1. Install vsftpd:
yum install vsftpd
2. Add a virtual user:
useradd virtual_user -s /sbin/nologin
mkdir /ftpboot
chown virtual_user.virtual_user /ftpboot -R
chmod 764 /ftpboot -R
3. Create username and password for virtual user:
cd /etc/vsftpd/
vi virtual_user
the file looks like this:
user1
password1
user2
password2
4. Convert the password file to a db format file:
db_load -T -t hash -f /etc/vsftpd/virtual_user /etc/vsftpd/virtual_user.db
5. Config the PAM file(/etc/pam.d/vsftpd):
add 2 line stuff like this(You must hide or delete others):
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_user
account required /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_user
6. Create config file for virtual user:
mkdir -p /etc/vsftpd/virtual_user_conf
vi /etc/vsftpd/virtual_user_conf/user1
the file looks like this:
local_root=/ftpboot/
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_world_readable_only=NO
anon_other_write_enable=YES
7. Create the director for all users:
mkdir -p /ftpboot/user1
mkdir -p /ftpboot/user1/public
mount --bind /ftpboot/public /ftpboot/user1/public
mount -o remount,ro /ftpboot/user1/public
chown virtual_user.virtual_user /ftpboot -R
chmod 764 /ftpboot -R
chmod 555 /ftpboot/public -R
8. Modify the vsftpd.conf file:
anonymous_enable=NO
pam_service_name=vsftpd
tcp_wrappers=YES
chroot_local_user=YES
guest_enable=YES
guest_username=virtual_user
user_config_dir=/etc/vsftpd/virtual_user_conf
9. Check the selinux configure
sestatus -b | grep ftp
if it display like this:
ftp_home_dir off
then run this command to enable it:
setsebool -P ftp_home_dir on
or disable the selinux directly(change the /etc/selinux/config to disable it: SELINUX=disabled).
10. Restart the vsftpd server:
service vsftpd restart
yum install vsftpd
2. Add a virtual user:
useradd virtual_user -s /sbin/nologin
mkdir /ftpboot
chown virtual_user.virtual_user /ftpboot -R
chmod 764 /ftpboot -R
3. Create username and password for virtual user:
cd /etc/vsftpd/
vi virtual_user
the file looks like this:
user1
password1
user2
password2
4. Convert the password file to a db format file:
db_load -T -t hash -f /etc/vsftpd/virtual_user /etc/vsftpd/virtual_user.db
5. Config the PAM file(/etc/pam.d/vsftpd):
add 2 line stuff like this(You must hide or delete others):
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_user
account required /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_user
6. Create config file for virtual user:
mkdir -p /etc/vsftpd/virtual_user_conf
vi /etc/vsftpd/virtual_user_conf/user1
the file looks like this:
local_root=/ftpboot/
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_world_readable_only=NO
anon_other_write_enable=YES
7. Create the director for all users:
mkdir -p /ftpboot/user1
mkdir -p /ftpboot/user1/public
mount --bind /ftpboot/public /ftpboot/user1/public
mount -o remount,ro /ftpboot/user1/public
chown virtual_user.virtual_user /ftpboot -R
chmod 764 /ftpboot -R
chmod 555 /ftpboot/public -R
8. Modify the vsftpd.conf file:
anonymous_enable=NO
pam_service_name=vsftpd
tcp_wrappers=YES
chroot_local_user=YES
guest_enable=YES
guest_username=virtual_user
user_config_dir=/etc/vsftpd/virtual_user_conf
9. Check the selinux configure
sestatus -b | grep ftp
if it display like this:
ftp_home_dir off
then run this command to enable it:
setsebool -P ftp_home_dir on
or disable the selinux directly(change the /etc/selinux/config to disable it: SELINUX=disabled).
10. Restart the vsftpd server:
service vsftpd restart