Method steps for CentOS7 to set up FTP server
- 2020-12-21 18:14:54
- OfStack
FTP is mainly used for file transfer. vsftpd is generally used on Linux to achieve. By setting up FTP server, file sharing can be achieved, which is at least much stronger than some bad network disk.
FTP server has three optional authentication methods: anonymous authentication, local user authentication, virtual user authentication, security: anonymous authentication < Local user authentication < Virtual user authentication, configuration complexity: Anonymous authentication < local < Virtual user authentication.
Each file in Linux has a corresponding owner. Virtual user authentication refers to creating one or more FTP users and mapping these FTP users to a user local to Linux (such as vftpuser), so that the user who completes the mapping operates on the FTP directory as user vftpuser does. In addition, the virtual user authentication mode allows multiple FTPS to be configured separately, making it very flexible and convenient. Considering the flexibility and security, this paper chooses to use the virtual user authentication mode.
OK, ready to go!
1. Basic environment
Server: CentOS7.5
Client: Ubuntu Mate18.10
FTP server: vsftpd
FTP Client: FileZilla (optional)
2. Basic process
For brevity, just list the basic setup process and related commands.
1. Install vsftpd
yum install vsftpd
2. Create virtual users
With you like any editor to create and edit/etc vsftpd/vuser list files, content is as follows:
[
lilei
lileipasswd
hanmeimei
hmmpasswd
Password authentication file odd behavior user name, even behavior corresponding password
3, create password authentication database
db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db
chmod 600 /etc/vsftpd/vuser.db
- T: conversion
-ES81en: Specifies the hash algorithm
-ES84en: Specifies the user name
4, edit,
PAM
Certification documents
Create and edit
/etc/pam.d/vsftpd.vu
, which reads as follows:
auth required pam_userdb.so db=/etc/vsftpd/vuser
account required pam_userdb.so db=/etc/vsftpd/vuser
db specifies the password authentication database and does not contain a suffix name
5. Establish local users
useradd -d /home/vftpuser -s /sbin/nologin vftpuser
chmod 755 /home/vftpuser
-ES101en: Specifies the user home directory
-ES103en: Specify the user to log in to shell, /sbin/nologin means that users are prohibited to log in through shell to improve security
6, mapping,
FTP
The user to
vftpuser
The editor
/etc/vsftpd/vsftpd.conf
, modify the following lines:
pam_service_name=vsftpd.vu # The specified pam Certification documents
guest_enable=YES # Enable the mapping
guest_username=vftpuser # Specify the local user of the map
user_config_dir=/etc/vsftpd/vusers_dir # The specified FTP User profile location. If you do not need to configure each user individually, you can comment out this line
7. Separate configuration for each user
create
/etc/vsftpd/vuser_dir
, for each
FTP
The user creates a profile with the same name, as shown here
lilei
As an example. Create and edit
/etc/vsftpd/vuser_dir/lilei
, which reads as follows:
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/var/www/html
The default root directory is the home directory of the mapped user. You can specify the root directory of a user through local_root, noting that you need to change the owner of this directory to vftpuser.
8. Restart vsftpd
systemctl start vsftpd
3. Notes