CentOS 6.7 FTP installation configuration vsftp

in the Rhel/centos System, the default FTP software is vsftp, the following is the installation configuration process.

server:balichvm(192.168.171.51)

1),yum install vsftpd Package

[email protected] ~]# Yum install vsftpd

2), start vsftpd service

[[email protected] ~]#/etc/init.d/vsftpd start # start vsftpd service

start vsftpd for vsftpd: [ OK ]

[[Email protected] ~]# PS aux |grep vsftpd

Root 10054 0.0 0.0 52112 796? Ss 19:00 0:00/usr/sbin/vsftpd/etc/vsftpd/vsftpd.conf

Root 10057 0.0 0.0 103316, PTS/1 s+ 19:00 0:00 grep vsftpd

[Email protected] ~]# NETSTAT-LNP |grepvsftpd

TCP 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 10054/vsftpd

[Email protected] ~]#

at this point, the default already has an FTP instance running, open Anonymous user access, can only read, can not write.

The VSFTPD configuration file is in the/etc/vsftpd directory, with three main files as follows:

/etc/vsftpd/ftpusers # users who can access the FTP server

/etc/vsftpd/user_list # and vsftpd.conf configuration used in combination;

/etc/vsftpd/vsftpd.conf #vsftpd master configuration file

The default open anonymous user access directory is /var/ftp/pud, then how to Configure virtual user access?

3), configure the virtual user to access the FTP service.

(1), first create a system user on the system, do not need to log on the system:

[Email protected] ~]# Useradd virftp-s/sbin/nologin–m

(2), create a password file for the virtual User:vsftpd_login, the format is a single line is the user, Shuang Hao is the password:

[Email protected] ~]# Vim/etc/vsftpd/vsftpd_login

Ftp1

Q1w2e3

Ftp2

Q1w2e3

Ftp3

Q1w2e3

[[email protected] ~]# chmod 600/etc/vsftpd/vsftpd_login # # Modify Permissions

(3), using db_load to generate a binary library file that enables VSFTPD service identification

format:db_load-t-T hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db

[Email protected]~]# db_load-t-T hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db

(4), create a virtual account, create a virtual user's profile directory:/etc/vsftpd/vsftpd_user_conf, and then create and/etc/in this virtual user's profile directory Vsftpd/vsftpd_login user files inside the same profile as the user, such as FTP1.

[[Email protected]~]# mkdir/etc/vsftpd/vsftpd_user_conf # # Virtual User profile directory

Local_root=/home/virftp/ftp1

Anonymous_enable=no

Write_enable=yes

local_umask=022

Anon_upload_enable=no

Anon_mkdir_write_enable=no

idle_session_timeout=600

data_connection_timeout=120

max_clients=10

local_max_rate=50000

(5) , create FTP shared directory /DATA/VSFTP/FTP1, and owner and owning group

[Email protected]~]# mkdir-p/HOME/VIRFTP/BFTP1

[Email protected]~]# chown-r VIRFTP:VIRFTP/HOME/VIRFTP/FTP1

(6) , edit The/etc/pam.d/vsftpd file, specify the virtual user authentication file

Auth Sufficient/lib64/security/pam_userdb.sodb=/etc/vsftpd/vsftpd_login

Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

Insert these two lines in.

(7) , modify the main configuration file /etc/vsftpd/vsftpd.conf, modify the following:

Anonymous_enable=yes modified to:Anonymous_enable=no # Close Anonymous access

#anon_upload_enable =yes modified to:Anon_upload_enable=no # turn off anonymous upload permissions

#anon_mkdir_write_enable =yes modified to:Anon_mkdir_write_enable=no

#chroot_local_user =yes modified to:Chroot_local_user=yes # Remove # Comments

Add the following configuration to the rear:

Guest_enable=yes # Open a guest user

GUEST_USERNAME=VIRFTP # Mapped system users

Virtual_use_local_privs=yes # Virtual users ' permissions to use System users

USER_CONFIG_DIR=/ETC/VSFTPD/VSFTPD_USER_CONF # Virtual user's profile directory

(8) and restart the VSFTPD service.

[Email protected]~]#/etc/init.d/vsftpd Restart

Close vsftpd: [ OK ]

start vsftpd for vsftpd: [ OK ]

Rules for adding firewalls:

[Email protected] src]# Vim/etc/sysconfig/iptables

-A input-m state--state new-m tcp-p tcp--dport 21-j ACCEPT

-A input-m state--state new-m tcp-p tcp--dport 20-j ACCEPT

also need to be modified on the/etc/sysconfig/iptables-config file as follows:

iptables_modules= "Ip_conntrack_netbios_nsip_conntrack_ftp ip_nat_ftp"

If you do not modify /etc/sysconfig/iptables-config , you will not be able to read the directory list.

[[email protected] src]#/etc/init.d/iptables Restart # Restart Firewall service

Iptables: Set the chain as policy ACCEPT:filter [ OK ]

Iptables: Clear Firewall rule: [ OK ]

Iptables: Uninstalling module: [ OK ]

Iptables: Apply firewall rule: [ OK ]

Iptables: Load additional modules:ip_conntrack_netbios_nsip_conntrac[ OK ]ip_nat_ftp

the configuration here is still relatively simple, you can modify the main configuration file/etc/vsftpd/vsftpd.conf according to their own situation .

CentOS 6.7 FTP installation configuration vsftp