1. Introduction to vsftp
1. What is vsftp
The name vsftpd stands for "very secure FTP daemon", and security is one of the top concerns for its developer, Chris Evans. High security was a goal from the very beginning of the design and development of this FTP server.
2. vsftp features
vsftpd is the name of a server running on UNIX-like operating systems such as Linux, BSD, Solaris, HP-UX and IRIX. It supports many features that other FTP servers do not. for example:
- very high security requirements
- Bandwidth limit
- good scalability
- Possibility to create virtual users
- IPv6 support
- Above-average performance
- Possibility to assign virtual IP
- high speed
2. Install vsftp
Install via the package management tool provided by the distribution
If you are using Fedora or Redhat system, you can use the following command to install online
[root@localhost ~]# yum install vsftpdIf it is a debian system, you can use apt to install it online
[root@localhost ~]# apt-get install vsftpd
If you are an RPM system, you can also find the vsftpd-xxxx.rpm package to install it through the rpm command
[root@localhost ~]# rpm -ivh vsftpd*.rpm
3. Install vsftp configuration under Ubuntu
Different systems have different installation methods, but the configuration is basically the same. All relevant custom configurations here are placed in the /etc/vsftpd directory. The configuration recorded later is mainly the configuration to enable virtual user access.
1. Installation
Like debian classes, Ubuntu can also use apt-get to manage installed packages
[root@localhost ~]# apt-get install vsftpd2. Create ftp system user
Equivalent to a virtual user accessing the ftp server by borrowing the name of a local user
[root@localhost ~]# sudo useradd vsftpd -d /home/vsftpd -s /bin/false [root@localhost ~]# sudo chown vsftpd:vsftpd /home/vsftpd
Here, a local user vsftpd that cannot be logged in is created, the root directory is /home/vsftpd, and the root directories of the virtual users are based on this directory.
3. Create a virtual user database
[root@localhost ~]# sudo touch /etc/vsftpd/vsftp_user.txt [root@localhost ~]# sudo nano /etc/vsftpd/vsftp_user.txtWhat is recorded in vsftp_user.txt is the username & password of the virtual user. The format is as follows
Username 1 password 1 username 2 password 2 Username 3 password 3Now you can create a database with vsftp_user.txt as a template
[root@localhost ~]# sudo db_load -T -t hash -f /etc/vsftpd/vsftp_user.txt /etc/vsftpd/vsftp_user.db4. Configure the PAM file
[root@localhost ~]# sudo mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak [root@localhost ~]# sudo nano /etc/pam.d/vsftpdEnter one of the following:
auth required pam_userdb.so db=/etc/vsftpd/vsftp_user account required pam_userdb.so db=/etc/vsftpd/vsftp_user5. Modify the vsftp configuration file /etc/vsftpd.conf to check the following configurations:
#If the user who wants to access must enter the user name and password, this time is set to NO anonymous_enable=NO dirmessage_enable=YES xferlog_enable=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES # Whether to restrict all users to the home directory chroot_local_user=YES #Whether to enable chroot_list_file limit chroot_list_enable=YES #Restrict user configuration files. At this time, users configured inside can browse the upper-level directory of the home directory, but users who are not in it will not be able to. chroot_list_file=/etc/vsftpd/chroot_list #This is to enable virtual users guest_enable=YES #This is the local username we set above guest_username=vsftpd #Virtual user configuration directory user_config_dir=/etc/vsftpd/virtual_users #enable pam pam_service_name=vsftpd #Whether to enable local users local_enable=YES secure_chroot_dir=/var/run/vsftpd6. Edit a single user configuration file ( under the directory configured by user_config_dir ) Example
local_root=/var/ftp/ftp_base write_enable=YES anon_umask=022 anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YESillustrate
local_root=virtual user home directory, note that this home directory cannot have write permissions, otherwise the login will report an error (500 OOPS: vsftpd: refusing to run with writable root inside chroot) write_enable=YES //write permission anon_umask=022 anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES