CentOS vsftpd 服务器安装配置
vsftpd 服务器安装配置
一、前提:
安装vsftpd服务器
yum -y install vsftpd
启动vsftpd服务器
service vsftpd start
关掉selinux防火墙(/etc/selinux/config 更改“SELINUX=disabled”)
关掉iptables防火墙否则开启相关端口(20、21)
二、匿名用户登录(vsftpd.conf)
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES
三、实体用户登录(vsftpd.conf)
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_deny=YES
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES
-------------
useradd aaa -s /sbin/nologin
passwd aaa
useradd bbb -s /sbin/nologin
passwd bbb
-------------
echo "aaa" >> /etc/vsftpd/chroot_list
echo "bbb" >> /etc/vsftpd/chroot_list
四、虚拟用户登录(db_load)
useradd -s /sbin/nologin virtual
echo "uuu" >> /etc/vsftpd/loguser.txt
echo "uuu" >> /etc/vsftpd/loguser.txt
echo "sss" >> /etc/vsftpd/loguser.txt
echo "sss" >> /etc/vsftpd/loguser.txt
cd /etc/vsftpd/
mkdir conf
db_load -T -t hash -f loguser.txt vsftpd_login.db
修改/etc/pam.d/vsftpd(注:清空其它内容):
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
注:64位的操作系统lib后面要加上“64”即/lib64/security/pam……
修改/etc/vsftpd/vsftpd.conf添加下面的选项
anonymous_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
user_config_dir=/etc/vsftpd/conf
guest_enable=yes
anon_umask=022
guest_username=virtual
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
#pasv_enable=YES
#pasv_min_port=4000
#pasv_max_port=5000
注:如果需要开启被动模式,防火墙应开启相应端口;
在/etc/vsftpd目录下创建chroot_list文件并增加以下用户:
echo "uuu" >> /etc/vsftpd/chroot_list
echo "sss" >> /etc/vsftpd/chroot_list
在conf里创建刚才用户名的配置文件 配置文件名要与用户名一样:
mkdir -p /var/ftp/uuu
chown virtual.virtual /var/ftp/uuu
mkdir -p /var/ftp/sss
chown virtual.virtual /var/ftp/sss
cd /etc/vsftpd/conf
touch uuu sss
echo "local_root=/var/ftp/uuu" >> uuu
echo "write_enable=yes" >> uuu
echo "download_enable=yes" >> uuu
echo "anon_upload_enable=yes" >> uuu
echo "anon_mkdir_write_enable=yes" >> uuu
echo "anon_other_write_enable=yes" >> uuu
echo "anon_world_readable_only=no" >> uuu
echo "local_root=/var/ftp/sss" >> sss
echo "write_enable=yes" >> sss
echo "download_enable=yes" >> sss
echo "anon_upload_enable=yes" >> sss
echo "anon_mkdir_write_enable=no" >> sss
echo "anon_other_write_enable=no" >> sss
echo "anon_world_readable_only=no" >> sss
五、虚拟用户登录(mysql)
在系统中添加vsftpdguest用户,作为VSFTPD的guest:
useradd vsftpdguest
-------------------------------
在/etc/vsftpd.conf文件中,加入以下选项:
guest_enable=YES
guest_username=vsftpdguest
--------------------------------
将虚拟用户保存在MySQL数据库服务器中:
mysql
create database vsftpdvu;
use vsftpdvu;
create table users(name char(16) binary,passwd char(16) binary);
insert into users (name,passwd) values ('xiaotong',password('qqmywife'));
insert into users (name,passwd) values ('xiaowang',password('ttmywife'));
grant select on vsftpdvu.users to vsftpdguest@localhost identified by 'i52serial0';
quit
---------------------------------
安装vsftpd的PAM验证文件 /lib/security/pam_mysql.so
wget http://sourceforge.net/projects/pam-mysql/files/latest/download/pam_mysql-0.7RC1.tar.gz
tar xzvf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure
make
make install
cp /usr/lib/security/pam_mysql.so /lib/security/
---------------------------------
设置vsftpd的PAM验证文件 /etc/pam.d/vsftpd :
auth required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
account required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
----------------------------------
注:(五)参考以下链接操作,未成功。
http://mtoy1.blog.163.com/blog/static/316888020121011105318501/