Centos6搭建vsftpd
CentOS 6.5下安裝Vsftp,虛擬用戶
一.安裝:
1.安裝Vsftpd服務相關部件:
[root@localhost ~]# yum install vsftpd*
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
base | 3.7 kB 00:00
base/primary_db | 4.6 MB 00:08
extras | 3.4 kB 00:00
extras/primary_db | 37 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 5.2 MB 00:09
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-14.el6_7.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Siz
==============================================================================
Installing:
vsftpd x86_64 2.2.2-14.el6_7.1 updates 152
Transaction Summary
==============================================================================
Install 1 Package(s)
Total download size: 152 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-14.el6_7.1.x86_64.rpm | 152 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-14.el6_7.1.x86_64 1/
Verifying : vsftpd-2.2.2-14.el6_7.1.x86_64 1/
Installed:
vsftpd.x86_64 0:2.2.2-14.el6_7.1
2.確認安裝PAM服務相關部件:
[root@localhost ~]# yum install pam*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Package pam_krb5-2.3.11-9.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package pam.x86_64 0:1.1.1-17.el6 will be updated
---> Package pam.x86_64 0:1.1.1-20.el6_7.1 will be an update
---> Package pam-devel.x86_64 0:1.1.1-20.el6_7.1 will be installed
---> Package pam_ldap.x86_64 0:185-11.el6 will be installed
---> Package pam_passwdqc.x86_64 0:1.0.5-6.el6 will be updated
---> Package pam_passwdqc.x86_64 0:1.0.5-8.el6 will be an update
---> Package pam_pkcs11.x86_64 0:0.6.2-14.el6 will be installed
--> Processing Dependency: libpcsclite.so.1()(64bit) for package: pam_pkcs11-0.6.2-14.el6.x86_64
---> Package pam_ssh_agent_auth.x86_64 0:0.9.3-114.el6_7 will be installed
--> Running transaction check
---> Package pcsc-lite-libs.x86_64 0:1.5.2-15.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
3.安裝DB4部件包:
這裏要特別安裝一個db4的包,用來支持文件數據庫。
[root@localhost ~]# yum install db4*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package db4.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-cxx.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-devel.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-devel-static.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-java.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-tcl.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-utils.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-utils.x86_64 0:4.7.25-20.el6_7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
db4-devel-static x86_64 4.7.25-20.el6_7 updates 2.5 M
db4-java x86_64 4.7.25-20.el6_7 updates 1.7 M
db4-tcl x86_64 4.7.25-20.el6_7 updates 620 k
Updating:
db4 x86_64 4.7.25-20.el6_7 updates 563 k
db4-cxx x86_64 4.7.25-20.el6_7 updates 588 k
db4-devel x86_64 4.7.25-20.el6_7 updates 6.6 M
db4-utils x86_64 4.7.25-20.el6_7 updates 130 k
二:基於虛擬用戶的配置
所謂虛擬用戶就是沒有使用真實的帳戶,只是通過映射到真實帳戶和設置權限的目的。虛擬用戶不能登錄CentOS系統。
修改配置文件
打開/etc/vsftpd/vsftpd.conf,做如下配置
root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
修改:
anonymous_enable=NO //設定不允許匿名訪問
local_enable=YES //設定本地用戶可以訪問。註:如使用虛擬宿主用戶,在該項目設定為NO的情況下所有虛擬用戶將無法訪問
chroot_list_enable=YES //使用戶不能離開主目錄
ascii_upload_enable=YES
ascii_download_enable=YES //設定支持ASCII模式的上傳和下載功能
pam_service_name=vsftpd //PAM認證文件名。PAM將根據/etc/pam.d/vsftpd進行認證
添加:
guest_enable=YES //設定啟用虛擬用戶功能
guest_username=ftp //指定虛擬用戶的宿主用戶,CentOS中已經有內置的ftp用戶了
user_config_dir=/etc/vsftpd/vuser_conf //設定虛擬用戶個人vsftp的CentOS FTP服務文件存放路徑。存放虛擬用戶個性的CentOS FTP服務文件(配置文件名=虛擬用戶名
創建文件:
[root@localhost ~]# touch /etc/vsftpd/chroot_list
然後,創建用戶密碼文本/etc/vsftpd/vuser_passwd.txt ,註意奇行是用戶名,偶行是密碼
[root@localhost ~]# vi /etc/vsftpd/vuser_passwd.txt
test
123456
接著,生成虛擬用戶認證的db文件
[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db
隨後,編輯認證文件/etc/pam.d/vsftpd,全部刪掉掉原來語句,再增加以下兩句:
[root@localhost ~]# vi /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
最後,創建虛擬用戶配置文件
[root@localhost ~]# mkdir /etc/vsftpd/vuser_conf/
[root@localhost ~]# vi /etc/vsftpd/vuser_conf/test
local_root=/ftp/test //虛擬用戶根目錄,根據實際情況修改
write_enable=YES //可寫
anon_umask=022 //掩碼
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
設置FTP根目錄權限
[root@localhost ~]# mkdir -p /ftp/test/
[root@localhost ~]# chmod -R 777 /ftp/
[root@localhost ~]# service vsftpd start
為 vsftpd 啟動 vsftpd: [確定]
如果配置都正確的話,還是不行,可以嘗試重啟一下機器
[root@localhost ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
pasv_enable=YES //開啟PASV模式
pasv_min_port=40000 //最小端口號
pasv_max_port=40080 //最大端口號
pasv_promiscuous=YES
[root@localhost ~]# vi /etc/sysconfig/iptables
-A INPUT -p tcp --dport 40000:40080 -j ACCEPT
[root@localhost ~]# service iptables restart
註意:如果有新添加的用戶必須執行這條命令:
db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db
Centos6搭建vsftpd