CENTOS7 Configuring the FTP server

1. Installation

Yum-y Install VSFTPD

2. Configuration

Vim/etc/vsftpd/vsftpd.conf

　　

# Example Config file/etc/vsftpd/vsftpd.conf

#

# The default compiled in Settings is fairly paranoid. This sample file

# loosens things up a bit, to make the FTP daemon more usable.

# vsftpd.conf.5 See the compiled in defaults.

#

# READ This:this Example file is a exhaustive list of vsftpd options.

# Please read the VSFTPD.CONF.5 manual page to get a full idea of vsftpd ' s

# capabilities.

#

# Allow anonymous FTP? (beware-allowed by default if you comment this out).

Anonymous_enable=no

#

# Uncomment this to allow local users to log in.

# when SELinux are enforcing check for SE bool Ftp_home_dir

Local_enable=yes

#

# Uncomment this to enable any form of FTP write command.

Write_enable=yes

#

# Default Umask for Local Users is 077. If you are wish to 022,

# If your users expect that (022 was used by the most other ftpd ' s)

local_umask=066

#

# Uncomment the anonymous FTP user to upload files. This only

# has a effect if the above global write enable is activated. Also, you'll

# obviously need to create a directory writable by the FTP user.

# when SELinux are enforcing check for SE bool Allow_ftpd_anon_write, allow_ftpd_full_access

#anon_upload_enable =yes

#

# Uncomment this if you want the anonymous FTP user to being able to create

# New directories.

#anon_mkdir_write_enable =yes

#

# Activate Directory messages-messages given to remote users when they

# go into a certain directory.

Dirmessage_enable=yes

#

# Activate logging of Uploads/downloads.

Xferlog_enable=yes

#

# Make sure port transfer connections originate from Port (ftp-data).

Connect_from_port_=yes

#

# If you want, you can arrange for uploaded anonymous files to being owned by

# a different user. note! Using "root" for uploaded files are not

# recommended!

#chown_uploads =yes

#chown_username =whoever

#

# you could override where the log file goes if you like. The default is shown

# below.

Xferlog_file=/var/log/xferlog

#

# If you want, you can have the your log file in the standard FTPD xferlog format.

# Note that the default log file is location Is/var/log/xferlog.

Xferlog_std_format=yes

#

# You could change the default value of timing out an idle session.

idle_session_timeout=600

#

# The default value for timing out a data connection.

Data_connection_timeout=1

#

# It is recommended so define on your system a unique user which the

# FTP server can use as a totally isolated and unprivileged user.

#nopriv_user =ftpsecure

#

# Enable This and the server would recognise asynchronous ABOR requests. Not

# Recommended for security (the code is non-trivial). Not enabling it,

# However, may confuse older FTP clients.

#async_abor_enable =yes

#

# By default the server would pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to has the server actually do ASCII

# mangling on files while in ASCII mode.

# beware, some FTP servers, ASCII support allows a denial of service

# Attack (DoS) via the command "Size/big/file" in ASCII mode. Vsftpd

# predicted this attack and have always been safe, reporting the size of the

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable =yes

#ascii_download_enable =yes

#

# fully customise the login banner string:

Ftpd_banner=welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# Useful for combatting certain DoS attacks.

#deny_email_enable =yes

# (default follows)

#banned_email_file =/etc/vsftpd/banned_emails

#

# Specify an explicit list of the Local users to Chroot () to their home

# directory. If Chroot_local_user is YES and then this list becomes a list of

# users to not Chroot ().

# (warning! chroot ' ing can be very dangerous. If using Chroot, make sure that

# The user does not has the write access to the top level directory within the

# chroot)

Chroot_local_user=yes

#chroot_list_enable =yes

# (default follows)

#chroot_list_file =/etc/vsftpd/chroot_list

#

# You may activate the "-r" option to the builtin LS. This was disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# The presence of the "-r" option, so there was a strong case for enabling it.

Ls_recurse_enable=yes

#

# when "Listen" directive are enabled, VSFTPD runs in standalone mode and

# listens on IPV4 sockets. This directive cannot is used in conjunction

# with the Listen_ipv6 directive.

Listen=yes

#

# This directive enables listening on IPV6 sockets. By default, listening

# on the IPv6 ' any ' address (::) would accept connections from both IPV6

# and IPV4 clients. It isn't necessary to listen on *both* IPv4 and IPV6

# sockets. If you want this (perhaps because you want to listen on specific

# addresses) Then you must run the copies of VSFTPD with the configuration

# files.

# Make sure, which one of the listen options is commented!!

#listen_ipv6 =yes

Pam_service_name=vsftpd

Userlist_enable=yes

Userlist_deny=no

Local_root=/var/public_root

Tcp_wrappers=yes

Use_localtime=yes

Allow_writeable_chroot=yes

3. Increase the number of FTP users

[[email protected] ~]# useradd cent -s /sbin/nologin [[email protected] ~]# passwd cent4. Edit user_list to allow cent users to access FTP

[Email protected] vsftpd]# vim user_list

# vsftpd UserList

# If Userlist_deny=no, only allow users in the this file

# If Userlist_deny=yes (default), never allow users in the this file, and

# do not even prompt for a password.

# Note that the default Vsftpd Pam Config also checks/etc/vsftpd/ftpusers

# for users, that is denied.

Root

Bin

Daemon

Adm

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

operator

Games

Nobody

cent                      

5. build our root directory and set access permissions

[[email protected] ~]# mkdir /var/public_root [[email protected] ~]# chown -R cent /var/public_root [[email protected] ~]# chmod -R 755 /var/public_root6. Start the service [[email protected] ~]# service vsftpd start7. Set boot start [[email protected] var]# chkconfig vsftpd on 8.uninstalling the Vsftpd method

If VSFTPD is installed on the server, the configuration error requires uninstalling VSFTPD
[Email protected] ~]# Rpm-aq vsftpd

vsftpd-2.0.5-16.el5_5.1 #此处是查找vsftpd的返回结果

[Email protected] ~]# rpm-e vsftpd-2.0.5-16.el5_5.1

#用rpm-E Search result is OK to delete.
Warning:/etc/vsftpd/user_list saved As/etc/vsftpd/user_list.rpmsave
Warning:/etc/vsftpd/ftpusers saved as/etc/vsftpd/ftpusers.rpmsave #删除时将备份vsftp的用户列表文件.

See if VSFTPD is uninstalled, stop and start:

[[email protected] ~]# /sbin/service vsftpd stop

vsftpd:unrecognized Service #找不到vsftpd[Email protected] ~]#/sbin/service vsftpd start

Vsftpd:unrecognized service #找不到vsftpd记住, stop vsftpd before uninstalling VSFTPD.

CENTOS7 Configuring the FTP server