Thursday, October 1, 2009

CentOS: Config FTP server - vsftp service

On CentOS vsftp is the most pop FTP service, to install login as ROOT and input:

# yum -y install vsftpd db4-utils

To config vsftp service, update config file:/etc/vsftpd/vsftpd.conf

For virtual user use:

anon_world_readable_only=NO
anonymous_enable=NO
ftpd_banner=Welcome to LambertDatabase FTP Server.
chroot_local_user=YES
guest_enable=YES
guest_username=vftpuser
hide_ids=YES
listen=YES
listen_address=192.168.0.35
local_enable=YES
max_clients=100
max_per_ip=2
nopriv_user=ftp
pam_service_name=ftp
pasv_enable=YES
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
xferlog_enable=YES
anon_umask=0027
local_umask=022
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=YES
download_enable=YES
write_enable=YES


Set allow user list:
# vi /etc/vsftpd/user_list
vftpuser


# vi /etc/vsftpd/denied_users
root


# touch /etc/vsftpd/accounts.tmp
# mkdir /etc/vsftpd/users


Set up virtual user ftp owner account:
# useradd vftpuser -d /home/ftp -s /sbin/nologin

Set pam:
# vi /etc/pam.d/ftp
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/accounts
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/accounts


Create user & password List file:
# vi /etc/vsftpd/accounts.tmp
testftp #username
test1234 #password


To create a new virtual user account’s access right:
# vi /etc/vsftpd/users/testftp

dirlist_enable=YES
download_enable=YES
write_enable=YES
anon_world_readable_only=no
anon_upload_enable=yes
anon_other_write_enable=yes
local_root=/home/ftp/testftp


Create db file:
# /usr/bin/db_load -T -t hash -f /etc/vsftpd/accounts.tmp /etc/vsftpd/accounts.db
# chmod 600 /etc/vsftpd/accounts.db


Restart the service:
# service vsftpd restart

Set up iptable / firewall for PASV mode:
#vi /etc/sysconfig/iptables
Add:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 64000:65535 -j ACCEPT

# service vsftpd restart
# service iptables restart


Set up SELinux:
# setsebool -P ftpd_disable_trans 1
# chcon -R -h -t public_content_t /home/ftp

No comments:

Post a Comment