Centos6.4(32位)vsftpd的安裝與配置
一、允許匿名方式登錄ftp服務器的配置
1.安裝
#yum –y install vsftpd* pam* db4*
2.修改主配置文件vsftpd.conf
anonymous_enable=YES
anon_upload_enable=yes
anon_mkdir_write_enable=yes
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
ftpd_banner=Welcometo MYFTP service
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
xferlog_file=/var/log/vsftpd.log
idle_session_timeout=300
data_connection_timeout=120
ascii_upload_enable=YES
ascii_download_enable=YES
listen=YES
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
3.啓動vsftpd
#service vsftpd start
4.在windowns-xp客戶端
說明vsftpd服務可以匿名登錄,注:這裏使用的是默認用戶,賬號和密碼均爲ftp
二、禁止匿名用戶登錄,虛擬用戶使用vsftpd服務器登錄的配置,具體操作如下:
#vi virtual_user_login
web1
123456
tzf
abcd1234
#db_load-T -t hash -f virtual_user_login/etc/vsftpd/virtual_user_login.db
#chmod600 /etc/vsftpd/virtual_user_login.db
#useradd-d /var/wwwroot -s /sbin/nologin -g root virtual
#mkdirvirtual_user_conf
#vi /etc/vsftpd/virtual_user_conf/web1
local_root=/var/wwwroot/web1
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#vi/etc/vsftpd/virtual_user_conf /tzf
local_root=/var/wwwroot/tzf
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#cp /etc/pam.d/vsftpd/etc/pam.d/vsftpd.vu
#more/etc/pam.d/vsftpd.vu
文件內容顯示如下,黑色加粗的字體爲增加的內容:
#%PAM-1.0
auth sufficient /lib/security/pam_userdb.sodb=/etc/vsftpd/virtual_user_login
account sufficient /lib/security/pam_userdb.sodb=/etc/vsftpd/virtual_user_login
sessionoptionalpam_keyinit.soforce revoke
authrequiredpam_listfile.so item=user sense=denyfile=/etc/vsftpd/ftpusers onerr
=succeed
authrequiredpam_shells.so
authincludepassword-auth
accountincludepassword-auth
sessionrequiredpam_loginuid.so
sessionincludepassword-auth
#mkdir/var/wwwroot/web1
#mkdir/var/wwwroot/tzf
#chmod –R777 /var/wwwroot/web1
#chmod –R777 /var/wwwroot/tzf
#more/etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=virtual
anonymous_enable=NO
virtual_use_local_privs=YES
file_open_mode=0777
user_config_dir=/etc/vsftpd/virtual_user_conf
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
xferlog_file=/var/log/vsftpd.log
listen=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
#pam_service_name=vsftpd
pam_service_name=vsftpd.vu
userlist_enable=YES
tcp_wrappers=YES
#servicevsftpd restart
測試結果:
說明虛擬用戶能正常登錄,並能創建文件目錄、瀏覽文件,配置成功
安裝配置過程中遇到的問題及解決辦法:
servicevsftpd start
Startingvsftpd for vsftpd: 500 OOPS: bad bool value in config file for: virtual_use_local_privs
[FAILED]
原因是:virtual_use_local_privs=YES 這一行中末尾有空格
550錯誤的解決辦法:
#sestatus-b |grep ftp
allow_ftpd_anon_writeoff
allow_ftpd_full_accessoff
allow_ftpd_use_cifsoff
allow_ftpd_use_nfsoff
ftp_home_diroff
ftpd_connect_dboff
ftpd_use_passive_modeoff
httpd_enable_ftp_serveroff
tftp_anon_writeoff
#setsebool -P ftp_disable_trans on
libsemanage.dbase_llist_set:record not found in the database (No such file or directory).
libsemanage.dbase_llist_set:could not set record value (No such file or directory).
Couldnot change boolean ftp_disable_trans
Couldnot change policy booleans
#/usr/sbin/setsebool-P ftp_home_dir 1
#sestatus -b |grep ftp
allow_ftpd_anon_writeoff
allow_ftpd_full_accessoff
allow_ftpd_use_cifsoff
allow_ftpd_use_nfsoff
ftp_home_diron
ftpd_connect_dboff
ftpd_use_passive_modeoff
httpd_enable_ftp_serveroff
tftp_anon_writeoff
#/usr/sbin/setsebool allow_ftpd_full_access 1
#/usr/sbin/setsebool allow_ftpd_use_cifs 1
#/usr/sbin/setsebool httpd_enable_ftp_server 1
#/usr/sbin/setsebool tftp_anon_write 1
#service vsftpd restart
或者輸入以下命令嘗試解決:
#setsebool-P ftpd_disable_trans 1
#servicevsftpd restart