Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to install system accounts and configuration files for CentOS vsftp". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

one。 Installation:

1. Install CentOS vsftp service related parts:

[root@KcentOS5 ~] # yum install vsftpd*

two。 Confirm the installation of PAM service related parts:

[root@KcentOS5 ~] # yum install pam* development package, in fact, it doesn't matter if it is not installed, the main purpose is to confirm PAM.

3. Install the DB4 part package:

Here is a special installation of a db4 package to support the file database.

[root@KcentOS5 ~] # yum install db4*

two。 System account

1. Establish the host user of the CentOS vsftp service:

[root@CentOS5 /] # chmod 700 / home/vftpsite [root@KcentOS5 ~] # useradd vsftpd-s / sbin/nologin

The default CentOS vsftp service host user is root, but this does not meet the security needs. Here we create a user named CentOS vsftp and use him as the service host user that supports CentOS vsftp. Since the user is only used to support CentOS vsftp services, it is not necessary to allow him to log in to the system, and set him as a user who cannot log in to the system. [root@CentOS5 /] # useradd-d / home/vftpsite-s / sbin/nologin vftpuser

two。 Establish a CentOS vsftp virtual hosting user:

[root@KcentOS5 nowhere] # useradd overlord-s / sbin/nologin this article mainly introduces the virtual users of CentOS vsftp, who are not system users, that is to say, these FTP users do not exist in the system. In fact, their overall authority is concentrated on a certain user in the system, the so-called CentOS vsftp virtual host user is such a host user who supports all virtual users.

Because he supports all the virtual users of FTP, then his own permissions will affect these virtual users, therefore, in the consideration of security, we should also pay attention to the control of the rights of this user, and there is absolutely no need for this user to log in to the system, and he is also set here as a user who cannot log in to the system.

(insert a sentence here: originally in the establishment of the above two users, even the user's home path is not intended to be given. I wanted to add-d / home/nowhere, according to the man useradd manual.

Stated: "- d,-- home HOME_DIRThe new user will be created using HOME_DIR as the value for theuser login directory. The default is to append the LOGIN name to"

BASE_DIR and use that as the login directory name. The directoryHOME_DIR does not have to exist but will not be created if it ismissing.

Use the-d parameter to specify the user's home directory, which is not required. If the specified directory does not exist, it will not be created. As a result, when I tried-d / home/nowhere to specify a directory that does not exist, I KAO! actually created a new = for myself.)

three。 Adjust the configuration file for CentOS vsftp:

1. Back up the configuration file before editing

[root@KcentOS5 ~] # cp / etc/vsftpd/vsftpd.conf / etc/vsftpd/vsftpd.conf.backup

two。 Edit the main configuration file Vsftpd.conf

[root@KcentOS5 ~] # vi / etc/vsftpd/vsftpd.conf

Here I will fully record the changes to the original configuration file, and I will keep comments on the original configuration wherever they are modified. Including my understanding of each configuration item, for some of the more key configuration items here I have made my point of view, and I will not delete the original English instructions for reference and comparison.

# Example config file / etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware-allowed by default if you comment this out) # anonymous_enable=YES anonymous_enable=NO

Set not to allow anonymous access # Uncomment this to allow local users to log in.local_enable=YES sets local users to access. Note: mainly for virtual host users, if the project is set to NO, then all virtual users will not be able to access it. # Uncomment this to enable any form of FTP write command.

The write_enable=YES setting allows you to write.

# Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022

Set the permission mask for the uploaded file.

# # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # anon_upload_enable=YES anon_upload_enable=NO

Anonymous users are prohibited from uploading.

# Uncomment this if you want the anonymous FTP user to be able to create # new directories. # anon_mkdir_write_enable=YES anon_mkdir_write_enable=NO

Anonymous users are prohibited from creating directories.

# Activate directory messages-messages given to remote users when they # go into a certain directory. Dirmessage_enable=YES

Set to enable the directory slogan function. # Activate logging of uploads/downloads.xferlog_enable=YES is set to enable logging. # Make sure PORT transfer connections originate from port 20 (ftp-data) .connect_from_port_20=YES sets port 20 for data connection.

# If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! # chown_uploads=YES chown_uploads=NO

Set to prohibit the upload of files to change the host.

# chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. Xferlog_file=/var/log/vsftpd.log

Set the service log save path for Vsftpd. Note that the file does not exist by default. It is necessary to manually touch out, and because the service host user of the CentOS vsftp has been changed here is the manually established CentOS vsftp. Care must be taken to give the user write permissions to the log, otherwise the service will fail to start. # If you want, you can have your log file in standard ftpd xferlog formatxferlog_std_format=YES

Set the log to use a standard record format. # You may change the default value for timing out an idle session.#idle_session_timeout=600 sets the idle connection timeout. Default is used here. Leave the specific value to each specific user to specify, of course, if not specified, or use the default value of 600 here, in seconds. # You may change the default value for timing out a data connection.#data_connection_timeout=120

Set a single * * continuous transmission time. The default is used here. Leave the specific value to each specific user to specify, of course, if not specified, or use the default value of 120 here, in seconds.

# It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. # nopriv_user=ftpsecure nopriv_user=vsftpd

Set the host user of the supporting CentOS vsftp service to be a manually established Vsftpd user. Note that once a change is made to the host user, attention must be paid to the read and write authorization of the read and write files associated with the service. For example, the log file must give the user write permission and so on.

# Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. Async_abor_enable=YES

Set to support asynchronous transmission.

# # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE / big/file" in ASCII mode. Vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. Ascii_upload_enable=YES ascii_download_enable=YES

Set the upload and download functions that support ASCII mode.

# You may fully customise the login banner string: ftpd_banner=This Vsftp server supports virtual users ^ _ ^

Set the login slogan for CentOS vsftp.

# # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. # deny_email_enable=YES # (default follows) # banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot () to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot (). # chroot_list_enable=YES chroot_list_enable=NO

Users are not allowed to log out of their FTP home directory.

# (default follows) # chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "- R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "- R" option, so there is a strong case for enabling it. # ls_recurse_enable=YES ls_recurse_enable=NO

Prohibit users from using the "ls-R" command after logging in to FTP. This command can cause significant overhead on server performance. If this item is allowed, blocking multiple users using the command at the same time will pose a threat to the server.

# When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. Listen=YES

Set the CentOS vsftp service to work in StandAlone mode. By the way, the so-called StandAlone mode is that the service has its own daemon support, and we will be able to see the daemon name of vsftpd under the ps-A command. If you do not want to work in StandAlone mode, you can choose SuperDaemon mode, in which vsftpd will not have its own daemon, but will be fully represented by the super daemon Xinetd, at the same time, many functions of Vsftp services will not be implemented.

# # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented!! # listen_ipv6=YES pam_service_name=vsftpd

Set the authentication profile name of the CentOS vsftp under the PAM service. Therefore, PAM verification will refer to the CentOS vsftp file configuration under / etc/pam.d/. Userlist_enable=YES sets that users in userlist_file will not be allowed to use FTP. The tcp_wrappers=YES setting supports TCP Wrappers.

# KC: The following entries are added for supporting virtual ftp users. The following are important configuration items for CentOS vsftp virtual user support. These settings are not included in the default Vsftpd.conf, so you need to add your own configuration manually. The guest_enable=YES setting enables the virtual user feature.

Guest_username=overlord specifies the host user for the virtual user. Virtual_use_local_privs=YES sets the permissions of virtual users in line with their host users. User_config_dir=/etc/vsftpd/vconf sets the configuration file storage path of the virtual user's personal Vsftp. In other words, each Vsftp virtual user's personality profile will be stored in this specified directory, and one thing to note is that these profile names must be the same as the virtual user name. Save exit.

This is the end of the content of "how to install the system account and configuration file for CentOS vsftp". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.