Characteristics of virtual users:
1. They can only access the FTP service provided by the server, but cannot access other resources of the system. Therefore, if you want users to have write access to the FTP server site, but are not allowed to access other system resources, you can use virtual users to improve the security of the system.
2. Multiple virtual users can be established, their own passwords can be set, and corresponding configurations can be set according to their purposes, which can adapt to many situations.
Principle of virtual users:
Taking local system users as the host (usually local users who cannot log in to the system), and then establishing a mapping relationship between virtual users and local system users to realize virtual users Log in to the FTP service function.
Use yum to install vsftpdyum -y install vsftpd
Configure the vsftpd service accessed by virtual users
Create virtual users Password file, the odd number is the user name, the even number is the password
vim /etc/vsftpd/vir_user
Generate virtual user database
[[emailprotected] ~]#yum -y install libdb-utils
[[email protected] ~]#db_load -T -t hash -f /etc/vsftpd/vir_user/etc/vsftpd/vir_user.db
[[email protected] ~]#chmod 700 /etc/vsftpd/vir_user.db
Configure the vsftpd pam verification file:
Comment out all the configuration lines of auth and account, and add the following two lines
[[emailprotected] ~]#vim /etc/pam.d/vsftpd
auth required pam_userdb.so db=/etc/vsftpd/vir_user
account required pam_userdb.so db=/etc/vsftpd/vir_user
Add a system User’virftp’, all virtual users will be mapped to this user to read and write the file system:
mkdir /ftproot
useradd -d /ftproot -s /sbin/nologin virftp
chown -R virftp :virftp /ftproot
Set the main configuration file of vsftpd
[[emailprotected]~]#vim /etc/vsftpd/vsftpd.conf
Create and configure the respective configuration files of virtual users, the file name is’virtual user name’
[[emailprotected] ~]#vim /etc/vsftpd/vsftpd_viruser /test1
Create the root directory of the virtual user, and ensure that the system user mapped by the virtual user has read and write permissions to this root directory
[[emailprotected] ~]#mkdir -p /ftproot/admin/
[[email Protected] ~]#chown -R virftp.virftp /ftproot/admin/
Restart the service
systemctl restart vsftpd
Set the boot auto-start
systemctl enable vsftpd
Turn off the firewall
systemctl stop firewalld
setenforce 0
Use filezilla software to test
It’s successful here