Linux FTP Setup and related problem solving

1. See if VSFTP is installed
Rpm–qa|grep vsftpd
If the vsftpd-2.0.5-16.el5_5.1 instructions are installed Vsftp

Installing VSFTP
Yum-y Install VSFTPD
2. Test whether the installation is successful (IP to yourself ah, do not use my login for anonymous login user:anonymous password is empty if successful login will have the following content this indicates that VSFTPD installation succeeded) If you do not have an FTP command, run the Yum install-y ftp

[[Email protected] ~] #service vsftpd Start

For vsftpd start vsftpd:[OK]
[[Email protected] ~] #ftp 127.0.0.1
Connected to127.0.0.1.
(VsFTPd 2.0.5)
530 Loginwith USER and PASS.
530 Loginwith USER and PASS.
KERBEROS_V4 Rejectedas an authentication type
Name (127.0.0.1:root): Anonymous
331 specifythe password.
Password:
Loginsuccessful.
Remote system Typeis UNIX.
Using binary mode totransfer files.
Ftp> bye
221 Goodbye.
[Email protected] ~]#

3. Modify the configuration file/etc/vsftpd/vsftpd.conf

[[Email protected] ~] #vi/etc/vsftpd/vsftpd.conf

Uncomment or add a comment earlier in this section

anonymous_enable=yes/no whether anonymous user access is allowed

Chroot_list_enable=yes Limited User can not leave the home directory

Chroot_list_file=/etc/vsftpd/chroot_list

Loca_enable=yes/no whether local users can access note: If no then all virtual users will not be able to access the reason: Virtual user access on the host is actually accessed by local users

PAM_SERVICE_NAME=VSFTPD PAM Certified file name in/ETC/PAM.D/VSFTPD

Guest_enable=yes enabling the Virtual user feature

Guest_username=ftp the host user of the specified virtual user –centos has a built-in FTP user in it (note: The user specified in the chroot_list_file=/etc/vsftpd/chroot_list file)

user_config_dir=/etc/vsftpd/vuser_conf setting up a service profile for a virtual user's personal vsftp

(spaces cannot appear after this file)

4. See if DB4 db4-utils is installed

[[Email protected] ~] #rpm-qa|grep DB4 after running the following instructions have been installed can use the Db_load command (mainly db4-utils)
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-tcl-4.3.29-10.el5_5.2
db4-utils-4.3.29-10.el5_5.2
[Email protected] ~]#

Install Db4-utils if not installed
4.1 Installing Db4-utils
[[Email protected] ~] #yum-y install Db4-utils
5. Create a Chroot_list_file=/etc/vsftpd/chroot_list file

[[Email protected] ~] #vi/etc/vsftpd/chroot_list (edit file to write the value of Guest_username in/etc/vsftpd/vsftpd.conf to the file in this case, FTP)

Or just follow the steps below

[[Email protected] ~] #touch/etc/vsftpd/chroot_list

[[email protected] ~]# echoftp >>/etc/vsftpd/chroot_list (here FTP is also/etc/vsftpd/vsftpd.conf value in Guest_username)
6. Create a Virtual user directory (password text)

[[Email protected] ~] #vi/etc/vsftpd/vftpuser.txtx (odd behavior username, even behavior password)

This article is added as follows (viewed with the cat command)

[[Email protected] ~] #cat/ETC/VSFTPD/VFTPUSER.TXTX
Hope
Hope
Aa
Zzzzz
[Email protected] ~]#
7. Generate a DB file for the virtual user

[[Email protected] ~] #db_load-T-t hash-f/etc/vsftpd/vftpuser.txtx/etc/vsftpd/vftpuser.db
8. Generate authentication files for virtual users

[[Email protected]]# vi/etc/pam.d/vsftpd
#%pam-1.0

Session optional pam_keyinit.so Force revoke
Auth Required pam_listfile.so Item=user sense=denyfile=/etc/vsftpd/ftpusers onerr=succeed
Auth Required pam_shells.so
Auth include System-auth
Account include System-auth
Session include System-auth
Session Required Pam_loginuid.so

Comment out all the content in the/etc/pam.d/vsftpd anyway, it's not certified by the local user.

Pay special attention to the following differences
The 32-bit system adds the following two sentences:
Auth Required pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required Pam_userdb.so Db=/etc/vsftpd/vftpuser
The 64-bit system adds the following two sentences:
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required/lib64/security/pam_userdb.sodb=/etc/vsftpd/vftpuser

Here I found that add the DB suffix after the database is not recognized, 51cto a big tutorial inside is added db, the results can not read the database, of course, it will not be certified.

Note: Vftpuser in Db=/etc/vsftpd/vftpuser is the db file of the virtual user you generated

9. Create your own profile for each virtual user, the path to the configuration file is in/etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/vuser_conf Path

Under/etc/vsftpd/vuser_conf/, create a file with the username name (the name is the odd line below/ETC/VSFTPD/VFTPUSER.TXTX)

[[Email protected]]# cat/etc/vsftpd/vftpuser.txtx
Hope
Hope
Aa
Zzzzz

[Email protected]]# mkdir vuser_conf

[[Email protected]]# vi/etc/vsftpd/vuser_conf/hope

The contents are as follows

Local_root=/var/www (virtual user's root directory based on actual modification)
Write_enable=yes (writable)
Download_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_umask=022

10. Give permission to the folder (otherwise you can not upload the rights to self-set I give is 777)

[Email protected]]# chmod 777/var/www/
11. Restart VSFTPD

[[Email protected]]# service VSFTPD Restart

To this installation configuration complete if a connection is made to the same bit weight or other errors please view the current mode of SELinux

12. Login Test

[[Email protected] vsftpd]# FTP 127.0.0.1

Connected to 127.0.0.1.

(VsFTPd 2.0.5)

530 Login with USER and PASS.

530 Login with USER and PASS.

Kerberos_v4 rejected as Anauthentication type

Name (127.0.0.1:root): Hope

331 Specify the password.

Password:

Oops:cannot changedirectory:/var/www

Login failed.

Ftp>

View methods

[Email protected] vsftpd]# Getenforce

Enforcing if present (enforcing)

Close method: [[email protected] vsftpd] #setenforce 0 (0|1 open | off)

Test Login successfully again

[Email protected] vsftpd]# chmod 777/var/www/

[[Email protected] vsftpd]# FTP 127.0.0.1

Connected to 127.0.0.1.

(VsFTPd 2.0.5)

530 Login with USER and PASS.

530 Login with USER and PASS.

Kerberos_v4 rejected as Anauthentication type

Name (192.168.1.107:root): Hope

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

To see how many bits of the system are commands

[Email protected] ~]# getconf long_bit

64 (64|32)

General Windows access to the FTP server if there is a problem with the issue of permissions, in the bird Brother's Linux server architecture there is a solution

As
In the preface, FTP uses two ports, plus a randomly enabled data stream port, and a passive online
Server ports, and so on, you may have to do:
Join Iptables's ip_nat_ftp, ip_conntrack_ftp two modules

Open port 21 for Internet use

Open the port 65400~65410 port mentioned in the previous section for Internet connection

[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
# Add a few lines to the bottom!
pasv_min_port=65400
pasv_max_port=65410
[Email protected] ~]#/etc/init.d/vsftpd restart

Add module: Although the Iptables.rule has been added to the module, but the system file or modify the good
The
[Email protected] ~]# Vim/etc/sysconfig/iptables-config
iptables_modules= "Ip_nat_ftp ip_conntrack_ftp"
# Join the module! Two modules in the middle of the space bar separated! Then restart the Iptables service
Hello
[Email protected] ~]#/etc/init.d/iptables restart
# 2. The script to modify Iptables.rule is as follows:
[Email protected] ~]# Vim/usr/local/virus/iptables/iptables.rule
Iptables-a input-p tcp-i $EXTIF--dport--sport 1024:65534-j
ACCEPT
# Find the line above and take off the previous comment! and add the bottom line!
Iptables-a input-p tcp-i $EXTIF--dport 65400:65410--sport

1024:65534-j ACCEPT
Restart the firewall.

Linux FTP Setup and related problem solving