Resources:
Client: Win7 +xshell + xftp
Server: RedHat 5.5 + Admin account, password
First, check if the machine has been installed VSFTPD service, execute the following command: Rpm–qa|grep vsftpd
To see if the service is installed, it will appear as follows:
If the VSFTPD service is not installed, there is no display in the middle red box.
Second, the installation of VSFTPD services, the implementation of the following command:
Yum Install vsftpd (can also be installed by other means)
The installation screen is shown in the following illustration:
Enter Y return, installation complete, the screen as shown below:
Third, the installation completes, the execution starts the service command:
Service VSFTPD Start
Or:
/ETC/INIT.D/VSFTPD start
The results of the execution screen are as follows:
To see if the VSFTPD service is running, execute the following command:
Service VSFTPD Status
The results of the execution screen are as follows:
Create a local login user and group, first create the user group Testgroup, and execute the following command:
Groupaddtestgroup
After execution, create the user TestUser and execute the following command:
Useradd-m-gtestgroup TestUser
After execution, see if the user was successfully created, execute the following command:
cat/etc/passwd | Cut-f 1-d:
Where the penultimate argument is the number 1, not the letter L.
To set a password for this new user name, execute the following command:
passwd New Password
The user is added to complete at this time.
Six, configure the VSFTPD service related parameters, the file path is "/etc/vsftpd/vsftpd.conf"
1.) Prohibit anonymous user login, modify anonymous_enable configuration entry to No, as shown in the following figure:
2.) to restrict all local users to add "Chroot_local_user=no" entries in their own directories, as shown in the following illustration:
You can make the above restrictions for the specified user, configure the "Chroot_list_file" item
Chroot_list_file=/etc/vsftpd.chroot_list
3.) Set up the local user login directory, add "Local_root" item
Local_root =/var/ftp/receivefile
If this item is not set, the default is the user's own home directory.
4.) Restrict the specified IP access
Sometimes to restrict certain IP access servers, only allow certain IP access, such as only allow 192.168.0.33 access to this FTP, also modify the configuration file: listen_address=192.168.0.33
5.) Port modification, FTP service default use of Port 21, can be modified according to their own situation, attention can not use other ports within 1024.
Port modification: Modify file/etc/services, such as change FTP21 port to 2121.
More/etc/services
Just modify it here, and then add a section to the vsftpd.conf configuration file:
"Listet_port=2121"
The main thing is the SELinux in the firewall to allow, otherwise it is not read write.
There is also a PASV passive transfer mode, you can set the following:
Pasv_enable=yes (default:yes) setting whether PASV mode Pasv_promiscuous=no (Default:no) is allowed to mask security checks on PASV (disabled when a secure tunnel is available)
The pasv_min_port=1024 (default:0) PASV uses the maximum Port pasv_max_port=10240 (default:0 (using any port)) PASV the minimum port used and then When adding a firewall, you can add a
Iptables-a input-p TCP--dport 1024:10240-j ACCEPT (means 1024-10240 these ports pass)
Iptables-a output-p TCP--SPOTR 1024:10240-j ACCEPT
Six, let vsftpd automatically start
How to get vsftpd to start automatically, add a sentence in/etc/rc.local file vsftpd & This will start automatically when the boot up. #vi/etc/rc.local
Seven, after configuring the above parameters, stop the service restart.
Note that if the error "553 could not create file" occurs when the file is uploaded, do the following to add the appropriate permissions to the folder:
#sudo Chmod-r 777/var/ftp/receivefile
Where the-r parameter represents a corresponding permission modification for all subdirectories at the same time.
Receivefile is the new folder