Install vsftpd first. We recommend that you install yum.
Yum install vsftpd-y
Change configuration file
Anonymous_enable = NO
Local_enable = YES
Write_enable = YES
Local_umask = 022
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Xferlog_std_format = YES
Ftpd_banner = Welcome to 41 FTP service.
Listen = YES
Chroot_local_user = YES
Userlist_deny = NO
Pasv_promiscuous = YES
Pam_service_name = vsftpd
Userlist_enable = YES
Tcp_wrappers = YES
Pasv_enable = YES
Pasv_min_port = 40000
Pasvanderbilt max_port = 40020
Pasv_address = 121. x
After installation, you can start it:
Service vsftpd start
Before use, you need to configure:
1. Use useradd to add a user and set the corresponding directory. For example, useradd-d/home/ftpdata/ftpuser1 uses passwd ftpuser1 to change the password of the user. The upper-layer directory of ftpdata is based on the write permission of ftp users. By default, only rx is allowed.
2./etc/vsftpd/user_list: add the FTP users to the list. For example, ftpuser1
3. Edit/etc/vsftpd. conf to set pasv_promiscuous = YES and restart the vsftp service. Otherwise, 425 Security: Bad IP connecting will be reported.
After completing the preceding operations, you can use the vsftp service normally. I searched some ftp configuration files and some configuration instructions on the Internet below to facilitate later optimization.
Vsftpd configuration file
/Etc/vsftpd. conf main configuration file
Main program of/usr/sbin/vsftpd Vsftpd
/Etc/rc. d/init. d/vsftpd startup script
/Etc/pam. d/vsftpd PAM authentication file (the file =/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the user in the/etc/vsftpd/ftpusers file)
/Etc/vsftpd/ftpusers disable vsftpd user list files. Record the user name list that is not allowed to access the FTP server. The administrator can record some user accounts that are threatening system security in this file, this prevents the user from getting the right to upload or download more after logging on from FTP, which may cause damage to the system. (Note: This file is in the/etc/directory in the linux-4)
/Etc/vsftpd/user_list prohibit or allow vsftpd user list files. The default user information specified in this file (in/etc/vsftpd. if userlist_deny = YES is set in conf, the FTP server cannot be accessed. When userlist_deny = NO is set, only the user specified in user_list can access the FTP server. (Note: This file is in the/etc/directory in the linux-4)
/Var/ftp anonymous user home directory; local user home directory:/home/user home directory, that is, log on to your home directory
/Var/ftp/pub anonymous user's download directory, which must be authorized to the root chmod 1777 pub (1 is a special permission, so that it cannot be deleted after Upload)
/Etc/logrotate. d/vsftpd. log Vsftpd log file
Vsftpd master configuration file/etc/vsftpd. conf description (backup before modification)
# Whether anonymous logon to the FTP server is allowed. The default value is YES.
# You can use the username ftp or anonymous for ftp login. The password is your e-mail address.
# If anonymous access is not allowed, set it to NO
Anonymous_enable = YES
# Whether to allow a local user (that is, a user account in linux) to log on to the FTP server. The default value is YES.
# After a local user logs on, the user's home directory is displayed. After an anonymous user logs on, the user's download directory/var/ftp/pub is displayed.
# If only anonymous users are allowed to access the FTP server, add the # comment above to prevent local users from accessing the FTP server
Local_enable = YES
# Whether to allow local users to have write permissions on FTP server files. The default value is YES.
Write_enable = YES
# Mask. The local user's default mask is 077.
# You can set the local user's file mask to the default value of 022, or set it to another value based on your preferences.
# Local_umask = 022
# Whether anonymous users are allowed to upload files must set global write_enable = YES. YES by default
# Anon_upload_enable = YES
# Allow anonymous users to create new folders
# Anon_mkdir_write_enable = YES
# Whether to activate the directory welcome information function
# When a user accesses a directory on the server for the first time in CMD mode, the FTP server displays the welcome information
# By default, the welcome information is obtained through the. message file in this directory.
# This file stores custom welcome information, which is created by the user
# Dirmessage_enable = YES
# Whether to enable the system to automatically maintain the uploaded and downloaded log files
# By default, the log file is/var/log/vsftpd. log. You can also set it using the xferlog_file option below.
# The default value is NO.
Xferlog_enable = YES
# Make sure PORT transfer connections originate from port 20 (ftp-data ).
# Whether to set the FTP server to enable the FTP data port connection request
# Ftp-data transmission, 21 is the connection control port
Connect_from_port_20 = YES
# Set whether the owner of the uploaded file can be changed and used with the following configuration item
# Note: it is not recommended to use the root user to upload files.
# Chown_uploads = YES
# Set the owner of the file to be uploaded. If necessary, enter a system user name.
# You can change all uploaded files to the root owner. Whoever: Anyone
# Chown_username = whoever
# Set the log file for system maintenance record uploading and downloading on the FTP server
#/Var/log/vsftpd. log is the default value. You can also set another
# Xferlog_file =/var/log/vsftpd. log
# Whether to write and transmit log files in standard xferlog format
# The default value is/var/log/xferlog. You can also set it using the xferlog_file option.
# The default value is NO.
# Xferlog_std_format = YES
# The following are additional configurations. Adding corresponding options will enable the corresponding settings.
# Whether to generate two similar log files
# The default directory is/var/log/xferlog and/var/log/vsftpd. log.
# The former is a transfer log of the wu_ftpd type, which can be analyzed using a standard Log tool; the latter is a log of the vsftpd type.
# Dual_log_enable
# Whether to output logs originally output to/var/log/vsftpd. log to system logs
# Syslog_enable
# Set the data transmission interruption interval. This statement indicates that the idle user session interruption time is 600 seconds.
# That is, after the data transmission is complete, the user's connection time to the FTP server should not exceed 600 seconds. You can modify the value according to the actual situation.
# Idle_session_timeout = 600
# Set the data connection timeout value. This statement indicates that the data connection timeout value is 120 seconds. You can modify the value based on the actual situation.
# Data_connection_timeout = 120
# Non-authorized system users required to run vsftpd. The default value is nobody.
# Nopriv_user = ft1_cure
# Whether to identify asynchronous ABOR requests.
# If the FTP client issues the "async ABOR" command, this setting must be enabled.
# This setting is generally not safe, so it is usually canceled
# Async_abor_enable = YES
# Whether to transmit data in ASCII mode. By default, the server ignores requests in ASCII format.
# Enabling this option will allow the server to transmit data in ASCII mode
# However, this may cause DoS attacks in the "SIZE/big/file" mode.
# Ascii_upload_enable = YES
# Ascii_download_enable = YES
# Welcome information displayed when you log on to the FTP server
# If necessary, you can create a file named. message under the Directory that changes the welcome information of the directory, and write the welcome information to save it.
# Ftpd_banner = Welcome to blah FTP service.
# Blacklist settings. If you hate some email addresses, you can use this setting to cancel their logon permissions.
# Some special email addresses can be blocked.
# Deny_email_enable = YES
# When deny_email_enable = YES, you can use this setting to specify which email addresses cannot log on to the vsftpd server.
# This file needs to be created by the user, with one email address per line.
# Banned_email_file =/etc/vsftpd/banned_emails
# Does the user have the permission to access files other than their own directories after logging on to the FTP server?
# When set to YES, the user is locked in his home directory, and vsftpd searches for the chroot_list file in the location of the chroot_list_file option value below
# Must work with the following settings
# Chroot_list_enable = YES
# Users listed in this file cannot switch to directories other than their own directories after logon
# This facilitates FTP server security management and privacy protection. This file must be created by yourself
# Chroot_list_file =/etc/vsftpd/chroot_list
# Whether recursive queries are allowed. Disabled by default to prevent remote users from generating excessive I/O
# Ls_recurse_enable = YES
# Whether to allow listening.
# If YES, vsftpd runs in standalone mode. vsftpd listens to and processes IPv4 port connection requests.
Listen = YES
# Set whether IPV6 is supported. To listen to IPv4 and IPv6 ports at the same time,
# You must run two sets of vsftpd with two sets of configuration files.
# Make sure that one of the listening options is commented out.
# Listen_ipv6 = YES
# Set the configuration file name used by the authentication service provided by the PAM plug-in module, that is, the/etc/pam. d/vsftpd file
# The file =/etc/vsftpd/ftpusers field in this file indicates that the account content that the PAM module can resist comes from the/etc/vsftpd/ftpusers file.
# Pam_service_name = vsftpd
# Whether to allow users in the ftpusers file to log on to the FTP server. The default value is NO.
# If this parameter is set to YES, the user in the user_list file is allowed to log on to the FTP server.
# If userlist_deny = YES is set at the same time, the user in the user_list file will not be allowed to log on to the FTP server, or even enter the password prompt information
# Userlist_enable = YES/NO
# Set whether to drag the user in the user_list file to log on to the FTP server. The default value is YES.
# Userlist_deny = YES/NO
# Whether to use tcp_wrappers as the host access control mode.
# Tcp_wrappers can implement host address-based access control for network services in linux systems
# The hosts. allow and hosts. deny files in the/etc directory are used to set access control for tcp_wrappers.
# The Former sets the allowed access record, and the latter sets the access denied record.
# To Restrict anonymous access of some hosts to the FTP server 192.168.57.2, edit the/etc/hosts. allow file. For example, add two lines of commands below:
# Vsftpd: 192.168.57.1: DENY and vsftpd: 192.168.57.9: DENY
# Indicates that the restricted IP address is 192.168.57.1/192.168.57.9 and the host accesses the FTP server whose IP address is 192.168.57.2.
# In this case, the FTP server can be pinged but cannot be connected.
Tcp_wrappers = YES