centos 6 how to install vsftpd and PAM virtual users
- 2020-10-07 18:59:17
- OfStack
Install vsftp using yum
yum install vsftpd pam pam-* db4 db4-*Create a file that holds the user and password
cd /etc/vsftpd/
touch vuser_passwd.txtAdd user (odd-row user, even password)
vim vuser_passwd.txt
tom
DSfaoewLD3
ken
GetpOIIofd324DLJhgAdd the text account and password to the db4 database file
db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.dbComment out all the original vsftpd content and add the following:
sed -ir 's/^/#/g' /etc/pam.d/vsftpd
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwdCreate a user of vsftpd service, vsftpd. You can also use -d to specify his home directory
useradd -d /home/vsftpd -s /sbin/nologin vsftpdTo change the configuration file of vsftpd, first back up 1 vsftpd.conf
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bakThe configuration is as follows:
# Anonymous access is not allowed
anonymous_enable=NO
# Set local user access. Note: primarily for virtual host users if the project is set to NO All virtual users will not be able to access it
local_enable=YES
# Write allowed operation
write_enable=YES
# Create or upload the permissions mask for the file
local_umask=022
# Anonymous user uploads are prohibited
anon_upload_enable=NO
# Prohibit anonymous users from creating directories
anon_mkdir_write_enable=NO
# Displays when entering the directory 1 Some setting information can be passed message_file=.message To set the
dirmessage_enable=YES
# Open the log
xferlog_enable=YES
# The port number of the active connection
connect_from_port_20=YES
# Disable uploading files to change host
chown_uploads=NO
# Log path, remember to create your own 1 Go down and do this file chown vsftpd.vsftpd /var/log/vsftpd.log
xferlog_file=/var/log/vsftpd.log
# It's in the format of the log, you know. use wu ftp Software time setting yes just
xferlog_std_format=YES
# Because we put vsftpd the shell Set to nobody , so This place right here says vsftpd Just do it! Or, of course, you could write it in the system nobody
nopriv_user=vsftpd
# Set support for asynchronous transfer function
async_abor_enable=YES
# Set support ASCII Mode upload
ascii_upload_enable=YES
# Set support ASCII Mode upload
ascii_download_enable=YES
# Welcome message
ftpd_banner=Welcome to dongnan FTP service.
# Limit it to your own directory and don't let it go out, as if set to NO , so when you log in to ftp When you can access the other servers 1 Some directories have permissions. Set to YES After that, lock your directory
chroot_list_enable=YES
# I'm going to write the user to this, and the user who writes to this is going to stay at home in the directory
chroot_list_file=/etc/vsftpd/chroot_list
# In order to standalone Mode to start
listen=YES
#/etc/pam.d/ Under the vsftpd file
pam_service_name=vsftpd
# in /etc/vsftpd/user_list Users will not be allowed to use FTP
userlist_enable=YES
# support TCP Wrappers Firewall mechanism
tcp_wrappers=YES
# Enable virtual user functionality
guest_enable=YES
guest_username=vsftpd
# Virtual users have permissions that match those of their host users
virtual_use_local_privs=YES
# Virtual user individual vsftpd The configuration file location path. vsftpd_config It's a folder. Note: The configuration file name must be the same as the virtual user name
user_config_dir=/etc/vsftpd/vuser_conf
# Set passive mode
pasv_enable=yes
# Passive mode data transfer port range
pasv_min_port=8888
pasv_max_port=8899Create a directory to hold virtual user profiles
mkdir /etc/vsftpd/vuser_conf/Create the vsftp log file
touch /var/log/vsftpd.log
chmod 600 /var/log/vsftpd.log
chown vsftpd.vsftpd /var/log/vsftpd.logCreate configuration files for which users you want to anchor to your home directory
cd /etc/vsftpd/
touch vuser_passwd.txtJust write in the user name that requires a fixed user directory
cd /etc/vsftpd/
touch vuser_passwd.txtNote: No Spaces at the end of the line
Start the vsftpd
cd /etc/vsftpd/
touch vuser_passwd.txtconclusion