Linux File Server In Combat detail (Virtual User)
- 2020-10-23 20:23:59
- OfStack
vsftpd accesses ftp server based on system users, the more system users are not conducive to management, not conducive to system security, so vsftp virtual protection to solve the problem.
Virtual users do not have actual real system users, but by mapping to one of the real users and setting corresponding permissions to access the authentication, virtual users can not log in the system.
1. Install the software and authentication modules needed by virtual users
[root@www ~]# yum install pam* libd-utils libdb* --skip -broken -y
2. Create temporary files for virtual users
/etc/vsftpd/ftpusers.txt
xj3
123456
xj4
123456
3. Generate virtual user database authentication file with permissions of 700
[root@www vsftpd]# db_load -T -t hash -f /etc/vsftpd/ftpusers.txt /etc/vsftpd/vsftpd_login.db
[root@www vsftpd]# chmod 700 /etc/vsftpd/vsftpd_login.db
4. Configuration pam certification documents/etc/pam d/vsftpd to join the following two lines of code:
auth_required pam_userdb .so db=/etc/vsftpd/vsftpd_login
account_required pam_userdb.so db=/etc/vsftpd/vsftpd_login
5.vsftp virtual users need to be mapped to one system user. This system user does not need password or login, which is mainly used for virtual user mapping
useradd -s /sbin/nologin ftpuser
6. vsftpd configuration
#globle config vsftpd 2018
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_ipv6=NO
userlist_enable=YES
tcp_wrappers=YES
# config virtual user ftp
pam_service_name=vsftpd Virtual user enterprise pam certification
guest_enable=YES Enable virtual user
guest_username=ftpuser Map virtual users to system users ftpuser
user_config_dir=/etc/vsftpd/vsftpd_user_conf The directory where the virtual user profile resides
virtual_use_local_privs=YES Virtual users have the same permissions as local users
7 so far, all virtual users can use /home/ftpuser home directory to upload and download, and they can create their own configuration files in /etc/vsftpd/vsftpd_user_conf directory. The main purpose of creating the virtual user configuration files is as follows:
mkdir -p /etc/vsftpd/vsftpd_user_conf/
8. Create configuration files for virtual users and create private virtual directories
vim /etc/vsftpd/vsftpd_user_conf/xj3
local_root=/home/ftpuser/xj3 The virtual user profile path
write_enable=YES Allows logged in users to have write permissions
anon_world_readable_onle=YES Allows anonymous users to download and then read the file
anon_upload_enable=YES Allows anonymous users to upload file permissions only at write_enable=yes To come into force is
anon_mkdir_write_enable=YES Allows anonymous users to create directories only in write_enable=yes To come into force is
anon_other_write_enable=YES Allows anonymous users other permissions, such as delete, rename
vim /etc/vsftpd/vsftpd_user_conf/xj3
local_root=/home/ftpuser/xj3
write_enable=YES
anon_world_readable_onle=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
Create virtual users' respective virtual directories
mkdir -p /home/ftpuser/{xj3,xj4};
chown -R ftpuser:ftpuser /home/ftpuser
conclusion
The above is the site to you to introduce Linux file server combat details, I hope to help you, if you have any questions welcome to leave a message, this site will reply you in time!