1.vim /etc/selinux/config
The configuration file is SELINUX=disable
2. Turn off the firewall setenforce 0
3.yum -y install vsftpd
4.cp /etc/ vsftpd/vsftpd.conf{,.bak}
Back up the main vsftpd configuration file
5.vim /etc/vsftpd/vir_user
Create a virtual user
For example: yuxin
4343
6 .Generate virtual user database
yum -y install libdb-utils
db_load -T -t hash -f /etc/vsftpd/vir_user /etc/vsftpd/vir_user.db
chmod 700 /etc/vsftpd/ vir_user.db
- Configure the vsftpd pam verification file:
Back up the file before repairing
cp /etc/pam.d/vsftpd{,. bak}
8. Comment out all the configuration lines of auth and account, add the following two lines {comment out all, add # before the string}
vim /etc/pam.d/vsftpd
auth required pam_userdb.so db=/etc/vsftpd/vir_user
account required pam_userdb.so db=/etc/vsftpd/vir_user
9. Add a system user’virftp’, all Virtual users will be mapped to this user to read and write to the file system:
mkdir /ftproot
useradd -d /ftproot -s /sbin/nologin virftp
chown -R virftp:virftp /ftproot
Set the main configuration file of vsftpd:
vim /etc/vsftpd/vsftpd.conf
#Prohibit anonymous user login
anonymous_enable=NO
#Allow local user login
local_enable= YES
#Enable virtual account
guest_enable=YES
#Map virtual account to system account virftp
guest_username=virftp
#Use virtual user authentication (PAM authentication)
pam_service_name=vsftpd
#Set the directory where each virtual user configuration file is stored (the file with the same name as the virtual user in this directory is for him Configuration file)
user_config_dir=/etc/vsftpd/vsftpd_viruser
#When chroot is enabled, the virtual user root directory is allowed to be written
allow_writeable_chroot=YES
[With the same string, change yes or no , Add it without]
- Configure the respective configuration files of virtual users:
Create a storage directory for “virtual user configuration files”
mkdir /etc/vsftpd/ vsftpd_viruser/
11. Create and configure the respective configuration files of virtual users, the file name is’virtual user name’
vim /etc/vsftpd/vsftpd_viruser/user1
[all copy and paste in the past]
# Write allowed
write_enable=YES
#Allow FTP directory browsing and download
anon_world_readable_only=NO
#Allow virtual users to upload files
anon_upload_enable=YES
#Allow virtual users to create directories< br>anon_mkdir_write_enable=YES
#Allow virtual users to perform other operations (such as rename, delete)
anon_other_write_enable=YES
#The mask of the uploaded file, such as 022, the upload directory permission is 755, and the file permission is 644
anon_umask=022
#Specify the virtual directory of the virtual user (the home directory after the virtual user logs in)
local_root=/ftproot/admin/
12. Create the root directory of the virtual user, to ensure The system user mapped by the virtual user has read and write permissions to this root directory
mkdir -p /ftproot/admin/
chown -R virftp.virftp /ftproot/admin/
13. Test configuration results:< br>Restart the vsftpd service
systemctl restart vsftpd
systemctl enable vsftpd
14. Turn off the firewall or open the ’21’ port number
system ctl stop firewalld or firewall-cmd –add-port=21/tcp
15. Use the’FlashFXP’ tool to test the connection [port 21]
First test the connection ftp on the computer: //192.168.xx
After the connection is successful, there will be a file. Test to create a new file. If you cannot create it, do the following steps [The FlashFXP tool also fails to connect at this time] - vim /etc/vsftpd/vsftpd_viruser/yuxin
Change This file, the virtual user file created, contains the content of 11 steps
17.setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on
18. Restart vsftpd
systemctl restart vsftpd
Test tools to connect virtual users
- cd /etc/vsftpd/ls to view the directory, edit vim ftpusers, the user name is inside, all use # comments Restart systemctl restart vsftpd and check if the root user can connect [Ok if you can’t connect]