Requirements: to build a ftp, give a virtual user, there is only one directory permissions
1. Install vstpd
yum install vsftpd -y
2. Installation libdb-utils
Berkeley DB installation tool for generating virtual user authentication file
yum install libdb-utils #Centos7 yum install db4 db4-utils #Centos6
3. Create Owner User
All users are mapped virtual directory permissions is the main user.
4. Modify the main configuration file (/etc/vsftpd/vsftpd.conf)
listen = YES # ipv4 use listening anonymous_enable = NO # turn off anonymous access dirmessage_enable = YES xferlog_enable = YES # boot log xferlog_file = / var / log / vsftpd.log xferlog_std_format = YES chroot_list_enable = YES # restrict users can not leave a particular directory chroot_list_file = / etc / vsftpd / chroot_list chroot_local_user = YES guest_enable after = YES # start, all non-anonymous users will be mapped to guest_username be accessed and converted into a virtual user guest_username = the WWW user_config_dir = / etc / vsftpd / vsftpd_user_conf # virtual user profile directory pam_service_name = vsftpd #pam certification file name local_enable = YES # enable local users of the system, including virtual users
5. Create the chroot file
touch /etc/vsftpd/chroot_list
6. Create a virtual user list
echo -e "ftpuser\n123456" > /etc/vsftpd/vuser
7. Generate virtual user authentication file
db_load -T -t hash -f /etc/vsftpd/vuser /etc/vsftpd/vuser.db chmod 600 /etc/vsftpd/vuser.db
8. Configure virtual user authentication
cp /etc/pam.d/vsftpd{,.bak}
echo -e \
"auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser\n\
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser" > /etc/pam.d/vsftpd
9. Configure virtual user profiles
mkdir / etc / the vsftpd / vuser_conf / VI / etc / the vsftpd / vuser_conf / ftpserver # file name corresponding to the FTP virtual users uniform write_enable = YES anon_world_readable_only = NO anon_upload_enable = YES anon_mkdir_write_enable = YES anon_other_write_enable = YES local_root = / Home / WWW / Backup # virtual home directory, and the user must specify a host group users anon_umask = 020
10. Configure firewall and selinux
-P ftpd_full_access ON setsebool- iptables -I --dport the INPUT -p TCP port 21 is connected #FTP -j ACCEPT iptables -I INPUT -p tcp --dport 33000: random port at 34000 -j ACCEPT #pasv mode iptables-save> / etc / sysconfig / iptables # save the firewall configuration
11. Restart vsftpd
service vsftpd restart