Development of E-Shop 5 (Linux installation tvsftpd)

Source: Internet
Author: User
Tags parent directory ftp protocol

1: First check if VSFTPD is installed under Linux

2: If installed, delete the original

Yum Remove vsftpd

3:: Then install in the Yum Library

yum-y Install vsftpd

4: Create a folder under the root directory. This is the path of file upload save

Mkdir/ftpfile

Or

CD/

mkdir Ftpfile

5: Add a user for the upload, after I upload all with this user

useradd ftpuser-d/ftpfile/-s/sbin/nologin

This means to add a user called Ftpuser, the user will enter the/ftpfile folder once logged in, this user does not allow the shell and other login methods, but can log on to the FTP server

For more useradd commands, refer to

Http://man.linuxde.net/useradd

And

http://blog.csdn.net/danson_yang/article/details/65629948

6: Assign the new Ftpfile folder to Ftpuser

Chown-r ftpuser.ftpuser/ftpfile/

More about the Chown command see Http://man.linuxde.net/chown

7: Set password for Ftpuser

passwd Ftpuser

I set to: (123456)

8: Go to Ftpfile to create a file for testing later on

Vim/ftpfile/index.html

Write something to the file and save the exit.

9: Go to ftpfile configuration file to modify some configuration

9.1 Locate the configuration file in the first place

Whereis vsftpd

9.2 Modifying a configuration file

Cd/etc/vsftpd

Vim vsftpd.conf

9.3 First find Banner node

/banner

You can put #ftpd_banner =welcome to blah FTP service.

This line of comments is canceled and then changed to Welcome "the name of their site" FTP service. The meaning of this is to enter the Welcome statement of the FTP server

9.4 Continue to add the following 2 configurations under the banner node

1) local_root=/ftpfile (when local Users log in, will be replaced by the defined directory, the default value is the user's home directory)
2) anon_root=/ftpfile (use anonymous login, log in directory)

9.5 Continue looking for chroot_list nodes

Open #chroot_list_enable =yes------"Chroot_list_enable=yes

Open Chroot_list_file=/etc/vsftpd/chroot_list

9.6 Go back to the banner node and add the configuration.

Use_localtime=yes (Default is GMT time, change to use native system time)

9.7 Temporarily exit Insert mode (CTRL+O) Find anonymous node

Change Anonymous_enable=yes to Anonymous_enable=no (anonymous users are not allowed to log in)

9.8 Modifying or creating a/etc/vsftpd/chroot_list file

This file records a collection of users who can use ftpserver remotely.

Write the newly created Ftpuser to them

9.9: To get the configuration to take effect, restart VSFTPD

Service VSFTPD Restart

9.10 ensure Local_enable=yes (allow local users to log on)

9.11 ensure Write_enable=yes (Local users can read and write in their home directory)

9.12 ensure local_umask=022 (umask value when local Users add files)

9.13 ensure dirmessage_enable=yes (if this option is enabled, the first time the user enters a directory, Checks if there is a. message file in this directory, if any, the contents of this file will appear, usually this file will be placed in a welcome word, or a description of the directory. Default value is on)

9.14 ensure that Xferlog_enable=yes (upload/download logging is enabled). If enabled, the uploaded and downloaded information will be fully recorded in the file defined by Xferlog_file. The preset is on. )

9.15 Ensure Connect_from_port_20=yes (specify FTP to use 20 port for data transfer, default is YES)

9.16 ensure xferlog_std_format=yes (if enabled, the log file will be written in the standard format of Xferlog)

9,17 ensure Chroot_list_enable=yes (set whether the user list file specified by the Chroot_list_file configuration item is enabled)

9.18 ensure that chroot_local_user=no (used to specify whether the user in the user list file is allowed to switch to the parent directory) gets commented

9.19 ensure Listen=yes and PAM_SERVICE_NAME=VSFTPD

9.20: Ensure Tcp_wrappers=yes

9.21 under pam_service_name=vsftpd , add the following configuration

PASV_MIN_PORT=61001 (passive mode uses the minimum port range)

pasv_max_port=62000 (Passive mode uses port range max)
Pasv_enable=yes (pasv_enable=yes/no (YES)
If set to Yes, the PASV operation mode is used, and if set to No, the port mode is used. The default value is Yes, which is to use the PASV operating mode.
The FTP protocol works in two ways: Port mode and PASV mode, Chinese meaning active and passive.
The port (Active) connection process is: The client sends a connection request to the server's FTP port (by default, 21), the server accepts the connection, and establishes a command link.
When the data needs to be transferred, the client tells the server with the Port command on the command link: "I opened the * * * port, you came to connect me." The server then sends a connection request from Port 20 to the client's * * * port, creating a data link to transmit the data.
Second, the PASV (passive) mode of the connection process is: the client to the server's FTP port (the default is 21) Send connection requests, the server accepts the connection, establish a command link.
When the data needs to be transferred, the server tells the client on the command link with the PASV command: "I opened the * * * port, you came to connect me." The client then sends a connection request to the server's * * * port and establishes a data link to transmit the data.
As can be seen from the above, the two ways of the command link connection method is the same, and the data link building method is completely different. And the complexity of FTP is that.

10: Edit firewall to liberate Vsftp's port number

#vsftpd
-A Input-p TCP--dport 61001:62000-j ACCEPT
-A Output-p TCP--sport 61001:62000-j ACCEPT
-A Input-p TCP--dport 20-j ACCEPT
-A Output-p TCP--dport 20-j ACCEPT
-A Input-p TCP--dport 21-j ACCEPT
-A Output-p TCP--dport 21-j ACCEPT

11: Let the firewall function and restart VSFTPD

Service Iptables Restart

Service VSFTPD Restart

12: Modify/etc/selinux/conf

Change the selinux=enforcing into a selinux=disable.

This appears to ensure that remote users can create folders in the server

Immediate effect: Setenforce 0

13 Restart VSFTPD

Test

Reference: http://www.gzidc.org/hostq/n685.html

Development of E-Shop 5 (Linux installation tvsftpd)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.