1. Update yum source
I directly update yum update.
2. Install vsftp
Use the yum command to install vsftpd
# Yum install vsftpd-y
3. Add an ftp account and Directory
First check the location of nologin, usually under/usr/sbin/nologin or/sbin/nologin.
Use the following command to create an account. The command specifies/www/wwwroot as the home directory of user pwftp. You can define the account name and directory by yourself:
# Useradd-d/www/wwwroot-s/sbin/nologin pwftp
Modify the account password:
# Passwd pwftp
Modify the permission of a specified directory
# Chown-R pwftp: pwftp/www/wwwroot
An error is reported when you directly perform this operation. You must perform the following operations before executing this command:
Mkdir www
Cd www
Mkdir wwwroot
4. Configure vsftp
To edit the vsftpd configuration file, run the following command:
# Vi/etc/vsftpd. conf
Change "anonymous_enable = YES" in the configuration file to "anonymous_enable = NO"
Cancel the annotator before the following configuration:
Local_enable = YES
Write_enable = YES
Chroot_local_user = YES
Save the modification, press ESC, and enter: wq
5. Modify shell configurations
Vi edit/etc/shells. If the file does not contain/usr/sbin/nologin or/sbin/nologin (depending on the current system configuration), append it
6. Start vsftp and test logon.
Run the following command to start the vsftpd service:
# Service vsftpd start
Then, use the account pwftp to test whether ftp can be logged on. The directory is/www/wwwroot.
Supplement: Requirements and configurations
1. Anonymous access not allowed
Anonymous_enable = NO
2. Use a local account for FTP user login verification
2.1 allow FTP user login verification using a local account
Local_enable = YES
2.2 create a local account for FTP login
Increase the user's ftpuser. The main directory is/home/ftp, and the SSH permission is prohibited.
Useradd-d/home/ftp-g ftp-s/sbin/nologin ftpuser-p password
Refer to CentOS 6.2 ftp configuration for this command.
Useradd Command Reference: Linux useradd
2.3 only the created ftpuser is allowed to log on to FTP
Vi/etc/vsftpd. conf
Userlist_enable = YES
Userlist_deny = NO
Vi/etc/vsftpd/user_list
Comment out all accounts and add ftpuser
# Vsftpd userlist
# If userlist_deny = NO, only allow users in this file
# If userlist_deny = YES (default), never allow users in this file, and
# Do not even prompt for a password.
# Note that the default vsftpd pam config also checks/etc/vsftpd/ftpusers
# For users that are denied.
# Root
# Bin
# Daemon
# Adm
# Lp
# Sync
# Shutdown
# Halt
# Mail
# News
# Uucp
# Operator
# Games
# Nobody
Ftpuser
Copy code
After configuration, you can remotely log on to the FTP client and upload files. The files are stored in the home directory of ftpuser, that is,/home/ftp.
3. FTP download not allowed
Vi/etc/vsftpd. conf
Download_enable = NO
4. Only the specified IP address can be connected.
4.1 install tcp_wrappers
Yum-y install tcp_wrappers
4.2 check whether tcp_wrappers is set to YES
Vi/etc/vsftpd. conf
Tcp_wrappers = YES
4.3 add the allowed IP address
Vi/etc/hosts. allow
Vsftpd: allowed IP addresses
4.4 reject all other IP addresses
Vi/etc/hosts. deny
Vsftpd: ALL
Here, I log on directly using the Client software FileZilla Client. After testing, it is completely correct.