How to configure pattern matching in linux Vsftpd

useradd vsftpd -s /sbin/nologin

Restrict the login of vsftpd users, who will be the largest hosting users of vsftpd services.

useradd ftp -s /sbin/nologin

This is the virtual hosting user of Vsftpd, which should have by default.

Of course, you can use other names for these users.

2. Modify the configuration of vsftpd.

The Anonymous_enable=NO # setting does not allow anonymous access.

Local_enable=YES # Sets the local user to access. If it is set to No, all virtual users cannot access it.

Write_enable=YES # sets that a write operation can be performed.

Local_umask=022 # Set the permission mask for uploading files.

Anon_upload_enable=NO # Prohibit anonymous users from uploading.

Anon_mkdir_write_enable=NO # Prohibits anonymous users from creating directories.

Dirmessage_enable=YES # Set the function of opening the directory banner.

Xferlog_enable=YES # is set to turn on logging.

Connect_from_port_20=NO # Prohibits port 20 from data connection. Passive mode is used here.

Chown_uploads=NO # Set to prohibit uploading files to change the host.

Xferlog _ file =/var/log/vsftpd.log # Set the service log saving path of vsftpd.

Xferlog_std_format=YES # Set the log to use the standard recording format.

Idle_session_timeout=600 # Set idle connection timeout.

Nopriv_user=Vsftpd # Sets the host user who supports the Vsftpd service.

Async_abor_enable=YES # setting supports asynchronous transmission function.

Ascii _ upload _ enable = yes

Ascii_download_enable=YES # Sets the upload and download functions that support ASCII mode.

Ftpd_banner=Vsftpd # Set the landing slogan of Vsftpd.

Chroot_list_enable=NO # prohibits users from logging out of their FTP home directory.

Ls _ recursive _ enable = no # It is forbidden for users to use the command of "ls -R" after logging in FTP, which occupies resources.

Listen=YES # Set the Vsftpd service to work in standalone mode.

# Add Configuration

Pam_service_name=Vsftpd # sets the verification configuration file name of Vsftpd under PAM service.

The Userlist_enable=YES # setting does not allow users in userlist_file to use FTP.

The Tcp_wrappers=YES # setting supports Tcp wrappers.

Guest_enable=YES # is set to enable the virtual user function.

Guest_username=ftp # Specifies the host user of the virtual user.

Virtual_use_local_privs=YES # Set the permissions of virtual users to match their host users.

User _ config _ dir =/etc/vsftpd/vconf # Set the profile storage path of the virtual user's personal vsftp.

3. Create a new user

Touch /etc/vsftpd/user_list.

# Write

Testuser # user name

123456 # password

4. Generate data files.

db _ load-T-T hash-f/etc/vsftpd/user _ list/etc/vsftpd/user . db

5. modify pam.

auth sufficient/lib 64/security/PAM _ userdb . so db =/etc/vsftpd/log in

The account is sufficient/lib64/security/PAM _ userdb.sodb =/etc/vsftpd/login.

These two items must be inserted after #%PAM- 1.0, where "sufficient" means sufficient condition. If they pass, the same type of verification is unnecessary.

6. Configure virtual users.

According to the above user configuration corresponding files,

Touch /etc/vsftpd/vconf/testuser.

Create a new virtual user directory:

mkdir/opt/vs FTP/virtuser & amp； & ampchown root . FTP/opt/vs FTP/virtuser

Users will be restricted to reading and writing in this directory after logging in.

The Vsftpd configuration has been completed.