Centos FTP server (local user)

The lamp environment is completed, but we need to upload the developer site to the Apache site Directory of the server, so that customers can access the normal! The upload and download service used here is VSFTPD

Environment Introduction

• Ben The case is followed by the lamp Environment building Convergence, the case uses "local user" (unsafe) to log in and upload the test
• 32-bit download  <-----;   64-bit download

Environment construction

• First, ensure that the Linux operating system can access the external network and can resolve the domain name

[Email protected] ~]# ping-c 2 Www.baidu.comPING www.a.shifen.com (61.135.169.121) (+) bytes of data.64 bytes from 61 .135.169.121:icmp_seq=1 ttl=52 time=39.5 ms64 bytes from 61.135.169.121:icmp_seq=2 ttl=52 time=39.9 ms

• Installing VSFTPD

[[email protected] ~]# yum-y install vsftpd[[email protected] ~]# chkconfig vsftpd on             //boot start [[email protected] ~]# SE Rvice vsftpd start            //Start service [[email protected] ~]# Netstat-ntulp | grep:21      //To see if it started successfully tcp        0      0 0.0.0.0:21< c5/>0.0.0.0:*                   LISTEN      4117/vsftpd[[email protected] ~]# iptables-i input-p tcp--dport 21-j ACCEPT           //Join firewall allowed Xu Rules

• Configure VSFTPD

For case requirements, the following configuration does not fully explain the FTP file parsing, will be in the following FTP virtual user one by one cited [[email protected] ~]# cd/etc/vsftpd///into the VSFTPD directory [[E                    Mail protected] vsftpd]# vim vsftpd.conf//Edit profile anonymous_enable=no//do not allow Anonymous logon Local_enable=yes Allow local logon write_enable=yes//ftp server open Write permissions to Local Users local_umask=022//set the local user's file generation mask dirmessage_enable=yes//when switching to an FTP server Directory, the ". Message" file in this directory is displayed with the content xferlog_enable=yes//enable upload and download logs connect_from_port_20=yes//enable connection requests for FTP data ports Xferlog_file =/VAR/LOG/XFERLOG//FTPD xferlog Log Save path xferlog_std_format=yes//use standard ftpd xferlog log format chroot_local_user=yes//YES, Chroot_list not to the user to switch to the parent directory, the other to switch chroot_list_enable=no//to Yes, in chroot_list to the user to switch to the parent directory, the other is not allowed//when both are Yes, chroot_ List_enable Priority chroot_list_file=/etc/vsftpd/chroot_list//chroot_list The file destination listen=yes//ftp server will use Tcp_ Wrappers as the configuration file name for the host access control mode Pam_service_name=vsftpd//pam Authentication Service, which is saved in the "/etc/pam.d/" directory userlist_enable=yes// FTP will check whether the user specified in the Userlist_file settings file can access the VSFTPD server tcp_wrappers=yesuserlist_deny=no//and USERLIST_ENABLe supporting use//Yes, User_list user list can not access the FTP server, users outside the file can access//for no, user_list user list allows access to the FTP server, users outside the file will not be able to access local_root=/var/ www/html//Local User FTP root path

[[email protected] ~]# useradd-s/sbin/nologin Lansha//Create a system user not allowed to log on [[EM Ail protected] ~]# passwd lansha//set user password [[email protected] ~]# cd/var/www///Enter the site directory [[email protecte D] www]# setfacl-m u:lansha:rwx html///Create an ACL permission so that Lansha users have read, write, and execute for html/directories [[email protected] ~]# cd/etc/vsftpd ////Enter the VSFTPD directory [[email protected] vsftpd]# vim chroot_list//Create and edit chroot_list, the user list in this area will not switch to the parent directory LAN Sha[[email protected] vsftpd]# vim user_list//Edit user_list, users other than users will not be able to log in lansha[[email protected] ~]# Setsebool-p ftp_home_dir=1//Set user can access home directory [[email protected] ~]# setsebool-p Allow_ftpd_full_access=1//                                      Set the user to have all permissions [[email protected] ~]# service vsftpd restart//Restart services shutting down VSFTPD: [OK] Starting vsftpd for VSFTPD: [OK] 

Environmental testing　

• Install the downloaded Filezila tool, open the software after the installation is complete, enter the FTP server host: ip/domain name ' lansha ', password input port 21 Click Connect

• Ensure Apache is running, upload a Web page ' index.html ' to the server locally

• Visit site

　　

　　

　　

Centos FTP server (local user)