Today we have a day of CentOS. Alas, I really feel very small. Today we are engaged in centos.

Today we have a day of CentOS. Alas, I really feel very small. Today we are engaged in centos.

Reposted an article from someone else: http://my.oschina.net/idiotsky/blog/303545

This article is very good because it tells me how to view the bool variable values and settings of SElinux related to ftp. Although I was not able to solve my ftp server in the end, I don't think I should do it first. Thank you, dear friend.

1. after the vsftpd component is installed,/etc/vsftpd is installed. conf file, used for configuration, and a new ftp user and ftp group, pointing to the home directory as/var/ftp, default is nologin (cannot log on to the system)

?

1

yum -y install vsftpd

You can run the following command to view the user

?

1

cat /etc/passwd

The ftp service is not started by default. Run the following command to start

?

1

service vsftpd start

2. Install the ftp client component (used to verify whether vsftpd is used)

?

1

yum -y install ftp

Execute the command and try to log on

?

1

ftp localhost

Enter the ftp user name and password (because anonymous access is allowed by default)

If the logon succeeds, the ftp service is available.

However, the Internet cannot be accessed, so the configuration should be continued.

3. Cancel anonymous login

?

1

vi /etc/vsftpd/vsftpd.conf

Change anonymous_enable = YES in the first line to NO

Restart

?

1

service vsftpd restart

4. Create a new user (ftpuser is the user name and can be used as needed)

?

1

useradd ftpuser

Change Password (twice)

?

1

passwd ftpuser

After such a user is created, you can use this logon. Remember to use normal logon instead of anonymous logon. The default path after logon is/home/ftpuser.

5. Open Port 21

Because the default ftp port is 21, and centos is not enabled by default, You need to modify the iptables File

?

1

vi /etc/sysconfig/iptables

On the line above, enter another line under 22-j ACCEPT, which is similar to that line, just replace 22 with 21, and then save: wq.

And restart iptables.

?

1

service iptables restart

The Internet can be accessed, but the directory cannot be returned or uploaded because selinux is an exception.

6. Modify selinux

?

1

getsebool -a | grep ftp

Run the preceding command, and then the returned result shows that both rows are off, indicating that Internet access is not enabled.

?

1

2

3

4

5

....

allow_ftpd_full_access off

....

....

ftp_home_dir off

You just need to turn all the above into on.

Run

?

1

2

setsebool -P allow_ftpd_full_access 1

setsebool -P ftp_home_dir off 1

Restart vsftpd.

?

1

service vsftpd restart

This should be okay (if it still doesn't work, check if the ftp client tool is used for passive mode access. If you prompt Entering Passive mode, it indicates passive mode, the default mode is unavailable because the ftp passive mode is blocked by iptables. The following describes how to enable it. If you are too lazy to enable it, check whether the ftp client has port mode options, or remove the passive mode option. If the client still does not work, check whether the firewall is enabled on the host computer on the client)

7. Enable passive Mode

It is enabled by default, but you must specify a port range to open the vsftpd. conf file, and add

Pasv_min_port = 30000

Pasvanderbilt max_port = 30999

Indicates the port range is 30000 ~ 30999. This can be changed at will.

Restart vsftpd.

Because the port range is specified, iptables needs to enable the range accordingly, so open the iptables file as above.

It is also in the top and bottom of the 21 line, the line is similar, just change 21 to 30000: 30999, then: wq save, restart iptables. This is done.