CentOS7 install FTP service, add FTP users, and set permissions (method tutorial), centos7ftp

CentOS7 install FTP service, add FTP users, and set permissions (method tutorial), centos7ftp

Because it is private, the firewall has been disabled before this installation, so some steps are saved so that you can directly install the FTP service. If it is not disabled before the fire prevention, you can modify the configuration file.

1. Disable Firewall

[Root @ localhost ~] # Systemctl stop firewalld. service # disable Firewall

[Root @ localhost ~] # Systemctl disable firewalld. service # disable firewall startup

2. If you do not want to disable the firewall due to security concerns, you can install the iptables firewall again.

[Root @ localhost ~] # Yum install iptables-service # install iptable Firewall

[Root @ localhost ~] # Vim/etc/sysconfig/iptables # edit the iptables firewall configuration file

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

* Filter

: Input accept [0: 0]

: Forward accept [0: 0]

: Output accept [0: 0]

-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT

-A input-p icmp-j ACCEPT

-A input-I lo-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 21-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 10060: 10090-j ACCEPT

-A input-j REJECT -- reject-with icmp-host-prohibited

-A forward-j REJECT -- reject-with icmp-host-prohibited

COMMIT

Note: port 21 is the ftp service port, and port 10060 to port 10090 is the port required in Vsftpd passive mode. You can customize a tcp port greater than 1024.

[Root @ localhost ~] # Systemctl restartiptables. service # restart the firewall to make the configuration take effect

[Root @ localhost ~] # Systemctl enableiptables. service # Enable Firewall startup

3. Disable SELINUX

Here we will explain why SELINUX is disabled, because of the trouble !!!!

[Root @ localhost ~] # Vim/etc/selinux/config # modify the selinux configuration file

# SELINUX = enforcing # comment out

# SELINUXTYPE = targeted # comment out

SELINUX = disabled # Add

[Root @ localhost ~] # Sentenforce 0 # Make the configuration take effect immediately

4. Install vsftpd

[Root @ localhost ~] # Vsftpd-v # Check whether ftp service exists in the system

[Root @ localhost ~] # Yum install-y csftpd # install vsftpd

[Root @ localhost ~] # Yum install-y psmiscnet-tools systemd-devel libdb-devel perl-DBI

# Install vsftpd virtual user configuration by package

[Root @ localhost ~] # Systemctl start vsftpd. service # start

[Root @ localhost ~] # Systemctl enable vsftpd. service # Set vsftpd to start upon startup

5. Match vsftp Server

[Root @ localhost ~] # Cp/etc/vsftpd. conf/etc/vsftpd. conf_bak # back up the default configuration file

Run the following command to set

Sed-I "s/anonymous_enable = YES/anonymous_enable = NO/g" '/etc/vsftpd. conf'

Sed-I "s/# anon_upload_enable = YES/anon_upload_enable = NO/g" '/etc/vsftpd. conf'

Sed-I "s/# anon_mkdir_write_enable = YES/g" '/etc/vsftpd. conf'

Sed-I "s/# chown_uploads = YES/chown_uploads = NO/g" '/etc/vsftpd. conf'

Sed-I "s/# async_abor_enable = YES/g" '/etc/vsftpd. conf'

Sed-I "s/# ascii_upload_enable = YES/g" '/etc/vsftpd. conf'

Sed-I "s/# ascii_download_enable = YES/g" '/etc/vsftpd. conf'

Sed-I "s/# ftpd_banner = Welcome to blah FTP service./ftpd_banner = Welcome to FTPservice./g" '/etc/vsftpd. conf'

Echo-e "use_localtime = YES \ nlisten_port = 21 \ nchroot_local_user = YES \ nidle_session_timeout = 300

\ Ndata_connection_timeout = 1 \ nguest_enable = YES \ nguest_username = ftp

\ Nuser_config_dir =/etc/vsftpd/vconf \ restart rtual_use_local_privs = YES

\ Npasv_min_port = 10060 \ npasv_max_port = 10090

\ Naccept_timeout = 5 \ nconnect_timeout = 1 ">/etc/vsftpd. conf

Pay attention to the field marked with red. nguest_username = ftp is a new system user. You can name the user or create a user first, perform operations on the matching Server

1. Create a virtual user name list

[Root @ localhost ~] # Touch/etc/vcftpd/cmd_users

Edit the virtual user name file: (the first line of the account, the second line of the password, Note: Do not use root as the user name, the system retains) first create two virtual users

[Root @ localhost ~] # Vim/etc/vcftpd/cmd_users

User1

123456

User2

123456

2. Generate a virtual user data file

[Root @ localhost ~] # Db_load-T-t hash-f/etc/vsftpd/pai_users/etc/vsftpd/pai_users.db

[Root @ localhost ~] # Chmod 600/etc/vsftpd/virtusers. db # Set the PAM Authentication file and specify to read the virtual user database file

3. add information to the header of the/etc/pam. d/vsftpd file.

[Root @ localhost ~] # Cp/etc/pam. d/vsftpd/etc/pam. d/vsftpd_bak # Back up data before modification

[Root @ localhost ~] # Vim/etc/pam. d/vsftpd # modify the file content and add the following two statements to the header of the vsftpd file. The loading will not take effect.

# % PAM-1.0

Auth sufficient/lib64/security/pam_userdb.so db =/etc/vsftpd/pai_users

Account sufficient/lib64/security/pam_userdb.so db =/etc/vsftpd/pai_users

# The above two statements are newly added.

Note: If the system is 32-bit, the above is changed to lib; otherwise, the configuration fails.

Sessionoptional pam_keyinit.so force revoke

Authrequired pam_listfile.soitem = user sense = deny file =/etc/vsftpd/ftpusers onerr = succeed

Authrequired pam_shells.so

Authinclude password-auth

Accountinclude password-auth

Sessionrequired pam_loginuid.so

Sessioninclude password-auth

4. Create a system user ftp. The user directory is/home/FTPpath, and the user logon terminal is set to/bin/false (even if the user cannot log on to the system)

[Root @ localhost ~] # Useradd ftp-d/home/FTPpath-s/bin/false

[Root @ localhost ~] # Chown ftp: ftp/home/FTPpath-R

5. Create a configuration file for the virtual user's personal vsftp

[Root @ localhost ~] # Mkdir/etc/vsftpd/vconf

[Root @ localhost ~] # Cd/etc/vsftpd/vconf

[Root @ localhost ~] # Touch user1 user2 # create a configuration file for two virtual users

[Root @ localhost ~] # Mkdir-p/home/FTPpath/file # create a folder with ftp data transmission Permissions

[Root @ localhost ~] # Mkdir-p/home/FTPpath/soft

[Root @ localhost ~] # Vim user1

Local_root =/home/FTPpath/file

Write_enable = YES

Anon_world_readable_only = NO

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

Allow_writeable_chroot = YES

[Root @ localhost ~] # Vim user2

Local_root =/home/FTPpath/soft

Write_enable = YES

Anon_world_readable_only = NO

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

Allow_writeable_chroot = YES

1. Restart the vsftpd server.

[Root @ localhost ~] # Systemctl restart vsftpd. service

Note:

Vsftpd has been deployed and installed on the server. However, you may not be able to download or upload files due to insufficient permissions during upload and download.

Change the permission of the folder to be uploaded to the server to 777, as shown in figure

[Root @ localhost ~] # Chmod-R 777/home/FTPpath

Soft connection is also a useful command. Its function is to create a non-same link for a file in another location. The most common parameter of this command is-s,

1. Soft link:

Create soft link: ln-s/usr/local/node-v4.2.6-linux-x86/bin/node/usr/local/bin/node

Description: map the node under/usr/local/node-v4.2.6-linux-x86/bin/to the node under/usr/local/bin /.

Delete soft link: rm-rf/usr/local/bin/node

For example: [root @ localhost ~] # Ln-s/home/apache-tomcat-7.0.59-x64/webapps/project // home/FTPpath/tangyong

Connect the content in the project file to the tangyong file,

"/" Is not allowed to delete the soft connection. Otherwise, the folder will be deleted.