Cloud server ESC deploys vsftpd virtual users

Description: Cloud server deployment and local server deployment need to open the specified port, but the cloud server needs to open the corresponding port in the security group rules to allow passage.

Environmental description:

The corresponding user corresponds to different passwords and different data catalogues, as follows:

Specific steps

1) Installation of software

# yum -y install vsftpd

2) Create corresponding ftp data directories

# mkdir -p /opt/ftp/{come,out}

3) Create a user for virtual users

# useradd -s /sbin/nologin virtual

4) Setting ftp data directory to virtual user

# chown virtual. /opt/ftp/ -R
# ll /opt/ftp/
total 8
drwxr-xr-x 2 virtual virtual 4096 Apr 17 12:07 come
drwxr-xr-x 2 virtual virtual 4096 Apr 17 12:07 out

5) Create text files with virtual accounts and passwords (one line of accounts, one line of passwords, be careful not to have extra spaces)

# vim /etc/vsftpd/logins.txt
ftpComeSsbq
ftp_come_#@UkieO9
ftpOutSsbq
ftp_out_#@45oUkie

6) Transform the created password file txt format into db format

# db_load -T -t hash -f /etc/vsftpd/logins.txt /etc/vsftpd/login.db

7) Define permissions for db files

# chmod 600 /etc/vsftpd/login.db

8) Define the pam authentication file (note: db=/etc/vsftpd/login file is the login.db file generated above; omit the suffix.db)

# vim /etc/pam.d/ftp
auth  required  /lib64/security/pam_userdb.so  db=/etc/vsftpd/login
account  required  /lib64/security/pam_userdb.so  db=/etc/vsftpd/login

9) Configure the vsftpd master configuration file (guest_username=virtual corresponds to the user created above)

# vim /etc/vsftpd/vsftpd.conf
#Prohibit anonymous login FTP The server
anonymous_enable=NO
#Allow local users to log in FTP The server
local_enable=YES
#Can upload(Global control) 
write_enable=NO
#Anonymous users can upload
anon_upload_enable=NO
#anonymous user Directory can be built
anon_mkdir_write_enable=NO
#Anonymous user modification and deletion
anon_other_write_enable=NO
#All users are restricted to the home directory
chroot_local_user=YES
#Think of all users as virtual users guest
guest_enable=YES
#Specify virtual users, that is to say, to guest User mapping to virtual user
guest_username=virtual
#Designated as a stand-alone service
listen=YES
#Designated listening port
listen_port=21
#Turn on passive mode
pasv_enable=YES
#FTP Server Public Network IP
pasv_address=<FTP Server Public Network IP>
#Set passive mode, set up data transmission can be used port Minimum value of range
pasv_min_port=10000
#Set passive mode, set up data transmission can be used port Maximum range
pasv_max_port=10088
#Allow anonymous users to download globally readable files
anon_world_readable_only=NO
#Specify the path to the virtual user profile
user_config_dir=/etc/vsftpd/user_conf

10) Create the subconfiguration file directory user_conf specified in the above configuration file

# mkdir /etc/vsftpd/user_conf

11) Define the configuration file for ftpComeSsbq users

# vim /etc/vsftpd/user_conf/ftpComeSsbq
write_enable=YES
anon_world_readable_only=no
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/opt/ftp/come

12) Define the configuration file for ftpOutSsbq users

# vim /etc/vsftpd/user_conf/ftpOutSsbq
write_enable=YES
anon_world_readable_only=no
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/opt/ftp/out

13) Start vsftpd

# service vsftpd start

14) test

• Using the lftp test, the format is: lftp username: password @ftp address: transport port (default port 21, if it is port 21, you can not add)

  [root@srt_aliyun_39 ~]# lftp ftpComeSsbq:ftp_come_#@UkieO9@120.79.xx.xx
  lftp ftpComeSsbq@120.79.xx.xx:~> pwd
  ftp://ftpComeSsbq:ftp_come_#%40UkieO9@120.79.xx.xx
  lftp ftpComeSsbq@120.79.xx.xx:~> mkdir test
  mkdir ok, `test' created            
  lftp ftpComeSsbq@120.79.xx.xx:/> ls
  drwx------    2 506      506          4096 Apr 17 05:32 test
  lftp ftpComeSsbq@120.79.xx.xx:/> rm -rf test/
  rm ok, `test/' removed 

• Use windows Folder Test Format: ftp:ftp Address (Description: Open FTP Passive Mode, Control Panel > Network and Internet > Internet Options > Advanced). Check to enable FTP folder view, check to use passive FTP.)

　　

• Browser test: ftp://ftp address

　　

So far, the deployment of ftp virtual users has been completed.