/home/*

553 could not create file

View ftp related options

Sestatus-b | grep ftpd

Here are the commonly used Boolean variables:

Allow_ftpd_anon_write: turning off this Boolean variable prevents vsftpd from reading files and directories of type public_content_rw_t. If users are allowed to upload files through FTP. This Boolean variable must be opened.

Allow_ftpd_full_access: when this Boolean variable is opened, only Linux (DAC) permissions control access, and authenticated users can read and write files marked as public_content_t or public_content_rw_t.

Allow_ftpd_use_cif: vsftpd allows files and directories of type cifs_t when opening this Boolean variable, so enabling this Boolean variable allows your FTP server to use the Samba file system.

Allow_ftpd_use_nfsvsftpd: vsftpd allows files and directories of type nfs_t when opening this Boolean variable, so enabling this Boolean variable allows your FTP server to use the NFS file system.

Ftp_home_dir: authenticated users can read and write files in their home directory when this Boolean variable is turned on.

Ftpd_connect_db: allows vsftpd to connect to the database when this Boolean variable is open.

Httpd_enable_ftp_server: allows httpd to act as a FTP server when this Boolean variable is turned on, and listens to the FTP port.

Tftp_anon_write: allows TFTP to access a public directory when opening this Boolean variable

Enable the following options:

Setsebool-P ftp_home_dir 1 setsebool-P allow_ftpd_full_access 1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.