in the Rhel/centos System, the default FTP software is vsftp, the following is the installation configuration process.
server:balichvm(192.168.171.51)
1),yum install vsftpd Package
[email protected] ~]# Yum install vsftpd
2), start vsftpd service
[[email protected] ~]#/etc/init.d/vsftpd start # start vsftpd service
start vsftpd for vsftpd: [ OK ]
[[Email protected] ~]# PS aux |grep vsftpd
Root 10054 0.0 0.0 52112 796? Ss 19:00 0:00/usr/sbin/vsftpd/etc/vsftpd/vsftpd.conf
Root 10057 0.0 0.0 103316, PTS/1 s+ 19:00 0:00 grep vsftpd
[Email protected] ~]# NETSTAT-LNP |grepvsftpd
TCP 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 10054/vsftpd
[Email protected] ~]#
at this point, the default already has an FTP instance running, open Anonymous user access, can only read, can not write.
The VSFTPD configuration file is in the/etc/vsftpd directory, with three main files as follows:
/etc/vsftpd/ftpusers # users who can access the FTP server
/etc/vsftpd/user_list # and vsftpd.conf configuration used in combination;
/etc/vsftpd/vsftpd.conf #vsftpd master configuration file
The default open anonymous user access directory is /var/ftp/pud, then how to Configure virtual user access?
3), configure the virtual user to access the FTP service.
(1), first create a system user on the system, do not need to log on the system:
[Email protected] ~]# Useradd virftp-s/sbin/nologin–m
(2), create a password file for the virtual User:vsftpd_login, the format is a single line is the user, Shuang Hao is the password:
[Email protected] ~]# Vim/etc/vsftpd/vsftpd_login
Ftp1
Q1w2e3
Ftp2
Q1w2e3
Ftp3
Q1w2e3
[[email protected] ~]# chmod 600/etc/vsftpd/vsftpd_login # # Modify Permissions
(3), using db_load to generate a binary library file that enables VSFTPD service identification
format:db_load-t-T hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db
[Email protected]~]# db_load-t-T hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db
(4), create a virtual account, create a virtual user's profile directory:/etc/vsftpd/vsftpd_user_conf, and then create and/etc/in this virtual user's profile directory Vsftpd/vsftpd_login user files inside the same profile as the user, such as FTP1.
[[Email protected]~]# mkdir/etc/vsftpd/vsftpd_user_conf # # Virtual User profile directory
Local_root=/home/virftp/ftp1
Anonymous_enable=no
Write_enable=yes
local_umask=022
Anon_upload_enable=no
Anon_mkdir_write_enable=no
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
local_max_rate=50000
(5) , create FTP shared directory /DATA/VSFTP/FTP1, and owner and owning group
[Email protected]~]# mkdir-p/HOME/VIRFTP/BFTP1
[Email protected]~]# chown-r VIRFTP:VIRFTP/HOME/VIRFTP/FTP1
(6) , edit The/etc/pam.d/vsftpd file, specify the virtual user authentication file
Auth Sufficient/lib64/security/pam_userdb.sodb=/etc/vsftpd/vsftpd_login
Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Insert these two lines in.
(7) , modify the main configuration file /etc/vsftpd/vsftpd.conf, modify the following:
Anonymous_enable=yes modified to:Anonymous_enable=no # Close Anonymous access
#anon_upload_enable =yes modified to:Anon_upload_enable=no # turn off anonymous upload permissions
#anon_mkdir_write_enable =yes modified to:Anon_mkdir_write_enable=no
#chroot_local_user =yes modified to:Chroot_local_user=yes # Remove # Comments
Add the following configuration to the rear:
Guest_enable=yes # Open a guest user
GUEST_USERNAME=VIRFTP # Mapped system users
Virtual_use_local_privs=yes # Virtual users ' permissions to use System users
USER_CONFIG_DIR=/ETC/VSFTPD/VSFTPD_USER_CONF # Virtual user's profile directory
(8) and restart the VSFTPD service.
[Email protected]~]#/etc/init.d/vsftpd Restart
Close vsftpd: [ OK ]
start vsftpd for vsftpd: [ OK ]
Rules for adding firewalls:
[Email protected] src]# Vim/etc/sysconfig/iptables
-A input-m state--state new-m tcp-p tcp--dport 21-j ACCEPT
-A input-m state--state new-m tcp-p tcp--dport 20-j ACCEPT
also need to be modified on the/etc/sysconfig/iptables-config file as follows:
iptables_modules= "Ip_conntrack_netbios_nsip_conntrack_ftp ip_nat_ftp"
If you do not modify /etc/sysconfig/iptables-config , you will not be able to read the directory list.
[[email protected] src]#/etc/init.d/iptables Restart # Restart Firewall service
Iptables: Set the chain as policy ACCEPT:filter [ OK ]
Iptables: Clear Firewall rule: [ OK ]
Iptables: Uninstalling module: [ OK ]
Iptables: Apply firewall rule: [ OK ]
Iptables: Load additional modules:ip_conntrack_netbios_nsip_conntrac[ OK ]ip_nat_ftp
the configuration here is still relatively simple, you can modify the main configuration file/etc/vsftpd/vsftpd.conf according to their own situation .
CentOS 6.7 FTP installation configuration vsftp