CentOS 7.0 Build VSFTP Server

First, configure the firewall to open the port required by the FTP server

CentOS 7.0 defaults to using firewall as the firewall, where the iptables firewall is changed.

1. Close firewall:

Systemctl Stop Firewalld.service #停止firewall

Systemctl Disable Firewalld.service #禁止firewall开机启动

2. Install iptables Firewall

Yum Install iptables-services #安装

Vi/etc/sysconfig/iptables #编辑防火墙配置文件

# Firewall configuration written by System-config-firewall

# Manual Customization of this file are not recommended.

*filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

-A input-m state--state established,related-j ACCEPT

-A input-p icmp-j ACCEPT

-A input-i lo-j ACCEPT

-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT

-A input-m state--state new-m tcp-p TCP--dport 21-j ACCEPT

-A input-m state--state new-m tcp-p TCP--dport 10060:10090-j ACCEPT

-A input-j REJECT--reject-with icmp-host-prohibited

-A forward-j REJECT--reject-with icmp-host-prohibited

COMMIT

: wq! #保存退出

Systemctl Restart Iptables.service #最后重启防火墙使配置生效

Systemctl Enable Iptables.service #设置防火墙开机启动

Note: Port 21 is an FTP service port, and 10060 to 10090 is the port required for VSFTPD passive mode, and a TCP port greater than 1024 can be customized.

Second, to close SELinux

Vi/etc/selinux/config

#SELINUX =enforcing #注释掉

#SELINUXTYPE =targeted #注释掉

Selinux=disabled #增加

: wq! #保存退出

Setenforce 0 #使配置立即生效

Third, installation vsftpd

Yum install-y vsftpd #安装vsftpd

Yum install-y psmisc net-tools systemd-devel libdb-devel perl-dbi #安装vsftpd虚拟用户配置依赖包

Systemctl Start Vsftpd.service #启动

Systemctl Enable Vsftpd.service #设置vsftpd开机启动

Iv. Configuring the VSFTP server

Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf-bak #备份默认配置文件

Execute the following command to set

Sed-i "s/anonymous_enable=yes/anonymous_enable=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#anon_upload_enable =yes/anon_upload_enable=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#anon_mkdir_write_enable =yes/anon_mkdir_write_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#chown_uploads =yes/chown_uploads=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#async_abor_enable =yes/async_abor_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ascii_upload_enable =yes/ascii_upload_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ascii_download_enable =yes/ascii_download_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ftpd_banner =welcome to blah FTP service./ftpd_banner=welcome to ftp service./g" '/etc/vsftpd/vsftpd.conf '

Echo-e "use_localtime=yes\nlisten_port=21\nchroot_local_user=yes\nidle_session_timeout=300

\ndata_connection_timeout=1\nguest_enable=yes\nguest_username=vsftpd

\nuser_config_dir=/etc/vsftpd/vconf\nvirtual_use_local_privs=yes

\npasv_min_port=10060\npasv_max_port=10090

\naccept_timeout=5\nconnect_timeout=1 ">>/etc/vsftpd/vsftpd.conf

V. Create a virtual user list file

Touch/etc/vsftpd/virtusers

Edit Virtual User list file: (First line account, second line password, note: Cannot use ROOT to do user name, system reservation)

Vi/etc/vsftpd/virtusers

Web1

123456

Web2

123456

Web3

123456

: wq! #保存退出

VI. Generate virtual user data files

Db_load-t-T Hash-f/etc/vsftpd/virtusers/etc/vsftpd/virtusers.db

chmod 600/etc/vsftpd/virtusers.db #设定PAM验证文件 and specifies that the virtual user database file be read

Add the following information to the header of the/etc/pam.d/vsftpd file (invalid after adding)

Back up Cp/etc/pam.d/vsftpd/etc/pam.d/vsftpdbak before modifying

Vi/etc/pam.d/vsftpd

Auth sufficient/lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/virtusers

Note: If the system is 32-bit, the above is changed to LIB, otherwise the configuration fails

Eight, the new system user VSFTPD, the user directory is/home/wwwroot, the user login terminal is set to/bin/false (even if it cannot log on to the system)

Useradd vsftpd-d/home/wwwroot-s/bin/false

Chown Vsftpd:vsftpd/home/wwwroot-r

Chown Www:www/home/wwwroot-r #如果虚拟用户的宿主用户为www, this setting is required.

Ix. setting up the profile of the virtual user's personal vsftp

Mkdir/etc/vsftpd/vconf

Cd/etc/vsftpd/vconf

Touch Web1 web2 web3 #这里创建三个虚拟用户配置文件

Mkdir-p/home/wwwroot/web1/http/

VI web1 #编辑用户web1配置文件, other similar to this configuration file

local_root=/home/wwwroot/web1/http/

Write_enable=yes

Anon_world_readable_only=no

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

Ten, finally restart the VSFTPD server

Systemctl Restart Vsftpd.service

Note:

GUEST_USERNAME=VSFTPD #指定虚拟用户的宿主用户 (The new user in front of us)

Guest_username=www #如果ftp目录是指向网站根目录, used to upload the website program, you can specify the virtual user's host user for Nginx run account www, you can avoid many permissions settings problems

At this point, the CentOS 7.0 installation configuration Vsftp server configuration is complete.

CentOS 7.0 Build VSFTP Server