First, experimental environment
Operating system: CentOS 7
Second, installation
Close SELINUX:
vim /etc/selinux /config
SELINUX=disable
Temporary shutdown:
setenforce 0
Three, install vsftpd service:
1. Use install yum to install vsftp:
yum -y install vsftp
2. Back up the vsftp main configuration file:
cp /etc/vsftpd/vsftpd.conf{ ,.bak}
Four. Configure virtual user to access vsftp service:
1. Create virtual user password file:
user1
password1
user2
password2
2. Generate virtual user database:
yum -y install libdb-utils
db_load -T -t hash -f /etc /vsftpd/vir_user /etc/vsftpd/vir_user.db
chmod 700 /etc/vsftpd/vir_user.db
3. Configuration verification file:
Configure before modification File
cp /etc/pam.d/vsftpd{,.bak}
Comment out all the configuration lines of auth and account, and add the following two lines
< pre>vim /etc/pam.d/vsftpd
auth required pam_userdb.so db=/etc/vsftpd/vir_user
account required pam_userdb.so db=/etc/vsftpd/vir_user< /pre>
4. Add a system user:
mkdir /ftproot
useradd -d /ftproot -s /sbin/nologin virftp
chown -R virftp:vir ftp /ftproot
5. Configure vsftp main configuration file:
vim /etc/vsftpd/vsftpd.conf
#Prohibit anonymous user login
anonymous_enable=NO
#Allow local users to log in
local_enable=YES
#Enable virtual accounts
guest_enable=YES
#Map virtual accounts to system accounts virftp
guest_username=virftp
#Use virtual user authentication (PAM authentication)
pam_service_name=vsftpd
#Set the directory where each virtual user configuration file is stored (this directory is the same as the virtual user name The file is his configuration file)
user_config_dir=/etc/vsftpd/vsftpd_viruser
#When chroot is enabled, the virtual user root directory is allowed to write
allow_writeable_chroot=YES
- Configure the respective configuration files of the virtual users:
Create the storage directory of the’virtual user configuration files’
mkdir /etc/vsftpd/ vsftpd_viruser/
Create and configure the respective configuration files of virtual users, the file name is’virtual username
vim /etc/vsftpd/vsftpd_viruser/user1
#Allow to write
write_enable=YES
#Allow to browse FTP directories and download
anon_world_readable_only=NO
#Allow virtual users to upload files
anon_upload_enable=YES
#Allow virtual users to create directories
anon_mkdir_write_enable=YES
#Allow virtual users to perform other operations (such as rename, delete)
anon_other_write_enable=YES
#Upload file mask, such as 022 When the upload directory permission is 755, the file permission is 644
anon_umask=022
#Specify the virtual directory of the virtual user (after the virtual user logs in Home directory)
local_root=/ftproot/admin/
Create the root directory of the virtual user, and ensure that the system user mapped by the virtual user has read and write permissions to this root directory
mkdir -p /ftproot/admin/
chown -R virftp.virftp /ftproot/admin/
V. Test configuration results:
1. Restart vsftpd Service
systemctl restart vsftpd
systemctl enable vsftpd
2. Turn off the firewall:
setenforce 0
systemctl stop firewalld
3. Use FileZilla tool to connect and test
6. Description of each configuration file:
/etc/vsftpd/vsftpd.conf: the main configuration file of vsftpd
/ etc/vsftpd/vir_user: virtual user account password file
/etc/vsftpd/vsftpd_viruser/user1: virtual user'user1' configuration file
/etc/pam.d/vsftpd: enable virtual user authentication Function configuration file