CentOS 6.5下安装Vsftp,虚拟用户
一.安装:
1.安装Vsftpd服务相关部件:
[root@localhost ~]# yum install vsftpd*
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
base | 3.7 kB 00:00
base/primary_db | 4.6 MB 00:08
extras | 3.4 kB 00:00
extras/primary_db | 37 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 5.2 MB 00:09
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-14.el6_7.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Siz
==============================================================================
Installing:
vsftpd x86_64 2.2.2-14.el6_7.1 updates 152
Transaction Summary
==============================================================================
Install 1 Package(s)
Total download size: 152 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-14.el6_7.1.x86_64.rpm | 152 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-14.el6_7.1.x86_64 1/
Verifying : vsftpd-2.2.2-14.el6_7.1.x86_64 1/
Installed:
vsftpd.x86_64 0:2.2.2-14.el6_7.1
2.确认安装PAM服务相关部件:
[root@localhost ~]# yum install pam*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Package pam_krb5-2.3.11-9.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package pam.x86_64 0:1.1.1-17.el6 will be updated
---> Package pam.x86_64 0:1.1.1-20.el6_7.1 will be an update
---> Package pam-devel.x86_64 0:1.1.1-20.el6_7.1 will be installed
---> Package pam_ldap.x86_64 0:185-11.el6 will be installed
---> Package pam_passwdqc.x86_64 0:1.0.5-6.el6 will be updated
---> Package pam_passwdqc.x86_64 0:1.0.5-8.el6 will be an update
---> Package pam_pkcs11.x86_64 0:0.6.2-14.el6 will be installed
--> Processing Dependency: libpcsclite.so.1()(64bit) for package: pam_pkcs11-0.6.2-14.el6.x86_64
---> Package pam_ssh_agent_auth.x86_64 0:0.9.3-114.el6_7 will be installed
--> Running transaction check
---> Package pcsc-lite-libs.x86_64 0:1.5.2-15.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
3.安装DB4部件包:
这里要特别安装一个db4的包,用来支持文件数据库。
[root@localhost ~]# yum install db4*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package db4.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-cxx.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-devel.x86_64 0:4.7.25-20.el6_7 will be an update
---> Package db4-devel-static.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-java.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-tcl.x86_64 0:4.7.25-20.el6_7 will be installed
---> Package db4-utils.x86_64 0:4.7.25-18.el6_4 will be updated
---> Package db4-utils.x86_64 0:4.7.25-20.el6_7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
db4-devel-static x86_64 4.7.25-20.el6_7 updates 2.5 M
db4-java x86_64 4.7.25-20.el6_7 updates 1.7 M
db4-tcl x86_64 4.7.25-20.el6_7 updates 620 k
Updating:
db4 x86_64 4.7.25-20.el6_7 updates 563 k
db4-cxx x86_64 4.7.25-20.el6_7 updates 588 k
db4-devel x86_64 4.7.25-20.el6_7 updates 6.6 M
db4-utils x86_64 4.7.25-20.el6_7 updates 130 k
二:基于虚拟用户的配置
所谓虚拟用户就是没有使用真实的帐户,只是通过映射到真实帐户和设置权限的目的。虚拟用户不能登录CentOS系统。
修改配置文件
打开/etc/vsftpd/vsftpd.conf,做如下配置
root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
修改:
anonymous_enable=NO //设定不允许匿名访问
local_enable=YES //设定本地用户可以访问。注:如使用虚拟宿主用户,在该项目设定为NO的情况下所有虚拟用户将无法访问
chroot_list_enable=YES //使用户不能离开主目录
ascii_upload_enable=YES
ascii_download_enable=YES //设定支持ASCII模式的上传和下载功能
pam_service_name=vsftpd //PAM认证文件名。PAM将根据/etc/pam.d/vsftpd进行认证
添加:
guest_enable=YES //设定启用虚拟用户功能
guest_username=ftp //指定虚拟用户的宿主用户,CentOS中已经有内置的ftp用户了
user_config_dir=/etc/vsftpd/vuser_conf //设定虚拟用户个人vsftp的CentOS FTP服务文件存放路径。存放虚拟用户个性的CentOS FTP服务文件(配置文件名=虚拟用户名
创建文件:
[root@localhost ~]# touch /etc/vsftpd/chroot_list
然后,创建用户密码文本/etc/vsftpd/vuser_passwd.txt ,注意奇行是用户名,偶行是密码
[root@localhost ~]# vi /etc/vsftpd/vuser_passwd.txt
test
123456
接着,生成虚拟用户认证的db文件
[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db
随后,编辑认证文件/etc/pam.d/vsftpd,全部删掉掉原来语句,再增加以下两句:
[root@localhost ~]# vi /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_passwd
最后,创建虚拟用户配置文件
[root@localhost ~]# mkdir /etc/vsftpd/vuser_conf/
[root@localhost ~]# vi /etc/vsftpd/vuser_conf/test
local_root=/ftp/test //虚拟用户根目录,根据实际情况修改
write_enable=YES //可写
anon_umask=022 //掩码
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
设置FTP根目录权限
[root@localhost ~]# mkdir -p /ftp/test/
[root@localhost ~]# chmod -R 777 /ftp/
[root@localhost ~]# service vsftpd start
为 vsftpd 启动 vsftpd: [确定]
如果配置都正确的话,还是不行,可以尝试重启一下机器
[root@localhost ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
pasv_enable=YES //开启PASV模式
pasv_min_port=40000 //最小端口号
pasv_max_port=40080 //最大端口号
pasv_promiscuous=YES
[root@localhost ~]# vi /etc/sysconfig/iptables
-A INPUT -p tcp --dport 40000:40080 -j ACCEPT
[root@localhost ~]# service iptables restart
注意:如果有新添加的用户必须执行这条命令:
db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db