Linux File Server In Combat detail (Virtual User)

vsftpd accesses ftp server based on system users, the more system users are not conducive to management, not conducive to system security, so vsftp virtual protection to solve the problem.

Virtual users do not have actual real system users, but by mapping to one of the real users and setting corresponding permissions to access the authentication, virtual users can not log in the system.

1. Install the software and authentication modules needed by virtual users

[root@www ~]# yum install pam* libd-utils libdb* --skip -broken -y

2. Create temporary files for virtual users

/etc/vsftpd/ftpusers.txt
xj3
123456
xj4
123456

3. Generate virtual user database authentication file with permissions of 700

[root@www vsftpd]# db_load -T -t hash -f /etc/vsftpd/ftpusers.txt /etc/vsftpd/vsftpd_login.db
[root@www vsftpd]# chmod 700 /etc/vsftpd/vsftpd_login.db

4. Configuration pam certification documents/etc/pam d/vsftpd to join the following two lines of code:

auth_required pam_userdb .so db=/etc/vsftpd/vsftpd_login
account_required pam_userdb.so db=/etc/vsftpd/vsftpd_login

5.vsftp virtual users need to be mapped to one system user. This system user does not need password or login, which is mainly used for virtual user mapping

useradd -s /sbin/nologin ftpuser

6. vsftpd configuration

#globle config vsftpd 2018
　　anonymous_enable=NO
　　local_enable=YES
　　write_enable=YES
　　local_umask=022
　　dirmessage_enable=YES
　　xferlog_enable=YES
　　connect_from_port_20=YES
　　xferlog_std_format=YES
　　listen=YES
　　listen_ipv6=NO
　　userlist_enable=YES
　　tcp_wrappers=YES
#　　config virtual user ftp
　　pam_service_name=vsftpd  Virtual user enterprise pam certification 
　　guest_enable=YES      Enable virtual user 
　　guest_username=ftpuser  Map virtual users to system users ftpuser
　　user_config_dir=/etc/vsftpd/vsftpd_user_conf The directory where the virtual user profile resides 
　　virtual_use_local_privs=YES  Virtual users have the same permissions as local users 

7 so far, all virtual users can use /home/ftpuser home directory to upload and download, and they can create their own configuration files in /etc/vsftpd/vsftpd_user_conf directory. The main purpose of creating the virtual user configuration files is as follows:

mkdir -p /etc/vsftpd/vsftpd_user_conf/

8. Create configuration files for virtual users and create private virtual directories

vim /etc/vsftpd/vsftpd_user_conf/xj3
local_root=/home/ftpuser/xj3   The virtual user profile path 
write_enable=YES  Allows logged in users to have write permissions 
anon_world_readable_onle=YES Allows anonymous users to download and then read the file 
anon_upload_enable=YES Allows anonymous users to upload file permissions only at write_enable=yes To come into force is 
anon_mkdir_write_enable=YES Allows anonymous users to create directories only in write_enable=yes To come into force is 
anon_other_write_enable=YES Allows anonymous users other permissions, such as delete, rename 
vim /etc/vsftpd/vsftpd_user_conf/xj3
local_root=/home/ftpuser/xj3
write_enable=YES
anon_world_readable_onle=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Create virtual users' respective virtual directories

mkdir -p /home/ftpuser/{xj3,xj4};
chown -R ftpuser:ftpuser /home/ftpuser

conclusion

The above is the site to you to introduce Linux file server combat details, I hope to help you, if you have any questions welcome to leave a message, this site will reply you in time!