CentOS Configure FTP entire process to resolve FTP user login denied

A morning time fiddling with the server's FTP problem, increased the user, FTP landing or was rejected, the beginning of the record as follows:

Environment CentOS7, Firewall is iptables

Run as administrator: Yum install vsftpd# install FTP chkconfig vsftpd on# set boot up
Service VSFTPD Start #启动ftp服务
Yum-y Install FTP #安装组件,
FTP localhost #测试登陆, enter user name FTP, password casually (because the default is to allow anonymous) logon success, on behalf of the FTP service available. However, the extranet is not accessible, so continue to configure.
Vim/etc/sysconfig/iptables #找到一行22-j ACCEPT Copy it to the following line, change the port number 22 to 21, and save the exit
Service iptables Restart #重启防火墙
vim/etc/vsftpd/vsftpd.conf #去掉两行注释 #chroot_list_enable =yes and #chroot_list_file =/etc/vsftpd.chroot_list's # service. VSFTPD Restart #重启ftp服务
useradd-d/www AAA #新建用户aaa, and specify/www as Access directory
passwd AAA #给用户aaa设置密码 usermod-d/www/app AAA #修改aaa的主目录为/www/app
Finally, here is still login denied, vim/etc/vsftpd/user_list Open here to look at, each user name exclusive line, this is a ban on the list, the AAA to remove the OK.
Then, the new bought a Ali server, centos7.2, installed the latest VSFTPD again encountered 500 can not log on the problem, the final solution is in: vim/etc/vsftpd/vsftpd.conf configuration file Add a row

Allow_writeable_chroot=yes

If still not, but after the firewall can log on FTP, search is iptables need to add modules

1. Add Ip_conntrack_ftp Module
[root@hexuweb101 ~] Vi/etc/sysconfig/iptables-config
Add the following line
iptables_modules= "Ip_conntrack_ftp"
Here is an explanation:

After 2.3.5, VSFTPD enhances the security check and if the user is restricted to its home directory, the user's home directory cannot have write permission anymore. If the check finds that there is write permission, the error is reported.

To fix this error, you can use the command chmod a-w/home/user to remove write permissions for the user's home directory, and pay attention to replacing the directory with your own. Or you can add one of the following two items to the VSFTPD configuration file: