1. Install vsftpd
#install vsftpd yum install - y vsftpd #set startup systemctl enable vsftpd.service # restart service vsftpd restart # View the status of the vsftpd service systemctl status vsftpd.service
2. Configure vsftpd.conf
#Backup configuration file cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/ vsftpd.conf.bak #Execute the following commands sed -i "s/anonymous_enable=YES/anonymous_enable=NO/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#anon_upload_enable=YES/anon_upload_enable=NO/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#anon_mkdir_write_enable=YES/anon_mkdir_write_enable=YES/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#chown_uploads=YES/chown_uploads=NO/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#async_abor_enable=YES/async_abor_enable=YES/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#ascii_upload_enable=YES/ascii_upload_enable=YES/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#ascii_download_enable=YES/ascii_download_enable=YES/g" '/etc/vsftpd/vsftpd.conf' sed -i "s/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to FTP service./g" '/etc/vsftpd/vsftpd.conf' #Add the following to the end of vsftpd.conf use_localtime=YES listen_port=21 chroot_local_user=YES idle_session_timeout=300 guest_enable=YES guest_username=vsftpd user_config_dir=/etc/vsftpd/vconf data_connection_timeout=1 virtual_use_local_privs=YES pasv_min_port=10060 pasv_max_port=10090 accept_timeout=5 connect_timeout=1
3. Create a user file
#The first line of user name, the second line of password, cannot use root as the user name vi /etc/vsftpd/ virtusers chris 123456 chang 123456
4. Generate User Data File
db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db #Set the PAM authentication file and specify to read the virtual user database file chmod 600 /etc/vsftpd/virtusers.db
5. Modify the /etc/pam.d/vsftpd file
# Backup before modifying cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak # Comment out all configuration lines for auth and account vi /etc/pam.d/ vsftpd auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers # 如果系统为32位,上面改为lib
6. 新建系统用户vsftpd,用户目录为/home/vsftpd
#用户登录终端设为/bin/false(即:使之不能登录系统) useradd vsftpd -d /home/vsftpd -s /bin/false chown -R vsftpd:vsftpd /home/vsftpd
7.建立虚拟用户个人配置文件
mkdir /etc/vsftpd/vconf cd /etc/vsftpd/vconf #这里建立两个虚拟用户配合文件 touch chris chang #建立用户根目录 mkdir -p /home/vsftpd/chris/ #编辑chris用户配置文件,内容如下,其他用户类似 vi chris local_root=/home/vsftpd/chris/ write_enable=YES anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
8. Firewall Settings
vi /etc/sysconfig/iptables #Edit the iptables file, add the following, open port 21 -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
9. Restart vsftpd server
service vsftpd restart