vsftpd virtual user

I. Turn off SElinux

setenforce 0

Installation of vsftpd service

2.1 Install vsftpd with yum

yum -y install vsftpd

2.2 Backup vsftpd master configuration file

cp /etc/vsftpd/vsftpd.conf{,.bak}

Configuring vsftpd services accessed by virtual users:

3.1 Create Virtual User Password File

vim /etc/vsftpd/vir_user

3.2 Generating Virtual User Database

yum -y install libdb-utils
db_load -T -t hash -f /etc/vsftpd/vir_user  /etc/vsftpd/vir_user.db
chmod 700 /etc/vsftpd/vir_user.db

3.3 Configure vsftpd pam validation file:

Back up files before modification

cp /etc/pam.d/vsftpd{,.bak}

Comment out all configuration lines for auth and account, and add the following two lines

vim /etc/pam.d/vsftpd
auth                 required     pam_userdb.so   db=/etc/vsftpd/vir_user 
account              required     pam_userdb.so   db=/etc/vsftpd/vir_user

3.4 Adding a system user `virftp', all virtual users will be mapped to this user and then read and write to the file system:

mkdir /ftproot
useradd -d /ftproot -s /sbin/nologin virftp
chown -R virftp:virftp /ftproot

3.5 Set the main configuration file of vsftpd:

vim /etc/vsftpd/vsftpd.conf
#Prohibit anonymous user login
anonymous_enable=NO
#Allow local users to log in
local_enable=YES
#Enabling Virtual Accounts 
guest_enable=YES
#Mapping virtual accounts to system accounts virftp               
guest_username=virftp
#Using Virtual User Authentication (PAM Authentication)
pam_service_name=vsftpd
#Set up the directory where the virtual user profiles are stored (where the files with the same virtual user name are his profiles)
user_config_dir=/etc/vsftpd/vsftpd_viruser
#When chroot is enabled, virtual user root directories are allowed to be written
allow_writeable_chroot=YES

3.6 Configure the respective configuration files of virtual users:

Create a storage directory for Virtual User Profiles

mkdir /etc/vsftpd/vsftpd_viruser/

Create and configure the respective configuration files for virtual users.

The file name is'virtual username'

vim /etc/vsftpd/vsftpd_viruser/ftp
# Allow writing
write_enable=YES
#Allow browsing FTP directories and downloading
anon_world_readable_only=NO
# Allow virtual users to upload files
anon_upload_enable=YES
# Allow virtual users to create directories
anon_mkdir_write_enable=YES
# Allow virtual users to perform other operations (such as renaming, deleting)
anon_other_write_enable=YES
# Mask for uploading files, such as 022, the upload directory permission is 755, and the file permission is 644.
anon_umask=022
# Specify the virtual directory of the virtual user (the home directory of the virtual user after login)
local_root=/ftproot/admin/

Close the root user or other user login rights

vim /etc/vsftpd/ftpusers

Create a virtual user's root directory to ensure that the system users mapped by the virtual user have read and write access to the root directory

mkdir -p /ftproot/admin/
chown -R virftp.virftp /ftproot/admin/

IV. Test configuration results:

4.1 Start vsftpd service

systemctl restart vsftpd
//or
systemctl restart vsftpd

Close the firewall

systemctl stop firewalld

Connecting Tests with FlashFXP Tool

Tags: Linux vsftpd vim yum ftp

Posted on Tue, 08 Oct 2019 18:07:01 -0700 by brax23