Virtual users: All virtual users are mapped to a specified system account to access the shared location, that is, the home directory of the system account. Each virtual user can be assigned different access permissions based on the permission control parameters of anonymous users.
1. Installation and startup
# yum install -y VSFTPD # yum install -y VSFTPD # yum install -y VSFTPD # yum install Stop vsftpd.service systemctl status vsftpd.serviceCopy the code
2. Configure the/etc/VSFTPD/VSFTPD. Conf
# anonymous_enable=NO # allow Linux users to log in local_enable=YES # Allow Linux users to upload files (default already has this option) write_enable=YES Dirmessage_enable =YES # Since 2.3.5, VSFTPD has enhanced security checks. If a user is restricted to his/her home directory, the user's home directory no longer has write permission. If the check finds that there is still write permission, the error is reported. Allow_writeable_chroot =YES chroot_list_enable=NO chroot_local_user=YES # FTP transfer mode can be divided into active and passive mode. The server is enabled by default on port 21 connection port 20 data transfer port (the client randomly generates data port and interacts with port 20) The server is enabled by default. 21 Connection port Data transfer port (the port larger than 1024 and smaller than 5000 must be enabled within the specified range) Maintain the pasv_enable=YES Pasv_min_port =10011 pasv_max_port=10020 listen=YES # Listen_port =10010 virtual_use_local_privs=NO # Local_umask =022 # If a virtual user is using VSFTP Anon_umask =022 userlist_enable=NO # Enable system user identity mapping Guest_enable =YES # System user of the current shell guest_username=admin # FTP process service name Pam_service_name = VSFTPD # virtual user list directory user_config_dir= /etc/vsftp/vconf # Logger xferlog_enable=YES xferlog_file=/var/log/xferlog xferlog_std_format=YESCopy the code
3. Create an Ftp account file
Cat >> /etc/vsftp/virtusers << EOF ftpusertest1 123456 ftpusertest2 123456 EOFCopy the code
4. Generate user data files
Db_load -t hash -f /etc/vsftp/virtusers /etc/vsftp/virtusers. Chmod 600 /etc/vsftp/virtusers.db specifies to read the virtual user database fileCopy the code
Modify the VSFTPD file in /etc/pam.d
D /vsftpd.bak cat > /etc/pam.d/vsftpd.bak cat > /etc/pam.d/ VSFTPD << EOF #% pam-1.0 /etc/pam.d/ VSFTPD Auth sufficient /lib64/security/pam_userdb.so db=/etc/ vsftp/virtusers account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers EOFCopy the code
6. Create user vsftpduser and set the user directory to /home/vsftpduser (optional).
This step is optional. You can directly use a common SSH user that can log in. For independent use, a dedicated user vsftpduser that cannot log in is created to perform FTP operations. If you use a common SSH login user, change vsftpduser in subsequent steps to the corresponding SSH user.
Set user login terminal to /bin/false
Sudo useradd vsftpduser -d /home/vsftpduser -s /bin/false sudo chown -r vsftpduser:vsftpduser /home/vsftpduserCopy the code
7. Create an Ftp user profile
# to create virtual user sudo mkdir/etc/VSFTPD/CD/etc/VSFTPD/vconf vconf cat > / etc/VSFTPD/vconf ftpusertest1 < < EOF # set virtual user document root directory Local_root =/home/oper/video # Write write_enable=YES # read anon_world_readable_only=YES # Upload anon_upload_enable=YES # Create directory anon_mkdir_write_enable=YES # Delete directory anon_other_write_enable=YESCopy the code
Create the video root directory
mkdir -p /home/oper/video
Copy the code
8. Restart the test
systemctl restart vsftpd.service
553 Operation Failed
If you change the root directory of FTP (change the value of local_root /home/oper/video to another path, such as /datadir/ftpdata), you may fail to operate the file.
To disable Selinux, perform the following operations: sed -i 's/^ Selinux =enforcing$/ Selinux =disabled/' /etc/selinux/config && setenforce 0Copy the code
FTP test
Note: The firewall opens the FTP data transfer port and connection port