1. 安装:

1、安装Vsftpd

[root@localhost ~]# yum -y install vsftpd*

Loaded plugins: fastestmirror, product-id, subscription-manager

Updating certificate-based repositories.

Unable to read consumer identity

Determining fastest mirrors

base | 3.7 kB 00:00

extras | 3.5 kB 00:00

updates | 3.5 kB 00:00

http://mirrors.163.com/centos/6/updates/x86_64/repodata/41734c6392fbfa51abb5fb73887b5167c0780eeb485b236bc0eccfd1fc3d6245-primary.sqlite.bz2: [Errno 12] Timeout on http://mirrors.163.com/centos/6/updates/x86_64/repodata/41734c6392fbfa51abb5fb73887b5167c0780eeb485b236bc0eccfd1fc3d6245-primary.sqlite.bz2: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')

Trying other mirror.

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package vsftpd.x86_64 0:2.2.2-11.el6 will be installed

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

vsftpd x86_64 2.2.2-11.el6 base 151 k

 

Transaction Summary

================================================================================

Install 1 Package(s)

 

Total download size: 151 k

Installed size: 331 k

Downloading Packages:

vsftpd-2.2.2-11.el6.x86_64.rpm | 151 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : vsftpd-2.2.2-11.el6.x86_64 1/1

Installed products updated.

Verifying : vsftpd-2.2.2-11.el6.x86_64 1/1

 

Installed:

vsftpd.x86_64 0:2.2.2-11.el6

 

Complete!

2、安装PAM 服务

[root@localhost ~]# yum -y install pam*

Loaded plugins: fastestmirror, product-id, subscription-manager

Updating certificate-based repositories.

Unable to read consumer identity

Loading mirror speeds from cached hostfile

Setting up Install Process

Package pam-1.1.1-10.el6_2.1.x86_64 already installed and latest version

Package pam-devel-1.1.1-10.el6_2.1.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package pam_krb5.x86_64 0:2.3.11-9.el6 will be installed

---> Package pam_ldap.x86_64 0:185-11.el6 will be installed

---> Package pam_passwdqc.x86_64 0:1.0.5-6.el6 will be installed

---> Package pam_pkcs11.x86_64 0:0.6.2-12.1.el6 will be installed

--> Processing Dependency: libpcsclite.so.1()(64bit) for package: pam_pkcs11-0.6.2-12.1.el6.x86_64

---> Package pam_ssh_agent_auth.x86_64 0:0.9-81.el6_3 will be installed

--> Running transaction check

---> Package pcsc-lite-libs.x86_64 0:1.5.2-8.el6_3 will be installed

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

pam_krb5 x86_64 2.3.11-9.el6 base 134 k

pam_ldap x86_64 185-11.el6 base 88 k

pam_passwdqc x86_64 1.0.5-6.el6 base 35 k

pam_pkcs11 x86_64 0.6.2-12.1.el6 base 192 k

pam_ssh_agent_auth x86_64 0.9-81.el6_3 updates 106 k

Installing for dependencies:

pcsc-lite-libs x86_64 1.5.2-8.el6_3 updates 27 k

 

Transaction Summary

================================================================================

Install 6 Package(s)

 

Total download size: 581 k

Installed size: 1.8 M

Downloading Packages:

(1/6): pam_krb5-2.3.11-9.el6.x86_64.rpm | 134 kB 00:00

(2/6): pam_ldap-185-11.el6.x86_64.rpm | 88 kB 00:00

(3/6): pam_passwdqc-1.0.5-6.el6.x86_64.rpm | 35 kB 00:00

(4/6): pam_pkcs11-0.6.2-12.1.el6.x86_64.rpm | 192 kB 00:00

(5/6): pam_ssh_agent_auth-0.9-81.el6_3.x86_64.rpm | 106 kB 00:00

(6/6): pcsc-lite-libs-1.5.2-8.el6_3.x86_64.rpm | 27 kB 00:00

--------------------------------------------------------------------------------

Total 1.1 MB/s | 581 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : pcsc-lite-libs-1.5.2-8.el6_3.x86_64 1/6

Installing : pam_pkcs11-0.6.2-12.1.el6.x86_64 2/6

Installing : pam_krb5-2.3.11-9.el6.x86_64 3/6

Installing : pam_passwdqc-1.0.5-6.el6.x86_64 4/6

Installing : pam_ldap-185-11.el6.x86_64 5/6

Installing : pam_ssh_agent_auth-0.9-81.el6_3.x86_64 6/6

Installed products updated.

Verifying : pam_ssh_agent_auth-0.9-81.el6_3.x86_64 1/6

Verifying : pcsc-lite-libs-1.5.2-8.el6_3.x86_64 2/6

Verifying : pam_ldap-185-11.el6.x86_64 3/6

Verifying : pam_passwdqc-1.0.5-6.el6.x86_64 4/6

Verifying : pam_krb5-2.3.11-9.el6.x86_64 5/6

Verifying : pam_pkcs11-0.6.2-12.1.el6.x86_64 6/6

 

Installed:

pam_krb5.x86_64 0:2.3.11-9.el6 pam_ldap.x86_64 0:185-11.el6

pam_passwdqc.x86_64 0:1.0.5-6.el6 pam_pkcs11.x86_64 0:0.6.2-12.1.el6

pam_ssh_agent_auth.x86_64 0:0.9-81.el6_3

 

Dependency Installed:

pcsc-lite-libs.x86_64 0:1.5.2-8.el6_3

 

Complete!

3、安装 Db4 部件包:

[root@localhost ~]# yum -y install db4*

  1. 账户

  1. 建立 vsftpd 服务的宿主用户vsftpd (注:账户可以任意取)

[root@localhost ~]# useradd -s /sbin/nologin vsftpd

默认的Vsftpd 的服务宿主用户是root,为了安全隐患,这里我们采用 root用户

  1. 建立 vsftpd 虚拟宿主用户

[root@localhost ~]# useradd -s /sbin/nologin hasee

  1. 配置 /etc/vsftpd/vsftpd.conf 主要配置文件

  1. 先备份一下默认配置文件

[root@localhost ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak

  1. 配置 /etc/vsftpd/vsftp.conf 主要文件

[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf

  1. 修改第12行,设定不允许匿名访问

anonymous_enable=YES 修改为 anonymous_enable=NO

  1. 修改第27行,禁止匿名用户上传

#anon_upload_enable=YES 修改为 anon_upload_enable=NO

  1. 修改第31, 禁止匿名用户建立目录

#anon_mkdir_write_enable=YES 修改为 anon_mkdir_write_enable=NO

  1. 修改第47行,设定禁止上传文件更改宿主

#chown_uploads=YES 修改为 chown_uploads=NO

  1. 修改第52行,设定Vsftpd的服务日志保存路径。

注:该文件默认不存在。必须要手动touch出来,并且由于这里更改了vsftpd的服务宿主用户为手动建立的vsftpd。必须注意给与该用户对日志的写入权限,否则服务将启动失败。

#xferlog_file=/var/log/xferlog 修改为 xferlog_file=/var/log/vsftpd.log

  1. 修改第66行,设定支撑Vsftpd服务的宿主用户为手动建立的vsftpd用户。

注:一旦做出更改宿主用户后,必须注意一起与该服务相关的读写文件的读写赋权问题。比如日志文件就必须给与该用户写入权限等。

#nopriv_user=ftpsecure 修改为 nopriv_user=vsftpd

  1. 修改第71行,设定支持异步传输功能。

#async_abor_enable=YES 修改为 async_abor_enable=YES

  1. 修改第8182行,设定支持ASCII模式的上传和下载功能。

ascii_upload_enable=YES

ascii_download_enable=YES

  1. 修改第85行,设定Vsftpd的登陆标语。将#去掉如下:

ftpd_banner=Welcome to blah FTP service.

  1. 修改第97行,禁止用户登出自己的FTP主目录。

#chroot_list_enable=YES 修改为 chroot_list_enable=NO

  1. 修改第105行,禁止用户登陆FTP后使用"ls -R"的命令。该命令会对服务器性能造成巨大开销。如果该项被允许,那么挡多用户同时使用该命令时将会对该服务器造成威胁。

#ls_recurse_enable=YES 修改为 ls_recurse_enable=NO

  1. 在末尾添加如下

guest_enable=YES //设定启用虚拟用户功能

guest_username=hasee //指定虚拟用户的宿主用户

virtual_use_local_privs=YES //设定虚拟用户的权限符合他们的宿主用户

user_config_dir=/etc/vsftpd/vconf //设定虚拟用户个人Vsftp的配置文件存放路径。也就是说,这个被指定的目录里,将存放每个Vsftp虚拟用户个性的配置文件,一个需要注意的地方就是这些配置文件名必须和虚拟用户名相同。

  1. 建立Vsftpd的日志文件,并更该属主为Vsftpd的服务宿主用户

[root@localhost ~]# touch /var/log/vsftpd.log

[root@localhost ~]# chown vsftpd. /var/log/vsftpd.log

[root@localhost ~]# mkdir /etc/vsftpd/vconf

  1. 制作虚拟用户数据库文件

  1. 先确定虚拟用户存放路径,这里我们放置在/etc/vsftpd/users/

[root@localhost ~]# mkdir /etc/vsftpd/users

[root@localhost ~]# touch /etc/vsftpd/users/virtualusers

  1. 编辑虚拟用户名单文件:

[root@localhost ~]# vim /etc/vsftpd/users/virtualusers

---------------------------------------------------------------------------

user01

archemrind

user02

archermind

user03

hasee

user04

archermind000

-------------------------------------------------------------------------------------------------

编辑这个虚拟用户名单文件,在其中加入用户的用户名和口令信息。格式很简单:“一行用户名,一行口令”。

  1. 生成虚拟用户数据文件

[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/users/virtualusers /etc/vsftpd/users/virtualusers.db

  1. 设定PAM验证文件,并指定虚拟用户数据库文件进行读取

  1. 备份一下 vsftpd PAM验证文件

[root@localhost ~]# cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak

  1. 编辑 vsftp PAM 验证配置文件

[root@localhost ~]# vim /etc/pam.d/vsftpd

#%PAM-1.0

auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/users/virtualusers

account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/users/virtualusers

 

 

  1. 虚拟用户的配置

  1. 设置虚拟用户数据存放的主路径:

[root@localhost ~]# mkdir /home/share

  1. 建立测试用户的FTP用户目录

[root@localhost~]#mkdir /home/share/user01 /home/share/user02 /home/share/user03 /home/share/user04

[root@localhost share]# chown -R hasee. /home/share/

  1. 定制虚拟用户配置文件模版

[root@localhost vconf]# vim /etc/vsftpd/vconf/userclone.tmp

local_root=/home/share/

anonymous_enable=NO

write_enable=YES

local_umask=022

anon_upload_enable=NO

anon_mkdir_write_enable=NO

idle_session_timeout=300

data_connection_timeout=90

max_clients=10

max_per_ip=110

local_max_rate=525000

______________________________________________________

  1. 复制用户模版给用户

[root@localhost vconf]# ls

userclone.tmp

[root@localhost vconf]# cp userclone.tmp user01

[root@localhost vconf]# cp userclone.tmp user02

[root@localhost vconf]# cp userclone.tmp user03

[root@localhost vconf]# cp userclone.tmp user04

[root@localhost vconf]#

  1. 编辑用户模版对应参数

[root@localhost vconf]# vim user01

local_root=/home/share/user01

anonymous_enable=NO

write_enable=YES

local_umask=022

anon_upload_enable=NO

anon_mkdir_write_enable=NO

idle_session_timeout=300

data_connection_timeout=90

max_clients=10

max_per_ip=110

local_max_rate=525000

对应其他用户修改一下就可以了

  1. 启动服务器

[root@localhost ~]# service vsftpd start

Starting vsftpd for vsftpd: [ OK ]

[root@localhost ~]#