Install vsftp
Run the following command in terminal to install vsftpd package:
[root@ftp ~]# yum install vsftpd ftp -y
Start the vsftpd service and make it to start automatically on every reboot:
[root@ftp ~]# service vsftpd start Starting vsftpd for vsftpd: [ OK ] [root@ftp ~]# chkconfig vsftpd on
Configure vsftpd
Open the vsftpd configuration file /etc/vsftpd/vsftpd.conf. Find the following lines and make the changes as shown below:
[root@ftp ~]# vi /etc/vsftpd/vsftpd.conf [...] ## Set to "NO" ## anonymous_enable=NO ## Uncomment ## ascii_upload_enable=YES ascii_download_enable=YES ## Uncomment - Enter your Welcome message - This is optional ## ftpd_banner=Welcome to UNIXMEN FTP service. ## Add at the end of this file ## use_localtime=YES
Restart vsftpd service:
[root@ftp ~]# service vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Create FTP users
By default, root user is not allowed to login to ftp server for security purpose. So let us create a testing user called “sk” with password “centos”:
[root@ftp ~]# useradd sk [root@ftp ~]# passwd sk Changing password for user sk. New password: BAD PASSWORD: it is based on a dictionary word BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully.
Connecting to FTP server
Now let us try to connect to FTP server itself with user “sk”:
[root@ftp ~]# ftp 192.168.1.200 Connected to 192.168.1.200 (192.168.1.200). 220 Welcome to UNIXMEN FTP service. Name (192.168.1.200:root): sk 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/sk Login failed. ftp>
Probably you will get an error like “500 OOPS: cannot change directory”.
This is because your SELinux restricts the user to login to ftp server. So let us update the SELinux boolean values for FTP service:
[root@ftp ~]# setsebool -P ftp_home_dir on
Now try again to login to FTP server:
[root@ftp ~]# ftp 192.168.1.200 Connected to 192.168.1.200 (192.168.1.200). 220 Welcome to UNIXMEN FTP service. Name (192.168.1.200:root): sk 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Now you will be able to login to FTP server without any problems.
Install Berkeley Database(db4)
In this method, we use Berkeley database(db4(version4) to store virtual user names with their passwords. First install db4-utils package if it not installed:
[root@ftp ~]# yum install db4-utils db4 -y
Create database file for virtual users
First create a plain text file and enter the virtual user names and their passwords one by one. Then create the db file from the plain text file.
For instance, i create a plain text file called virtual_users.txt in /home directory with username senthil and password centos:
[root@ftp ~]# vi /home/virtual_users.txt senthil centos
Save and exit the file. Run the following command to create database file:
[root@ftp ~]# db_load -T -t hash -f /home/virtual_users.txt /etc/vsftpd/virtual_users.db
Here virtual.db is the actual database file for virtual users.
Create a PAM file
Now create a PAM file to use the database virtual_users.db which we created from the plain text file. Add the following lines:
[root@ftp ~]# vi /etc/pam.d/vsftpd_virtual #%PAM-1.0 auth required pam_userdb.so db=/etc/vsftpd/virtual_users account required pam_userdb.so db=/etc/vsftpd/virtual_users session required pam_loginuid.so
Save and exit the file.
vsftpd configuration
Make sure that you have added or edited the following lines in the vsftpd.conf file:
[root@ftp ~]# vi /etc/vsftpd/vsftpd.conf # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # Uncomment this to allow local users to log in. local_enable=YES ## Enable virtual users guest_enable=YES ## Virtual users will use the same permissions as anonymous virtual_use_local_privs=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES ## PAM file name pam_service_name=vsftpd_virtual ## Home Directory for virtual users user_sub_token=$USER local_root=/ftp/virtual/$USER # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES ## Hide ids from user hide_ids=YES
Save and exit the file.
Now create home directories for virtual users:
[root@server ~]# mkdir -p /ftp/virtual/senthil [root@server ~]# chown -R ftp:ftp /ftp/virtual/senthil/
Start or restart vsftpd service:
[root@ftp ~]# service vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now try to login to FTP server using virtual user senthil with password centos:
[root@ftp ~]# ftp 192.168.1.200 Connected to 192.168.1.200 (192.168.1.200). 220 Welcome to UNIXMEN FTP service. Name (192.168.1.200:root): senthil 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Now you will able to login to FTP server.
Verify the log files using the following command:
[root@ftp ~]# tail -f /var/log/secure Jun 3 17:23:35 ftp vsftpd[1945]: pam_userdb(vsftpd_virtual:auth): user 'senthil' granted access- See more at: http://www.unixmen.com/install-vsftp-with-virtual-users-on-centos-rhel-scientific-linux-6-4/#sthash.DMsNwHgj.dpuf
Không có nhận xét nào:
Đăng nhận xét