This blog must be written!
For this FTP server upload a day high!
Colleague installs CentOS 7 to install FTP,FZ connection time 550 error message!
I unloaded the reload!
1, CentOS unload the Vsftpd method
If the VSFTPD service is already installed on the server, the configuration error requires uninstalling the VSFTPD service.
1.1 Find VSFTPD Services
[Root@localhost/]# Rpm-aq vsftpd
Return results display:
Vsftpd-3.0.2-21.el7.x86_64 #此处是查找vsftpd的返回结果
Indicates that the VSFTPD service has been installed before this service period.
1.2 Removing the Found VSFTPD service
Note: Stop vsftpd before uninstalling VSFTPD
[Root@localhost/]#/sbin/service vsftpd Stop
Uninstall VSFTPD:
[Root@localhost/]# rpm-e vsftpd-3.0.2-21.el7.x86_64
Return results display:
Warning:/etc/vsftpd/vsftpd.conf saved as/etc/vsftpd/vsftpd.conf.rpmsave #删除时将备份vsftp的用户列表文件
1.3 Enter the validation command to verify that the VSFTPD service has been deleted
[Root@localhost/]#/sbin/service vsftpd stop redirecting To/bin/systemctl stop Vsftpd.service Failed to
Stop Vsftpd.service:Unit Vsftpd.service not loaded. #找不到vsftpd
[Root@localhost/]#/sbin/service vsftpd start
redirecting to/bin/systemctl start vsftpd.service
Failed To start vsftpd.service:Unit not found. #找不到vsftpd
If you enter the above two commands to show that the VSFTPD service is not found, it proves that the uninstall was successful.
2. Install VSFTPD components
[root@localhost/]# yum-y Install vsftpd
2.1 Start FTP
[Root@localhost home]# systemctl start Vsftpd.service
2.2 Release 21 Port
[Root@localhost/]# firewall-cmd--zone=public--add-port=21/tcp--permanent
[root@localhost/]# Firewall-cmd-- Reload
3, the detailed configuration of VSFTPD service
3.1 Close anonymous users
[Root@localhost vsftpd]# vim/etc/vsftpd/vsftpd.conf
Modify the following three items in the vsftpd.conf configuration file:
Anonymous_enable=no
#anon_upload_enable =yes
#anon_mkdir_write_enable =yes
Then restart the FTP service:
[root@localhost vsftpd]# systemctl Restart vsftpd.service
After you configure a reboot, anonymous users cannot log on.
3.2 Establishing an FTP virtual hosting account
New one cannot log on to the system user. Used only to log in to the FTP service, where the user directory is not set. The default is under home:
[Root@localhost vsftpd]# useradd ftpuser-s/sbin/nologin
To set a password for a ftpuser user:
[Root@localhost/]# passwd Ftpuser
3.3 View the status of the FTP
[Root@localhost/]# getsebool-a|grep FTP
Show Results:
Ftpd_anon_write--> off
ftpd_connect_all_unreserved--> off
ftpd_connect_db--> off
Ftpd_full_ Access--> off
ftpd_use_cifs--> off
ftpd_use_fusefs--> out
ftpd_use_nfs--> off
ftpd_use _passive_mode--> off
httpd_can_connect_ftp--> off
httpd_enable_ftp_server--> off
tftp_anon_ Write--> off
tftp_home_dir-->
Set the red two items above state to on:
[Root@localhost vsftpd]# setsebool-p allow_ftpd_full_access on [root@localhost-vsftpd]# setsebool-p tftp_home_
Dir on
3.4 Configuration vsftpd.conf
restricting system users from locking in the/home/ftpuser directory
If set to
chroot_local_user=yes
Chroot_list_enable=yes (this line can be either not, or can have)
chroot_list_file=/etc/ Vsftpd.chroot_list
So, all the users in the file vsftpd.chroot_list are not limit users that is
, you can browse their home directory of the parent directory.
So, if you don't want a user to be able to browse through the contents of their parent directory, you can set it up and then
do not add the user in file Vsftpd.chroot_list (at which point users in that file can browse directories outside their home directory).
Alternatively, set the following
chroot_local_user=no
Chroot_list_enable=yes (this line must be available, otherwise the file vsftpd.chroot_list will not work)
Chroot_ List_file=/etc/vsftpd.chroot_list
then adds to the file vsftpd.chroot_list all users who do not want to browse the directory permissions on their home directory (at this point, The user in the file is not allowed to browse directories outside their home directory
(one user name in a row).
[Root@localhost vsftpd]# vim/etc/vsftpd/vsftpd.conf
Here are two options, I take the second one, configured as follows:
Chroot_local_user=no
Chroot_list_enable=yes # (this line must have, otherwise file vsftpd.chroot_list will not work)
chroot_list_file=/etc /vsftpd/chroot_list
Default chroot_list is not present
[Root@localhost vsftpd]# Vim/etc/vsftpd/chroot_list
Then add Ftpuser, which means that only ftpuser can not access the parent directory, restart the vsftpd.
3.5 Modify Permissions
The permission to modify/home/ftpuser is not writable
[Root@localhost vsftpd]# chmod a-w/home/ftpuser/taotao
This is because we change the permissions on the/home/ftpuser/taotao file to not writable, so we create a images folder in this directory to upload the file. and assigning permissions to Ftpuser users
[Root@localhost taotao]# mkdir images [root@localhost images]# chown ftpuser Images
4, open PASV (passive mode)
Join at the bottom of the/etc/vsftpd/vsftpd.conf
Pasv_enable=yes
pasv_min_port=30000
pasv_max_port=30999
And added after the Userlist_enable=yes file
Userlist_deny=no
Userlist_file=/etc/vsftpd/user_list
To open a firewall:
[Root@localhost taotao]# firewall-cmd--zone=public--add-port=30000-30999/tcp--permanent
[Root@localhost taotao]# Firewall-cmd--reload
This allows you to upload files using the FTP server.
Reference Links:
http://chadou.me/p/184
http://bguncle.blog.51cto.com/3184079/957315/