CENTOS7 Minimal Build vsftp server

First, configure the firewall to open the port required by the FTP server

CentOS 7.0 defaults to using firewall as the firewall, not the iptables firewall.

1, Firewall release ftp:

firewall-cmd --add-service=ftp --permanent    #添加ftp通行规则

firewall-cmd --reload     #重新加载防火墙策略

Ii. using the SELinux tolerance model

Method One:

Setenforce 0 #使Selinux运行在宽容模式

Method Two: It is recommended to use this method

After research, another more ideal approach has been found. First look at the settings for the FTP setting in SELinux:

Getsebool-a|grep FTP

Allow_ftpd_anon_write--off
Allow_ftpd_full_access--off
Allow_ftpd_use_cifs--off
Allow_ftpd_use_nfs--off
Allow_tftp_anon_write--off
Ftp_home_dir--off
ftpd_connect_db--off
Ftpd_disable_trans-On
Ftpd_is_daemon-On
Httpd_enable_ftp_server--off
Tftpd_disable_trans--off

After trying to find, open Ftp_home_dir or Ftpd_disable_trans. Can reach the enforcing level, allowing FTP to log in normally.

Setsebool-p Ftpd_disable_trans 1
Or
Setsebool-p Ftp_home_dir 1
Service VSFTPD Restart

Plus-P is the Save option, and you do not have to re-execute this command each time you restart.

Third, installation vsftpd

Yum install-y vsftpd #安装vsftpd

Yum install-y psmisc net-tools systemd-devel libdb-devel perl-dbi #安装vsftpd虚拟用户配置依赖包

Systemctl Start Vsftpd.service #启动

Systemctl Enable Vsftpd.service #设置vsftpd开机启动

Iv. Configuring the VSFTP server

Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf-bak #备份默认配置文件

You can also use Vim to edit vsftod.conf content by executing the following command

Sed-i "s/anonymous_enable=yes/anonymous_enable=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#anon_upload_enable =yes/anon_upload_enable=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#anon_mkdir_write_enable =yes/anon_mkdir_write_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#chown_uploads =yes/chown_uploads=no/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#async_abor_enable =yes/async_abor_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ascii_upload_enable =yes/ascii_upload_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ascii_download_enable =yes/ascii_download_enable=yes/g" '/etc/vsftpd/vsftpd.conf '

Sed-i "s/#ftpd_banner =welcome to blah FTP service./ftpd_banner=welcome to ftp service./g" '/etc/vsftpd/vsftpd.conf '

Echo-e "use_localtime=yes\nlisten_port=21\nchroot_local_user=yes\nidle_session_timeout=300

\ndata_connection_timeout=1\nguest_enable=yes\nguest_username=vsftpd

\nuser_config_dir=/etc/vsftpd/vconf\nvirtual_use_local_privs=yes

\npasv_min_port=10060\npasv_max_port=10090

\naccept_timeout=5\nconnect_timeout=1 ">>/etc/vsftpd/vsftpd.conf

V. Create a virtual user list file

Touch/etc/vsftpd/virtusers

Edit Virtual User list file: (First line account, second line password, note: Cannot use ROOT to do user name, system reservation)

Vi/etc/vsftpd/virtusers

Web1

123456

Web2

123456

Web3

123456

: wq! #保存退出

VI. Generate virtual user data files

Db_load-t-T Hash-f/etc/vsftpd/virtusers/etc/vsftpd/virtusers.db

chmod 600/etc/vsftpd/virtusers.db #设定PAM验证文件 and specifies that the virtual user database file be read

Add the following information to the header of the/etc/pam.d/vsftpd file (invalid after adding)

Back up Cp/etc/pam.d/vsftpd/etc/pam.d/vsftpdbak before modifying

Vi/etc/pam.d/vsftpd

Auth sufficient/lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/virtusers

Note: If the system is 32-bit, the above is changed to LIB, otherwise the configuration fails

Eight, the new system user VSFTPD, the user directory is/home/wwwroot, the user login terminal is set to/bin/false (even if it cannot log on to the system)

Useradd vsftpd-d/home/wwwroot-s/bin/false

Chown Vsftpd:vsftpd/home/wwwroot-r

Chown Www:www/home/wwwroot-r #如果虚拟用户的宿主用户为www, this setting is required.

Ix. setting up the profile of the virtual user's personal vsftp

Mkdir/etc/vsftpd/vconf

Cd/etc/vsftpd/vconf

Touch Web1 web2 web3 #这里创建三个虚拟用户配置文件

Mkdir-p/home/wwwroot/web1/http/

VI web1 #编辑用户web1配置文件, other similar to this configuration file

local_root=/home/wwwroot/web1/http/

Write_enable=yes

Anon_world_readable_only=no

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

Ten, finally restart the VSFTPD server

Systemctl Restart Vsftpd.service

Note:

GUEST_USERNAME=VSFTPD #指定虚拟用户的宿主用户 (The new user in front of us)

Guest_username=www #如果ftp目录是指向网站根目录, used to upload the website program, you can specify the virtual user's host user for Nginx run account www, you can avoid many permissions settings problems

CENTOS7 Minimal Build vsftp server