vsftpd服务器配置

环境:CentOS_6.8_x86_64

要求:仅允许虚拟用户登录vsftpd服务器,并且有增删查改的权限,禁止系统本地用户登录、禁止匿名用户登录

第一步、yum安装vsftpd

# yum -y install vsftpd

# yum -y install db4-utils

第二步、建立虚拟用户

#vim /etc/vsftpd/login.txt

user1

password1

user2

password2

user3

password3

格式为第一行为用户名,第二行为密码,然后类推

第三步、建立db数据库,同时只有root用户才能读写

# db_load -T -t hash -f /etc/vsftpd/login.txt /etc/vsftpd/vsftpd_login.db

# chmod 777 /etc/vsftpd/vsftpd_login.db

配置pam文件

# vim /etc/pam.d/vsftpd?(64位系统)

将原来内容注释掉:

# session    optional     pam_keyinit.so    force revoke

# auth       required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

# auth       required pam_shells.so

# auth       include password-auth

# account    include password-auth

# session    required     pam_loginuid.so

# session    include password-auth

auth       required    /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

account    required    /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

# vim /etc/pam.d/vsftpd (32位系统)

将原来内容注释掉:

#session    optional     pam_keyinit.so    force revoke

#auth       required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

#auth       required pam_shells.so

#auth       include password-auth

#account    include password-auth

#session    required     pam_loginuid.so

#session    include password-auth

auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

第四步、建立虚拟用户对应的系统真实用户

useradd –d /home/www –s /sbin/nologin vm

chmod 700 /home/www

chown -R vm:vm /home/www

第五步、修改配置文件

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak

# vim vsftpd.conf

(具体配置文件讲解此处省略,最终修改的配置文件如下):

# Example config file /etc/vsftpd/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd‘s

# capabilities.

#

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=NO

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd‘s)

local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

#dirmessage_enable=YES

#

# The target log file can be vsftpd_log_file or xferlog_file.

# This depends on setting xferlog_std_format parameter

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# The name of log file when xferlog_enable=YES and xferlog_std_format=YES

# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log

xferlog_file=/var/log/xferlog

#

# Switches between logging into vsftpd_log_file and xferlog_file files.

# NO writes to vsftpd_log_file, YES to xferlog_file

xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

data_connection_timeout=300

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

ascii_upload_enable=YES

ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=NO

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

chroot_local_user=NO

chroot_list_enable=YES

# (default follows)

chroot_list_file=/etc/vsftpd/chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

#

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

listen=YES

listen_port=10021

#

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd with two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

guest_enable=YES

guest_username=vm

anon_world_readable_only=NO

anon_other_write_enable=YES

pasv_min_port=10051

pasv_max_port=10060

[[email protected] vsftpd]#

第六步、防火墙配置

# iptables -A INPUT -p tcp -m tcp --dport 10021 -j ACCEPT

# iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT

# iptables -A INPUT -p tcp -m tcp --dport 10051:10060 -j ACCEPT

# service iptables save

# service iptables restart

第七步、重启vsftpd服务,客户端用虚拟用户登录验证

# service vsftpd start

时间: 2024-09-29 21:00:21

vsftpd服务器配置的相关文章

vsftpd服务器配置虚拟用户

添加宿主用户 新建系统用户vsftpd,用户目录为/home/wwwroot, 用户登录终端设为/bin/false(即使之不能登录系统) useradd vsftpd -d /home/wwwroot -s /bin/false 所配置的虚拟用户其实都是映射成配置的宿主用户. 建立虚拟用户名单文件 touch /etc/vsftpd/virtusers 编辑虚拟用户名单文件: 第一行账号,第二行密码,注意:不能使用root做用户名,系统保留 vi /etc/vsftpd/virtusers 生

2-6-RHEL6.5搭建vsftpd服务器案例分析与总结(Red Hat Enterprise Linux Server6.3)@树袋飘零

本节内容介绍: 一.FTP简介 二.vsftpd服务器的安装 三.vsftpd服务器配置 四.vsftpd案例分析 五.vsftpd虚拟主机 六.虚拟账户 FTP简介 FTP(File Transfer Protocol)是Internet上提供文件传输的协议,,它采用c/s结构的工作模式.FTP的初衷就是为了解决存在于复杂的计算机环境中的操作系统多样化的问题,FTP为所有的使用此服务的主机建立了统一的机制协议,这样尽管大家都个性十足,但是都遵守FTP协议,文件的沟通传输也就能顺利畅通了.FTP

Vsftpd基于MySQL实现用户认证

ftp简介: ftp:File Transfer Protocol,文件传输协议:FTP是应用层协议,使用C/S架构,工作于20/tcp,21/tcp. FTP使用交互式访问模式,两个并行TCP连接,一个控制连接,一个数据连接,控制连接用于在客户机和服务器之间发送控制信息,比如用户和密码,改变远程目录和命令,上传下载文件等,数据连接用于真正发送数据.ftp有两种工作模式,主动模式(Active),被动模式(Passive). 数据: 命令连接:文件管理类命令,始终在线的连接 数据连接:数据传输,

Red Hat Linux安装vsftpd

一.安装分区方案: (1)交换分区,两倍内存 (2)/boot分区 (3)/剩余的所有空间语言选择English(英语) 二. 配置IPIP地址.子网掩码: 编辑 /etc/sysconfig/network-script/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static -静态还是动态 BROADCAST=192.168.1.255 IPADDR=192.168.1.35 -IP地址 NETMASK=255.255.255.0 -子网掩码 NETWORK=192.

linux学习记录-----vsftpdf服务安装配置

1.挂载iso镜像到mnt下:mount /dev/cdrom /mnt 2.安装vsftpd服务器,在/mnt/Packages/下有所需要的安装包 rpm -ivh vsftpd-******tab提示即可 3.安装成功后,更改配置文件/etc/vsftpd/vsftpd.conf 1) 备份: mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak 2过滤掉注释内容: grep -v "#"  /etc/vsftpd/vsft

centos6.8服务器配置之vsftpd配置

vsftpd: version 2.2.2一.安装:因对版本要求不高,所以采用yum安装 yum install -y vsftpdckconfig vsftpd on 二.配置: 1.建立ftp用户vuser作为虚拟用户的宿主,不允许ssl登录: adduser vuser -s /sbin/nologin 2.建立虚拟用户列表:在/etc/vsftpd/下创建vuser.txt文件,在里面填写用户名和账号,第一行账号,第二行密码,依次类推. 3.建立虚拟用户口令库,(如果系统提示找不到db_

VSFTP服务器配置之虚拟用户

关于Vsftp服务就不多说了,我们就直接配置了. 目的: 1.为VSFTP服务器配置虚拟用户,所对应的系统用户为ftpuser. 2.虚拟用户如下: 用户名          密码 zhangsan        zhangpass zhaosi          zhaopass aobama          aopass 3.为安全起见,禁锢用户目录. 第一步:安装 yum install vsftpd 第二步:配置 1.创建系统用户 useradd ftpuser -d /FTP -s 

《Linux深度攻略》一书,讲述Linux日常系统管理和服务器配置内容

Linux深度攻略 首先从介绍Linux系统的安装入手,讲述了Linux系统管理和服务器配置两部分的知识.系统管理方面内容有Linux系统简介和安装,Linux字符界面,目录和文件管理,Linux常用命令,Shell编程,用户和组群账户管理,权限.所有者和ACL,归档.压缩和备份,软件包管理,磁盘和文件系统管理,逻辑卷管理,进程和服务管理,任务计划以及Linux系统引导和启动.服务器配置方面内容有Linux网络基本配置,配置OpenSSH.VNC.NFS.DHCP.Samba.DNS.Apach

ubuntu下vsftpd配置

1. 本人配置的ftp服务器的设计要求如下:(1).匿名用户可登录浏览,但不能下载(2).设置4个不同等级的用户使用此ftp服务器(虚拟用户),分别如下用户名:nan306   路径/home/vsftpd         管理用户,可对ftp服务器的所有文件进行任何操作用户名:down     路径/home/vsftpd/down    下载用户,只可下载此目录下的文件用户名:upload   路径/home/vstfpd/upload  上传用户,在此目录下可上传下载删除等操作用户名:ws