Began to build
1. Check the server environment (if installed vsftpd service and turn off the firewall and disable selinux service)
rpm -qa vsftpd && yum remove vsftpd
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
2. Install vsftpd and db database
yum install vsftpd-* pam* libdb-utils libdb* -y
3. Create a virtual user account and password
- 1) Create a virtual user
useradd -s /sbin/nologin ftpuser
cd /home/ftpuser && mkdir test1 test2 && chown ftpuser.ftpuser -R test*
- 2) Create an account and password file
vim /etc/vsftpd/use_and_password
test1
123
test2
123
- 3) create a database file and set permissions
db_load -T -t hash -f /etc/vsftpd/user_and_password /etc/vsftpd/vsftpd_login.db
chmod 700 vsftpd_login.db
4.PAM module for authentication, edit the configuration file /etc/pam.d/vsftpd and /etc/vsftpd/vsfptd.conf
- 1) PAM configuration file to add two lines of configuration parameters
#%PAM-1.0 auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account include password-auth session required pam_loginuid.so session include password-auth
- 2) vsftpd.conf configuration file to add parameters
anonymous_enable=NO
local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES
listen=YES userlist_enable=YES #######################配置虚拟用户参数################# guest_enable=YES guest_username=ftpuser ##ftpuser为创建的虚拟用户 user_config_dir=/etc/vsftpd/vsftpd_user_conf virtual_use_local_privs=YES
pam_service_name=vsftpd
5. Create a profile for each virtual account vsftpd
- 1) Create a directory to save the configuration file
mkdir -p /etc/vsftpd/vsftpd_user_conf cd /etc/vsftpd/vsftpd_user_conf
touch test1 test2
vim test1
local_root=/home/ftpuser/test1
write_enable=YES
anon_world_readable_only=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
6. Set Lock directory access rights
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES userlist_enable=YES guest_enable=YES guest_username=ftpuser pam_service_name=vsftpd user_config_dir=/etc/vsftpd/vsftpd_conf virtual_use_local_privs =YES ########### settings locked access directory permissions ###### local_root = / Home / ftpuser chroot_list_enable = YES chroot_list_file = / etc / vsftpd / user_and_password allow_writeable_chroot = YES
7. Turn on the vsftpd service
systemctl start vsfptd
Up is completed.