当前位置：网站首页>Efficient! Build FTP working environment with virtual users

Efficient! Build FTP working environment with virtual users

2022-07-04 12:56:00 【51CTO】

Efficient ！ Build with virtual users FTP The work environment _ Virtual user

before , Use vsftp Tools to build ftp when , The users we use are Linux Of the system users , And when we have too many people , And they all need to log in with their own accounts , Then it will be very inconvenient to manage . Using virtual users can solve this problem well , Do not occupy system users ！

1. Configure the base environment

close seliux

      
      
       
       #  Permanent ban selinux
       
       
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
       
       
#  Temporarily Closed selinux
       
       
setenforce 0
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.

2. install vsftp

Here you need to install two modules , Respectively vsftpd and db4-utils.

      
      
       
       yum -y install vsftpd db4-utils
      
      
      
      
       
       1.

3. Modify the configuration

Develop good habits , Back up the configuration before modifying it , To prevent it from starting after subsequent modification .

      
      
       
       cd /etc/vsftpd/
       
       
mv vsftpd.conf vsftpd.src.conf
      
      
      
      
       
       1.
       
       2.

Modify the configuration as follows ：

      
      
       
       vim vsftpd.conf
       
       
listen=YES
       
       
anonymous_enable=NO
       
       
dirmessage_enable=YES
       
       
xferlog_enable=YES
       
       
xferlog_file=/var/log/vsftpd.log
       
       
xferlog_std_format=YES
       
       
chroot_list_enable=YES
       
       
chroot_list_file=/etc/vsftpd/chroot_list
       
       
chroot_local_user=YES
       
       
allow_writeable_chroot=YES
       
       
guest_enable=yes
       
       
guest_username=vsftpd
       
       
user_config_dir=/etc/vsftpd/vsftpd_user_conf
       
       
pam_service_name=vsftpd
       
       

       
       
local_enable=YES
       
       
pasv_enable=YES
       
       
#  Passive mode , Occupy 5090-6000 port 
       
       
#listen_port=52221
       
       
pasv_min_port=5090
       
       
pasv_max_port=6000
       
       
#pasv_address=49.235.71.50
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.
       
       7.
       
       8.
       
       9.
       
       10.
       
       11.
       
       12.
       
       13.
       
       14.
       
       15.
       
       16.
       
       17.
       
       18.
       
       19.
       
       20.
       
       21.
       
       22.
       
       23.

4. Create a virtual user account file

      
      
       
       vim /etc/vsftpd/userfile
      
      
      
      
       
       1.

Fill in the user name and password in the file , One line is the user name , Double line is password , For example, I set up two users user1 and user2, Their passwords are both 123456：

5. Generate virtual user profile according to virtual user account file vsftpd_login.db

      
      
       
       db_load -T -t hash -f /etc/vsftpd/userfile /etc/vsftpd/vsftpd_login.db
       
       
chmod 600 /etc/vsftpd/vsftpd_login.db
      
      
      
      
       
       1.
       
       2.

6. Configure virtual user login authentication , Comment out everything , Add the following two lines , The end result is as follows ：

      
      
       
       vim /etc/pam.d/vsftpd
       
       
#%PAM-1.0
       
       
auth        sufficient  /lib64/security/pam_userdb.so  db=/etc/vsftpd/vsftpd_login
       
       
account     sufficient  /lib64/security/pam_userdb.so  db=/etc/vsftpd/vsftpd_login
       
       
#session    optional     pam_keyinit.so    force revoke
       
       
#auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
       
       
#auth       required    pam_shells.so
       
       
#auth       include     password-auth
       
       
#account    include     password-auth
       
       
#session    required     pam_loginuid.so
       
       
#session    include     password-auth
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.
       
       7.
       
       8.
       
       9.
       
       10.
       
       11.

7. Restrict virtual users from switching home directories

      
      
       
       vim /etc/vsftpd/chroot_list
       
       
user1
       
       
user2
      
      
      
      
       
       1.
       
       2.
       
       3.

8. Create a directory of configuration files

      
      
       
       mkdir /etc/vsftpd/vsftpd_user_conf
      
      
      
      
       
       1.

10. establish vsftpd user （ And vsftpd.conf In the document ：guest_username=vsftpd Agreement ）

      
      
       
       useradd -d /home/vsftpd -s /sbin/nologin vsftpd
      
      
      
      
       
       1.

10. Write the configuration content for each user according to the user name

Download permission only

      
      
       
       mkdir -p /home/vsftpd/user1
       
       
chown -R vsftpd:vsftpd /home/vsftpd
       
       
#  Note that the file name created here should be consistent with your user 
       
       
vim /etc/vsftpd/vsftpd_user_conf/user1
       
       
anon_world_readable_only=NO    
       
       
local_root=/home/vsftpd/user1
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.

Upload 、 Download permissions , Can't delete 、 You can't rename

      
      
       
       anon_world_readable_only=NO
       
       
write_enable=YES
       
       
anon_upload_enable=YES
       
       
anon_mkdir_write_enable=YES
       
       
local_root=/home/vsftpd/user1
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.

All permissions ： Can upload 、 download 、 Delete and rename

      
      
       
       write_enable=YES
       
       
anon_world_readable_only=NO
       
       
anon_upload_enable=YES
       
       
anon_mkdir_write_enable=YES
       
       
anon_other_write_enable=YES
       
       
local_root=/home/vsftpd/user1
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.

11、 restart vsftpd service

      
      
       
       systemctl restart vsftpd
       
       
systemctl enable vsftpd
      
      
      
      
       
       1.
       
       2.

12. allow vsftp The firewall goes through

      
      
       
       firewall-cmd --add-service=ftp --permanent
       
       
firewall-cmd --add-port=5090-6000/tcp --permanent
       
       
firewall-cmd --reload
      
      
      
      
       
       1.
       
       2.
       
       3.

Efficient ！ Build with virtual users FTP The work environment _linux_02