Recently, you need to build an FTP server on a Aliyun cloud server and share some of the configuration we've made based on our actual requirements in this blog post.
The FTP software is vsftpd.
VSFTPD is one of the most admired FTP server programs in the Linux distribution. The feature is small and brisk, safe and easy to use.
VSFTPD's name stands for "Very secure FTP daemon", and security is one of the top issues considered by its developer Chris Evans. At the beginning of the design and development of this FTP server, high security is a goal.
Preparatory work
Install VSFTPD
Yum Install vsftpd
Set up boot vsftpd FTP service
Chkconfig vsftpd on
Open VSFTPD configuration file
Vi/etc/vsftpd/vsftpd.conf
Requirements and configuration
1. Do not allow anonymous access
Anonymous_enable=no
2. Use local account for FTP user logon authentication
2.1 Allow FTP user logon authentication using a local account
Local_enable=yes
2.2 Create a local account for FTP logins
To increase user Ftpuser, the home directory is/home/ftp and the SSH permission is not allowed to log on.
useradd-d/home/ftp-g ftp-s/sbin/nologin ftpuser-p Password
This command is referenced from: CentOS 6.2 FTP configuration.
Useradd Command Reference documentation: Linux Useradd
2.3 Allow only newly created Ftpuser login FTP
Vi/etc/vsftpd/vsftpd.conf
Userlist_enable=yes
Userlist_deny=no
Vi/etc/vsftpd/user_list
Note All accounts, add Ftpuser
# vsftpd UserList
# If Userlist_deny=no, only allow users in this file
# If Userlist_deny=yes (default), never allow users in this file, and
# don't even prompt for a password.
# that's the default Vsftpd Pam Config also checks/etc/vsftpd/ftpusers
# for the users that are denied.
#root
#bin
#daemon
#adm
#lp
#sync
#shutdown
#halt
#mail
#news
#uucp
#operator
#games
#nobody
Ftpuser
Configuration here, you can remotely use FTP client login and upload files, files will be saved in the Ftpuser home directory, that is,/home/ftp.
3. Do not allow FTP downloads
Vi/etc/vsftpd/vsftpd.conf
Download_enable=no
4. Only allow the specified IP to connect
4.1 Installation Tcp_wrappers
Yum-y Install Tcp_wrappers
4.2 Check if Tcp_wrappers is set to Yes
Vi/etc/vsftpd/vsftpd.conf
Tcp_wrappers=yes
4.3 Add back the allowed IP
Vi/etc/hosts.allow
VSFTPD: Allowed IP Address
4.4 Deny all other IP
Vi/etc/hosts.deny
Vsftpd:all
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.