Alibaba Cloud centos6 install and configure vsftpd server

1. Update yum source

I directly update yum update.

2. Install vsftp

Use the yum command to install vsftpd

# Yum install vsftpd-y
3. Add an ftp account and Directory

First check the location of nologin, usually under/usr/sbin/nologin or/sbin/nologin.

Use the following command to create an account. The command specifies/www/wwwroot as the home directory of user pwftp. You can define the account name and directory by yourself:

# Useradd-d/www/wwwroot-s/sbin/nologin pwftp
Modify the account password:

# Passwd pwftp
Modify the permission of a specified directory

# Chown-R pwftp: pwftp/www/wwwroot
An error is reported when you directly perform this operation. You must perform the following operations before executing this command:

Mkdir www
Cd www
Mkdir wwwroot
4. Configure vsftp

To edit the vsftpd configuration file, run the following command:

# Vi/etc/vsftpd. conf
Change "anonymous_enable = YES" in the configuration file to "anonymous_enable = NO"

Cancel the annotator before the following configuration:

Local_enable = YES
Write_enable = YES
Chroot_local_user = YES

Save the modification, press ESC, and enter: wq

5. Modify shell configurations

Vi edit/etc/shells. If the file does not contain/usr/sbin/nologin or/sbin/nologin (depending on the current system configuration), append it

6. Start vsftp and test logon.

Run the following command to start the vsftpd service:

# Service vsftpd start
Then, use the account pwftp to test whether ftp can be logged on. The directory is/www/wwwroot.

Supplement: Requirements and configurations

1. Anonymous access not allowed

Anonymous_enable = NO

2. Use a local account for FTP user login verification

2.1 allow FTP user login verification using a local account

Local_enable = YES
2.2 create a local account for FTP login

Increase the user's ftpuser. The main directory is/home/ftp, and the SSH permission is prohibited.

Useradd-d/home/ftp-g ftp-s/sbin/nologin ftpuser-p password
Refer to CentOS 6.2 ftp configuration for this command.

Useradd Command Reference: Linux useradd

2.3 only the created ftpuser is allowed to log on to FTP

Vi/etc/vsftpd. conf

Userlist_enable = YES
Userlist_deny = NO
Vi/etc/vsftpd/user_list

Comment out all accounts and add ftpuser

# Vsftpd userlist
# If userlist_deny = NO, only allow users in this file
# If userlist_deny = YES (default), never allow users in this file, and
# Do not even prompt for a password.
# Note that the default vsftpd pam config also checks/etc/vsftpd/ftpusers
# For users that are denied.
# Root
# Bin
# Daemon
# Adm
# Lp
# Sync
# Shutdown
# Halt
# Mail
# News
# Uucp
# Operator
# Games
# Nobody
Ftpuser
Copy code
After configuration, you can remotely log on to the FTP client and upload files. The files are stored in the home directory of ftpuser, that is,/home/ftp.

3. FTP download not allowed

Vi/etc/vsftpd. conf

Download_enable = NO
4. Only the specified IP address can be connected.

4.1 install tcp_wrappers

Yum-y install tcp_wrappers
4.2 check whether tcp_wrappers is set to YES

Vi/etc/vsftpd. conf

Tcp_wrappers = YES
4.3 add the allowed IP address

Vi/etc/hosts. allow

Vsftpd: allowed IP addresses
4.4 reject all other IP addresses

Vi/etc/hosts. deny

Vsftpd: ALL

Here, I log on directly using the Client software FileZilla Client. After testing, it is completely correct.