CentOS 7 Installation VSFTPD Service Tutorial

Source: Internet
Author: User
Tags parent directory

This blog must be written!

For this FTP server upload a day high!

Colleague installs CentOS 7 to install FTP,FZ connection time 550 error message!

I unloaded the reload!

1, CentOS unload the Vsftpd method

If the VSFTPD service is already installed on the server, the configuration error requires uninstalling the VSFTPD service.

1.1 Find VSFTPD Services

[Root@localhost/]# Rpm-aq vsftpd

Return results display:

Vsftpd-3.0.2-21.el7.x86_64 #此处是查找vsftpd的返回结果

Indicates that the VSFTPD service has been installed before this service period.

1.2 Removing the Found VSFTPD service

Note: Stop vsftpd before uninstalling VSFTPD

[Root@localhost/]#/sbin/service vsftpd Stop

Uninstall VSFTPD:

[Root@localhost/]# rpm-e vsftpd-3.0.2-21.el7.x86_64

Return results display:

Warning:/etc/vsftpd/vsftpd.conf saved as/etc/vsftpd/vsftpd.conf.rpmsave #删除时将备份vsftp的用户列表文件

1.3 Enter the validation command to verify that the VSFTPD service has been deleted

[Root@localhost/]#/sbin/service vsftpd stop redirecting To/bin/systemctl stop Vsftpd.service Failed to
Stop Vsftpd.service:Unit Vsftpd.service not loaded. #找不到vsftpd
[Root@localhost/]#/sbin/service vsftpd start
redirecting to/bin/systemctl start  vsftpd.service
Failed To start vsftpd.service:Unit not found. #找不到vsftpd

If you enter the above two commands to show that the VSFTPD service is not found, it proves that the uninstall was successful.

2. Install VSFTPD components

[root@localhost/]# yum-y Install vsftpd

2.1 Start FTP

[Root@localhost home]# systemctl start Vsftpd.service

2.2 Release 21 Port

[Root@localhost/]# firewall-cmd--zone=public--add-port=21/tcp--permanent
[root@localhost/]# Firewall-cmd-- Reload

3, the detailed configuration of VSFTPD service

3.1 Close anonymous users

[Root@localhost vsftpd]# vim/etc/vsftpd/vsftpd.conf

Modify the following three items in the vsftpd.conf configuration file:

Anonymous_enable=no
#anon_upload_enable =yes
#anon_mkdir_write_enable =yes

Then restart the FTP service:

[root@localhost vsftpd]# systemctl Restart  vsftpd.service

After you configure a reboot, anonymous users cannot log on.

3.2 Establishing an FTP virtual hosting account

New one cannot log on to the system user. Used only to log in to the FTP service, where the user directory is not set. The default is under home:

[Root@localhost vsftpd]# useradd ftpuser-s/sbin/nologin

To set a password for a ftpuser user:

[Root@localhost/]# passwd Ftpuser

3.3 View the status of the FTP

[Root@localhost/]# getsebool-a|grep FTP

Show Results:

Ftpd_anon_write--> off
ftpd_connect_all_unreserved--> off
ftpd_connect_db--> off
Ftpd_full_ Access--> off
ftpd_use_cifs--> off
ftpd_use_fusefs--> out
ftpd_use_nfs--> off
ftpd_use _passive_mode--> off
httpd_can_connect_ftp--> off
httpd_enable_ftp_server--> off
tftp_anon_ Write--> off
tftp_home_dir-->

Set the red two items above state to on:

[Root@localhost vsftpd]# setsebool-p allow_ftpd_full_access on [root@localhost-vsftpd]# setsebool-p tftp_home_
Dir on

3.4 Configuration vsftpd.conf

restricting system users from locking in the/home/ftpuser directory

If set to
chroot_local_user=yes
Chroot_list_enable=yes (this line can be either not, or can have)
chroot_list_file=/etc/ Vsftpd.chroot_list
So, all the users in the file vsftpd.chroot_list are not limit users that is
, you can browse their home directory of the parent directory.

So, if you don't want a user to be able to browse through the contents of their parent directory, you can set it up and then
do not add the user in file Vsftpd.chroot_list (at which point users in that file can browse directories outside their home directory).
Alternatively, set the following
chroot_local_user=no
Chroot_list_enable=yes (this line must be available, otherwise the file vsftpd.chroot_list will not work)
Chroot_ List_file=/etc/vsftpd.chroot_list
then adds to the file vsftpd.chroot_list all users who do not want to browse the directory permissions on their home directory (at this point, The user in the file is not allowed to browse directories outside their home directory
(one user name in a row).

[Root@localhost vsftpd]# vim/etc/vsftpd/vsftpd.conf

Here are two options, I take the second one, configured as follows:

Chroot_local_user=no
Chroot_list_enable=yes # (this line must have, otherwise file vsftpd.chroot_list will not work)
chroot_list_file=/etc /vsftpd/chroot_list

Default chroot_list is not present

[Root@localhost vsftpd]# Vim/etc/vsftpd/chroot_list

Then add Ftpuser, which means that only ftpuser can not access the parent directory, restart the vsftpd.

3.5 Modify Permissions

The permission to modify/home/ftpuser is not writable

[Root@localhost vsftpd]# chmod a-w/home/ftpuser/taotao

This is because we change the permissions on the/home/ftpuser/taotao file to not writable, so we create a images folder in this directory to upload the file. and assigning permissions to Ftpuser users

[Root@localhost taotao]# mkdir images [root@localhost images]# chown ftpuser Images

4, open PASV (passive mode)

Join at the bottom of the/etc/vsftpd/vsftpd.conf

Pasv_enable=yes
pasv_min_port=30000
pasv_max_port=30999

And added after the Userlist_enable=yes file

Userlist_deny=no
Userlist_file=/etc/vsftpd/user_list

To open a firewall:

[Root@localhost taotao]# firewall-cmd--zone=public--add-port=30000-30999/tcp--permanent 
[Root@localhost taotao]# Firewall-cmd--reload

This allows you to upload files using the FTP server.


Reference Links:

http://chadou.me/p/184

http://bguncle.blog.51cto.com/3184079/957315/

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.