RedHat 5.5 Linux FTP (VSFTPD) Service installation __linux

Source: Internet
Author: User
Tags iptables

Resources:

Client: Win7 +xshell + xftp

Server: RedHat 5.5 + Admin account, password


First, check if the machine has been installed VSFTPD service, execute the following command: Rpm–qa|grep vsftpd

To see if the service is installed, it will appear as follows:


If the VSFTPD service is not installed, there is no display in the middle red box.

Second, the installation of VSFTPD services, the implementation of the following command:

Yum Install vsftpd (can also be installed by other means)

The installation screen is shown in the following illustration:


Enter Y return, installation complete, the screen as shown below:




Third, the installation completes, the execution starts the service command:

Service VSFTPD Start

Or:

/ETC/INIT.D/VSFTPD start

The results of the execution screen are as follows:



To see if the VSFTPD service is running, execute the following command:

Service VSFTPD Status

The results of the execution screen are as follows:



Create a local login user and group, first create the user group Testgroup, and execute the following command:

Groupaddtestgroup

After execution, create the user TestUser and execute the following command:

Useradd-m-gtestgroup TestUser

After execution, see if the user was successfully created, execute the following command:

cat/etc/passwd | Cut-f 1-d:

Where the penultimate argument is the number 1, not the letter L.

To set a password for this new user name, execute the following command:

passwd New Password

The user is added to complete at this time.


Six, configure the VSFTPD service related parameters, the file path is "/etc/vsftpd/vsftpd.conf"

1.) Prohibit anonymous user login, modify anonymous_enable configuration entry to No, as shown in the following figure:



2.) to restrict all local users to add "Chroot_local_user=no" entries in their own directories, as shown in the following illustration:


You can make the above restrictions for the specified user, configure the "Chroot_list_file" item

Chroot_list_file=/etc/vsftpd.chroot_list

3.) Set up the local user login directory, add "Local_root" item

Local_root =/var/ftp/receivefile

If this item is not set, the default is the user's own home directory.


4.) Restrict the specified IP access
Sometimes to restrict certain IP access servers, only allow certain IP access, such as only allow 192.168.0.33 access to this FTP, also modify the configuration file: listen_address=192.168.0.33

5.) Port modification, FTP service default use of Port 21, can be modified according to their own situation, attention can not use other ports within 1024.
Port modification: Modify file/etc/services, such as change FTP21 port to 2121.

More/etc/services
Just modify it here, and then add a section to the vsftpd.conf configuration file:

"Listet_port=2121"
The main thing is the SELinux in the firewall to allow, otherwise it is not read write.

There is also a PASV passive transfer mode, you can set the following:

Pasv_enable=yes (default:yes) setting whether PASV mode Pasv_promiscuous=no (Default:no) is allowed to mask security checks on PASV (disabled when a secure tunnel is available)
The pasv_min_port=1024 (default:0) PASV uses the maximum Port pasv_max_port=10240 (default:0 (using any port)) PASV the minimum port used and then When adding a firewall, you can add a
Iptables-a input-p TCP--dport 1024:10240-j ACCEPT (means 1024-10240 these ports pass)
Iptables-a output-p TCP--SPOTR 1024:10240-j ACCEPT

Six, let vsftpd automatically start
How to get vsftpd to start automatically, add a sentence in/etc/rc.local file vsftpd & This will start automatically when the boot up. #vi/etc/rc.local

Seven, after configuring the above parameters, stop the service restart.

Note that if the error "553 could not create file" occurs when the file is uploaded, do the following to add the appropriate permissions to the folder:

#sudo Chmod-r 777/var/ftp/receivefile

Where the-r parameter represents a corresponding permission modification for all subdirectories at the same time.

Receivefile is the new folder


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.