Configuring the FTP server with virtual user login can avoid some security problems caused by using operating system accounts as FTP users, and it is also convenient for management through databases or other programs. This article uses the FTP server software of vsftpd under Linux as an example to describe the detailed process of configuring FTP.
1 Install the necessary software
yum install vsftpd
yum install db4 #Berkeley DB database, used to store virtual FTP usernames and passwords
2 Initialize the installation environment
mkdir -p /data/vsftpd #This directory stores the directories and files of all virtual users
useradd -d /data/vsftpd -s /sbin/nologin vsftpd #Create vsftpd user, login is prohibited
chown -R vsftpd:vsftpd /data/vsftpd
mkdir -p /etc/vsftpd/vsftpd_user_conf #This directory stores the configuration files of each virtual user (can be empty)
3 Modify the vsftpd configuration file
vi /etc/vsftpd/vsftpd.conf, the content is as follows:
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
listen=YES
pam_service_name=ftp #PAM策略文件的名字
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES #允许虚拟用户登录
guest_username=vsftpd
local_root=/data/vsftpd/$USER #用户目录
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf #用户配置文件所在目录,可以为空
vi /etc/pam.d/ftp, the content is as follows:
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login3 New user
i modify the user name and password file
vi /etc/vsftpd/logins.txt, add a user name and password to this file, the odd numbers in logins.txt are the account names, and the even numbers are the passwords
db_load -T -t hash -f /etc/vsftpd/logins.txt /etc/vsftpd/vsftpd_login.db #Generate database file for username and password
ii Create user's directory
mkdir /data/vsftpd/$new_user_name
chown -R vsftpd:vsftpd /data/vsftpd/$new_user_name
4 Start the FTP service
service vsftpd start
chkconfig vsftpd on#Set up to start automatically
5 Delete user
i Modify the user name and password file
vi /etc/vsftpd/logins.txt, delete the user name and password in this file, the odd number is the account name, and the even number is the password in login.txt
db_load -T -t hash -f /etc/vsftpd/logins.txt /etc/vsftpd/vsftpd_login.db
ii Delete user directory
Delete the user directory under /data/vsftpd
Common malfunctions:
Q: Login failed
500 OOPS: cannot change directory:/home/vsftpd
Login failed.
421 Service not available, remote server has closed connectionA : solving method
Usually caused by SELinux, the solution steps are as follows:
vi /etc/selinux/config #Change selinux=enforcing or permissive to disabled, turn off selinux ,
setenforce 0 # The turn off selinux policy to take effect immediately
/etc/init.d/vsftpd restart #Restart FTP service