CentOS Open FTP and configure users

VSFTPD, as an FTP server, is very common in Linux systems. Below we describe how to install VSFTP on the CentOS system.

What is VSFTPD

VSFTPD is the most respected FTP server program in the Linux distribution. Features are small and light, safe and easy to use.

VSFTPD's name stands for "Very secure FTP daemon" and security is one of the first issues that its developer Chris Evans considers. At the very beginning of the design and development of this FTP server, high security is a goal.

Installing VSFTPD

1. Execute the following command as Administrator (root)

1. Yum Install vsftpd

2. Set Boot VSFTPD FTP service

1. Chkconfig vsftpd on

3. Start VSFTPD Service

1. Service VSFTPD Start

Manage VSFTPD Related commands:

Stop Vsftpd:service vsftpd Stop

Restart Vsftpd:service vsftpd Restart

Configuring firewalls

Open/etc/sysconfig/iptables File

1. Vi/etc/sysconfig/iptables

Add the following code before reject line

1. -A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 21-j ACCEPT

Save and close files, restart firewall

1. Service Iptables Start

Configuring the VSFTPD Server

The default configuration file is/etc/vsftpd/vsftpd.conf, which you can open with a text editor.

1. Vi/etc/vsftpd/vsftpd.conf

Add FTP User

Here is the Add Ftpuser user, set the root directory to/var/www, prevent this user from logging on to SSH, and restrict access to other directories.

1, modify the/etc/vsftpd/vsftpd.conf

Put the bottom three lines

1. #chroot_list_enable =yes
2. # (default follows)
3. #chroot_list_file =/etc/vsftpd.chroot_list

Switch

1. Chroot_list_enable=yes
2. # (default follows)
3. Chroot_list_file=/etc/vsftpd/chroot_list

3, add user Ftpuser, point to directory/var/www, prohibit login SSH permission.

1. useradd-d/home/www-g ftp-s/sbin/nologin ftpuser

4. Set User password

1. passwd Ftpuser

5. Edit File Chroot_list:

1. Vi/etc/vsftpd/chroot_list

The content is an FTP user name, one row per user, such as:

Peter
John

6. Restart VSFTPD

1. Service VSFTPD Restart

In addition, if you find it cumbersome to manage FTP usernames later, you can use the official CentOS release script management. The address is as follows:

Http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users

Errors that occur

1. Oops:cannot Change Directory
Workaround:

In the terminal input command:

1. Setsebool-p Ftpd_disable_trans 1
2. Service VSFTPD Restart

It's OK!
Cause: This is because the server has SELinux enabled, which limits FTP logins.

CentOS vsftpd appears 553 Could not create file workaround

1. First make sure your FTP directory file is writable, ls-l can see if not chmod 777 FTPD directory

2. Use the command getsebool-a|grep FTP to view Ftpd_disable_transFtp_home_dir Whether the allow_ftpd_full_access is onif not, use theSetsebool Allow_Sftpd_full_access on Setsebool Ftpd_disable_trans onsetsebool Ftp_home_dir on3. Generally this is OK, if not yet please check the configuration file, if the configuration file is not a problem can be remote connection server in the FTP directory to create a random file, using FTP refresh under the directory will be back to normal (this situation I have encountered)

4, Chmod-r 777/var/www

7. Implementing a virtual path
Attach a directory to the FTP server for use by the user, which is called a virtual path.
For example, the GXL user's directory is attached to the FTP server for FTP server users, using the following command:
[email protected] opt]# Mount--bind/home/gxl/var/ftp/pub #使用挂载命令
[Email protected] opt]# ls/var/ftp/pub
Lumaqq screenshot.png Desktop

8. Open the VSFTPD log function
Add the following line to the vsftpd.conf file, in general, the file has this line, as long as the previous comment symbol # is removed, no words added, or modified:
Xferlog_file=/var/log/vsftpd.log

9. Limit the number of links, and the maximum number of links per IP
Modify the configuration file, for example vsftp the maximum number of support links 100, each IP can support 5 links:
max_client=100
Max_per=5

10. Limit Transfer Speed
Modify the configuration file, such as letting anonymous users and users on VSFTD (that is, virtual users) download at 80kb=1024*80=81920 speed
anon_max_rate=81920
local_max_rate=81920

11. Restrict users (typically virtual users) to their own directory
Modify the configuration file so that users can only access their home directories:
Chroot_local_user=yes
If you only want some users to be able to access only their own directory, other users do not make this restriction, then you need to add this user in the Chroot_list file (this file is typically in/etc/vsftpd/).
Edit this file, such as adding the test user to this file, then write it. In general, a user takes one line.
[email protected] vsftpd]# cat Chroot_list
Test

12. Bind an IP to VSFTPD
Sometimes you have to restrict certain IP access servers, allowing only certain IP access, such as allowing only 192.168.0.33 access to this FTP, as well as modifying the configuration file:
listen_address=192.168.0.33

Configure vsftpd.conf
Anonymous_enable=no #禁止匿名
Local_enable=yes #允许本地登录
Write_enable=yes #允许写, if you want to upload, you must
local_umask=027 #将上传文件的权限设置为: 777-local_umask
Anon_upload_enable=yes #允许虚拟用户和匿名用户上传
Anon_other_write_enable=yes #允许虚拟用户和匿名用户修改文件名和删除文件
Dirmessage_enable=yes
Xferlog_enable=yes #打开日志记录
Connect_from_port_20=yes
Xferlog_file=/var/log/vsftpd.log #日志存放位置
Xferlog_std_format=yes #标准日志格式
idle_session_timeout=600 #空闲连接超时
data_connection_timeout=120
Ftpd_banner=welcome to chinarise FTP service #欢迎信息
Guest_enable=yes #允许虚拟用户
Guest_username=vsftpdguest #虚拟用户使用的系统账号
Virtual_use_local_privs=yes #虚拟用户拥有本地系统权限

                    chroot_local_user=no              
                    Chroot_list_enable=yes
                      #以上两行将虚拟用户限制在其目录下, no access to other directories, or direct                               
                    chroot_local_user=yes                                 

Listen=yes #监听/Passive mode
Listen_port=21 #监听端口

Chroot_list_file=/etc/vsftpd/vsftpd.chroot_list #虚拟用户名单保存在文件/etc/vsftpd/vsftpd.chroot_list
user_config_dir=/etc/vsftpd/vsftpd_user_conf #每个虚拟用户名的更加详细的培植保存在/etc/vsftpd/vsftpd_user_conf

Other settings for virtual users

Write the name of the virtual user allowed to login in the/etc/vsftpd/vsftpd.chroot_list file, one per line
Create a file in the/etc/vsftpd/vsftpd_user_conf folder named after the user name of the virtual user.
Write: Local_root =/var/ftp/subdirectory name
Then create a corresponding directory under/var/ftp to

CentOS Open FTP and configure users