1. Install vsftpd
yum install -y vsftpd #install vsftpd
yum install -y psmisc net-tools systemd-devel libdb-devel perl-DBI #Install vsftpd virtual user configuration dependencies
systemctl start vsftpd.service #Start
systemctl enable vsftpd.service #Set vsftpd to start on boot
2. Configure vsftp server
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak #Backup default configuration files
Execute the following command to set
sed -i "s/anonymous_enable=YES/anonymous_enable=NO/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#anon_upload_enable=YES/anon_upload_enable=NO/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#anon_mkdir_write_enable=YES/anon_mkdir_write_enable=YES/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#chown_uploads=YES/chown_uploads=NO/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#async_abor_enable=YES/async_abor_enable=YES/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#ascii_upload_enable=YES/ascii_upload_enable=YES/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#ascii_download_enable=YES/ascii_download_enable=YES/g" '/etc/vsftpd/vsftpd.conf'
sed -i "s/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to FTP service./g" '/etc/vsftpd/vsftpd.conf'
echo -e "use_localtime=YES\nlisten_port=21\nchroot_local_user=YES\nidle_session_timeout=300
\ndata_connection_timeout=1\nguest_enable=YES\nguest_username=vsftpd
\nuser_config_dir=/etc/vsftpd/vconf\nvirtual_use_local_privs=YES
\ npasv_min_port = 10060 \ npasv_max_port = 10090
\naccept_timeout=5\nconnect_timeout=1" >> /etc/vsftpd/vsftpd.conf
3. Create a virtual user list file
touch /etc/vsftpd/virtusers
Edit the virtual user list file: (the first line of account, the second line of password, note: you cannot use root as the user name, the system reserves)
vi / etc / vsftpd / virtusers
web1 #username
123456 #password
4. Generate virtual user data files
db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db
chmod 600 /etc/vsftpd/virtusers.db #Set the PAM authentication file and specify to read the virtual user database file
5. Add the following information to the header of the /etc/pam.d/vsftpd file (adding later is invalid)
Backup cp /etc/pam.d/vsftpd /etc/pam.d/vsftpdbak before modification
vi /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers
Note: If the system is 32-bit, change the above to lib, otherwise the configuration fails
6. Create a new system user vsftpd, the user directory is /home/wwwroot, and the user login terminal is set to /bin/false (even if it cannot log in to the system)
useradd vsftpd -d /home/wwwroot -s /bin/false
7. Create a virtual user personal Vsftp configuration file
mkdir /etc/vsftpd/vconf
cd /etc/vsftpd/vconf
touch web1 web2 web3 #Create three virtual user profiles here
mkdir -p /home/wwwroot/web1/http/
chown vsftpd:vsftpd /home/wwwroot -R #Set directory user
chmod a-w /home/wwwroot
chmod a-w /home/wwwroot/web1
chmod aw /home/wwwroot/web1/http #The root directory cannot have write permission
vi web1 #Edit user web1 configuration file, others are similar to this configuration file
local_root=/home/wwwroot/web1/http/
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#Solve that the security mechanism cannot create files and folders
getsebool -a |grep ftp
setebool ftpd_full_access = 1
8. Firewall settings
firewall-cmd --zone=public --add-port=10060-10090/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --reload
9. Finally restart the vsftpd server
systemctl restart vsftpd.service
10. Open the browser ftp://172.69.xxx.xxx to access ftp