2015/03/17

vsftp install on CentOS 7

# install on CentOS 7 without iptables and seLinux 

# install something we need
 
yum install vsftpd gcc pam-devel unzip php -y 
 
# Setup for virtual user 
 
curl 'https://codeload.github.com/tiwe-de/libpam-pwdfile/zip/master' > master.zip 
unzip master.zip 
cd libpam-pwdfile-master/ 
make 
cp pam_pwdfile.so /lib64/security/
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.org
echo "auth required /lib64/security/pam_pwdfile.so pwdfile  /etc/vsftpd/users" "" >> /etc/pam.d/vsftpd 
echo  "account required /lib64/security/pam_permit.so" "" >>  /etc/pam.d/vsftpd 

# backup config mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org

# Setup vsftpd main config
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf
echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "virtual_use_local_privs=YES" >> /etc/vsftpd/vsftpd.conf
echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf
echo "secure_chroot_dir=/var/run/vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_sub_token=$USER" >> /etc/vsftpd/vsftpd.conf
echo "local_root=/data/ftp/$USER" >> /etc/vsftpd/vsftpd.conf
echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
echo "hide_ids=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_config_dir=/etc/vsftpd/user_config" >> /etc/vsftpd/vsftpd.conf
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf

# Setup up for vsftpd running folder

mkdir -p /var/run/vsftpd
mkdir -p /etc/vsftpd/user_config

# Setup up for ftp user

mkdir -p /ftp/users
chown -Rf ftp:ftp /ftp/users

# Note: this command must turn on "short tag"
sed -i "s/short_open_tag = .*/short_open_tag = On/" /etc/php.ini
# ftp user config
mkdir -p  /etc/vsftpd/user_config/

# ftp user account add
echo "<?php echo 'username:' . crypt('passwd'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
echo "local_root=/ftp/users/username_home""" >> /etc/vsftpd/user_config/username

# Create ftp user home
mkdir -p /ftp/users/username_home
chown -Rf ftp:ftp /ftp/users/username_home

# setup 
systemctl enable vsftpd.service
systemctl start vsftpd.service

#BTW...... add ftp user shell

echo "<?php echo '$1:' . crypt('$2'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
#mkdir -p  /etc/vsftpd/user_config/
echo "local_root=/ftp/users/$1" "" >> /etc/vsftpd/user_config/$1
mkdir -p /ftp/users/$1

chown -Rf ftp:ftp /ftp/users/$1

##
firewall-cmd --permanent --add-port=21/tcp 
firewall-cmd --permanent --add-service=ftp
Restart firewall:firewall-cmd --reload

No comments: