#允许匿名访问模式
anonymous_enable=YES
#允许匿名用户上传文件
anon_upload_enable=YES
#允许匿名用户创建目录
anon_mkdir_write_enable=YES
#允许匿名用户修改目录名或删除目录    
anon_other_write_enable=YES

1.2 Modify the permissions of the ftp directory

It can be seen that before the modification, the owner/group of the anonymous user's ftp root directory is root, so the anonymous user has no write permission. So you need to modify the owner's permission to ftp.

1.3 Set the access rule policy of the selinux service to the ftp service to allow

1.4 Firewall add ftp service

firewall-cmd --zone=public --add-service=ftp --permanent
firewall-cmd --reload
firewall-cmd --list-all

1.5 Test

Test on the client side, the client is not on the server side, use a virtual machine outside Ningxia to test.

View in /var/ftp/pub on the server side

2. Local user mode

2.1 Modify the configuration file on the server side (configuration file: /etc/vsftpd/vsftpd.conf )

After modifying the configuration file, you need to restart the service. command (systemctl restart vsftpd)

#禁止匿名用户访问模式
anonymous_enable=NO
#允许本地用户模式
local_enable=YES
#设置可写入权限
write_enable=YES
#本地用户模式创建文件的umask值
local_umask=022
#参数值为YES即禁止名单中的用户，参数值为NO则代表仅允许名单中的用户
userlist_deny=YES
#允许“禁止登录名单”，名单文件为ftpusers与user_list
userlist_enable=YES

2.2. Create a user and set the corresponding password

useradd linuxprobe
passwd linuxprobe

2.3 Testing

Client test (the directory created by the client is under /home/linuxprobe of the server):

server test

Note: Because I configured the firewall and selinux in anonymous access mode, there is no configuration here. If not, refer to 1.3 and 1.5 to configure firewall and selinux.

3. Virtual user mode

3.1. Create a virtual ftp user database file

[root@dns linuxprobe]# cd /etc/vsftpd/
[root@dns vsftpd]# ll
[root@dns vsftpd]# vim vuser.list

[root@dns vsftpd]# db_load -T -t hash -f vuser.list vuser.db #Use the db_load command to generate the ftp user database file vuser.db using the HASH algorithm.
[root@dns vsftpd]# file vuser.db #View file type
[root@dns vsftpd]# chmod 600 vuser.db
[root@dns vsftpd]# rm -rf vuser.list

vuser.list:

3.2. Create system users for ftp root directory and virtual user mapping.

[root@dns vsftpd]# useradd -d /var/ftproot -s /sbin/nologin virtual #Create a virtual user and specify a home directory and set it to not allow login to the system.
[root@dns vsftpd]# ls -ld /var/ftproot/
[root@dns vsftpd]# chmod -Rf 755 /var/ftproot/

3.3. Create a PAM authentication file that supports virtual users

[root@dns vsftpd]# vim /etc/pam.d/vsftpd.vu

3.4. Modify the configuration file (/etc/vsftpd/vsftpd.conf)

#禁止匿名开放模式
anonymous_enable=NO
#允许本地用户模式
local_enable=YES
#开启虚拟用户模式
guest_enable=YES
#指定虚拟用户账号
guest_username=virtual
#指定pam文件
pam_service_name=vsftpd.vu
#允许禁锢的ftp根目录可写而不拒绝用户登入请求
allow_writeable_chroot=YES
#指定用户独立的权限配置文件存放的目录
user_config_dir=/etc/vsftpd/vusers_dir

Note: Do not repeat fields. For example, the pam_service_name=vsftpd.vu field here has the original configuration file. If you rewrite it here, you need to comment out or delete the original one.

In the last second row:

3.5. Set different permissions for virtual users

[root@dns ~]# mkdir /etc/vsftpd/vusers_dir
[root@dns ~]# cd /etc/vsftpd/vusers_dir/
[root@dns vusers_dir]# touch linuxlinux
[root@dns vusers_dir]# vim linuxhaha

3.6. Restart the service

systemctl restart vsftpd

3.7 Testing

Client test:

Server view: