1.1. Installing the required certification package
cp website source code to build q-115288oo99
[root @ localhost] # yum install PAM *
[root @ localhost] # yum install DB4 *
install PAM (for user authentication) and DB4 (for generating virtual user's user name and password of db files).
1.2. Installation vsftpd
[root @ localhost] # yum install vsftpd
. 1.3 Set vsftpd boot:
[root @ localhost] #chkconfig vsftpd ON
[root @ localhost] #systemctl enable vsftpd
by chkconfig --list View startup items
View startup items by IS-Enabled systemctl
1.4 Configuration vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
connect_from_port_20=YES
idle_session_timeout=600
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=ftp
user_config_dir=/etc/vsftpd/virtualuser_conf
* Important Parameters:
anonymous_enable = NO does not allow anonymous access
local_enable = YES local user can access, if set to NO, then, ftp this system can not access the local user, of course, all ftp client would not be able to upload download .
write_enable = YES # write (upload)
= YES xferlog_enable
xferlog_file = / etc / vsftpd / vsftpd.log
xferlog_std_format is = YES
these three log since the log, a new recall in / etc / vsftpd / vsftpd.log a file.
guest_enable = YES # Enable virtual user
system local user name guest_username = ftp # virtual user borrowed
user_config_dir = / etc / vsftpd / virtualuser_conf # virtual path to the user's configuration file, so do not forget New in etc / vsftpd / the / directory virtualuser_conf folder
1.5 virtual user configuration
For example, I want to add a user called xmzncc, ftp client to use the user name (behind password) upload and download, in / etc / vsftpd / virtualuser_conf xmzncc a new file called: touch xmzncc. Inside the contents of the file are as follows:
local_root = / Data / Share / the vsftpd /
write_enable = YES
anon_umask = 022
anon_world_readable_only = NO
anon_upload_enable = YES
anon_mkdir_write_enable = YES
anon_other_write_enable = YES
* Parameters:
local_root = / Data / Share / the vsftpd / # of the virtual users upload and download the root
write_enable = YES # write (upload)
anon_umask = 022 # mask
Next in / etc / vsftpd / directory create a text document all client users (virtual user) username and password of the record:
touch virtualuser_passwd.txt
content inside is:
xmzncc
passwd1
xmzncc2
passwd2
odd lines are the user name, password even lines are here to build two virtual user, but the user does not have to zhang1 settings.
1.6 generates virtual user authentication db file and then generates virtual user authentication db file
db_load -T -t hash -f /etc/vsftpd/virtualuser_passwd.txt /etc/vsftpd/virtualuser_passwd.db
then edit the certification documents /etc/pam.d/vsftpd, all commented out the original statement to add the following two
db = required pam_userdb.so auth / etc / vsftpd / virtualuser_passwd
the Account required pam_userdb.so db = / etc / vsftpd / virtualuser_passwd
directory permissions set on the server because this set upload and download the root directory / data / share / vsftpd /, Therefore, access to this folder is important, it is time to start a new root: root, owned by root, root belongs to the group, and later changed to the root: ftp, ftp group that is changed, because the client is carried out by means of uploading and downloading users on the ftp server, ftp ftp user belongs to the group. This can be accessed download, but the download problems, various modifications authority, and finally directly into this directory ftp: ftp all the problems are gone, and ftp user has permissions rwx (read-write executables) in the directory :
[root@localhost]#chown -R root:ftp /data/share/vsftpd/
[root@localhost]#chmod 077 /data/share/vsftpd/