Method steps for CentOS7 to set up FTP server

FTP is mainly used for file transfer. vsftpd is generally used on Linux to achieve. By setting up FTP server, file sharing can be achieved, which is at least much stronger than some bad network disk.

FTP server has three optional authentication methods: anonymous authentication, local user authentication, virtual user authentication, security: anonymous authentication < Local user authentication < Virtual user authentication, configuration complexity: Anonymous authentication < local < Virtual user authentication.

Each file in Linux has a corresponding owner. Virtual user authentication refers to creating one or more FTP users and mapping these FTP users to a user local to Linux (such as vftpuser), so that the user who completes the mapping operates on the FTP directory as user vftpuser does. In addition, the virtual user authentication mode allows multiple FTPS to be configured separately, making it very flexible and convenient. Considering the flexibility and security, this paper chooses to use the virtual user authentication mode.

OK, ready to go!

1. Basic environment

Server: CentOS7.5

Client: Ubuntu Mate18.10

FTP server: vsftpd

FTP Client: FileZilla (optional)

2. Basic process

For brevity, just list the basic setup process and related commands.

1. Install vsftpd

yum install vsftpd

2. Create virtual users

With you like any editor to create and edit/etc vsftpd/vuser list files, content is as follows:

[

lilei
lileipasswd
hanmeimei
hmmpasswd

]

Password authentication file odd behavior user name, even behavior corresponding password

3, create password authentication database

db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db
chmod 600 /etc/vsftpd/vuser.db

- T: conversion
-ES81en: Specifies the hash algorithm
-ES84en: Specifies the user name

4, edit, PAM Certification documents

Create and edit /etc/pam.d/vsftpd.vu , which reads as follows:

auth      required  pam_userdb.so db=/etc/vsftpd/vuser
account   required  pam_userdb.so db=/etc/vsftpd/vuser

db specifies the password authentication database and does not contain a suffix name

5. Establish local users

useradd -d /home/vftpuser -s /sbin/nologin vftpuser
chmod 755 /home/vftpuser

-ES101en: Specifies the user home directory
-ES103en: Specify the user to log in to shell, /sbin/nologin means that users are prohibited to log in through shell to improve security

6, mapping, FTP The user to vftpuser

The editor /etc/vsftpd/vsftpd.conf , modify the following lines:

pam_service_name=vsftpd.vu  #  The specified pam Certification documents 
guest_enable=YES              #  Enable the mapping 
guest_username=vftpuser      #  Specify the local user of the map 
user_config_dir=/etc/vsftpd/vusers_dir    #  The specified FTP User profile location. If you do not need to configure each user individually, you can comment out this line 

7. Separate configuration for each user

create /etc/vsftpd/vuser_dir , for each FTP The user creates a profile with the same name, as shown here lilei As an example. Create and edit /etc/vsftpd/vuser_dir/lilei , which reads as follows:

anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/var/www/html

The default root directory is the home directory of the mapped user. You can specify the root directory of a user through local_root, noting that you need to change the owner of this directory to vftpuser.

8. Restart vsftpd

systemctl start vsftpd

3. Notes

Add vsftpd to boot to prevent the server from being inaccessible after restart; If the FTP server is inaccessible, check the firewall and SElinux Settings. After generating password authentication database, delete list file in time to prevent password leakage.