linux vsftp create virtual users
There are three FTP login: anonymous login, user login and virtual local system user login.
Virtual User is a dedicated user ftp server, which is characterized by the FTP service can only provide access to the server, while other resources can not access the system. So, if you want the user has write access to the FTP server inside the station, but other resources are not allowed access to the system, you can use virtual users to improve the security of the system. In VSFTP, the virtual user authentication using a separate password library file (pam_userdb), a Pluggable Authentication Module (PAM) authentication. Using this method is more secure, and more flexible configuration.
vsftp Configuration Installation
- turn off the firewall
> systenmctl stop firewalld
> setenforce 0Or permanently turn off the firewall
> #vim /etc/selinux/config
> SELINUX=disableSecond, install vsftpd service
1, using yum install vsftpd
> #yum -y install vsftpd*2, the main configuration file backup vstpd
#
cp /etc/vdftpd/vdftpd/vsftpd.conf{,.bak}
Third, configure vsftpd virtual users to access services
1, to create a virtual user password file, the odd behavior of the user name, password even-behavior
#
vim /etc/vsftpd/vir_user
user1
1234567a
user2s
1234567b
2, generates virtual user database
#
yum -y install libdb-utils#db_load -T -t hash -f /etc/vdftpd/vir_user /etc/vdftpd/vir_user.db#chomd 700 /etc/vdftpd/vir_udrt.db
3. Configure vsftpd pam verification file
to modify the previous backup files
#cp /etc/pam.d/vsftpd{,.balk}
All configuration line auth machine account are commented out, add about two lines
#vim /etc/pam.d/vsrtpd
1 auth required pam_userdb.so db=/etc/vsftpd/vir_user
2 account required pam_userdb.so db=/etc/vsftpd/vir_user
4. Add a system user 'virftp', all users are mapped virtual file system read and write operations after this user
#mkdir /ftproot
#useradd -d /ftproot -s /sbin/nologin virtp
#chown -R virtp:virftp /ftproot
The master profile is provided vsftpd
#vim /etc/vsftpd/vsftpd.conf
# Prohibit anonymous user login
anonymous_enable = NO
# allow local users to log
local_enable = YES
# Enable virtual account
guest_enable = YES
# virtual account is mapped to the system account virftp
guest_username = virftp
# using a virtual user authentication (PAM verification)
pam_service_name = vsftpd
# Set store directory each virtual user profile (user name and virtual files in the same directory for his configuration file)
user_config_dir = / etc / vsftpd / vsftpd_viruser
# enabled chroot, the virtual root directory allows users write
allow_writeable_chroot = YES
++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++
vsftp profile ah translation
anonymous_enable = YES whether to allow anonymous login
local_enable = YES to allow local landing
write_enable = YES enable any form of written ftp command
local_umask = 022 FTP on this local file permissions, the default is 077, but the configuration file in the default installation vsftp 022
anon_upload_enable = YES to allow anonymous ftp users to upload files
anon_mkdir_write_enable = YES to allow anonymous users to create new directories
dirmessage_enable = YES activated directory messages, send messages to remote user, enter a directory
xferlog_enable = YES activated upload / download logging
connect_from_port_20 = YES RORT ensure transmission connection from port 20
= YES chown_uploads
chown_username = whoever
set the default user anonymous users to upload files, not recommended root
xferlog_file = / var / log / xferlog log file path
xferlog_std_format = YES ftpd xferlog log file formats using the standard log file, the default location / var / log / xferlog
idle_session_timeout = idle session timeout to change the default value of 600
data_connection_timeout = Default data connection timeout 120
nopriv_user = ftpsecure create separate user ftp server
async_abor_enable = YES enable asynchronous request ABOR
ascii_upload_enable = YES to allow ASCII mode to upload files
ascii_download_enable = YES mode allows ASCII file to download
ftpd_banner = Welcome to blah FTP service. Custom landing the title string
deny_email_enable = YES specified does not allow anonymous login email
banned_email_file = / etc / vsftpd / banned_emails default path
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
Chroot specified parameters
CHROOT is Change Root, program execution is changed referenced root location. CHROOT can enhance the security of the system, limit
Users can do
ls_recurse_enable = YES enabled ls -R option
listen = NO listen enable command, the vsftp independent ipv4 socket listening mode, the instruction can not be used simultaneously with
listen_inv6 instruction
listen_ipv6 = YES listening ipv6
pam_service_name = vsftpd virtual users using PAM authentication
userlist_enable = YES only allows userlist file account login
tcp_wrappers = YES whether to allow management tcp_wrappers
anon_other_write_enable = YES to allow anonymous users to rename and delete files
anon_world_readable_only = YES anonymous users can read a file that is not contrary to read
pasv_min_port = 30000
specified port range mode under pasv_max_port = 35000 PASV
++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++
6. configure each virtual user configuration file, the file name is 'virtual user name'
#vim /etc/vsftpd/vsftpd_viruser/user1
# Allowed to write
write_enable = YES
# allows you to browse FTP directory and download
anon_world_readable_only = NO
# allow virtual users to upload files
anon_upload_enable = YES
# allows users to create virtual directory
anon_mkdir_write_enable = YES
# Allow virtual users to perform other operations (such as rename, delete)
anon_other_write_enable = YES
mask # upload the file, such as when 022, 755 upload directory permissions, file permissions to 644
anon_umask = 022
# specify the user's virtual virtual directory (the home directory of the virtual user login)
local_root = / ftproot / ADMIN /
7. Create a virtual user's root directory, to ensure that the system user virtual user mapping, has read and write access to the root directory
#mkdir -p /ftproot/admin/
#chown -R virftp.virftp /ftproot/admin/
Fourth, the test configuration
1. Restart vsftpd service
#systemctl restart vsftpd
#systemctl enable vsfpd
2. Turn off the firewall
#systemctl stop firewalld
3. Using FileZilla connection test tools
Host IP: 192.168.124.44 Username: user1 Password: 1234567a
connection success!
