FTP server vsftpd installation and Setup

Source: Internet
Author: User

Install and set up yum install vsftpd on the FTP server vsftpd 2. start/restart/Close the vsftpd server [root @ localhost ftp] #/sbin/service vsftpd restartShutting down vsftpd: [OK] Starting vsftpd for vsftpd: [OK] OK indicates that the restart is successful. change restart to start/stop for start and stop respectively. if the source code is installed, go to the installation folder and find start. sh and shutdown. sh file, execute them. 3. the vsftpd server configuration file is/etc/vsftpd. conf the root directory of the vsftpd server, that is, the main directory of the FTP server: pub at/var/ftp. If you want to modify the path of the server directory, you only need to modify/var/ftp elsewhere. 4. tian The user name and password are required to log on to the FTP server of the local FTP user, because the FTP user and permission are set. FTP users generally cannot log on to the system, but can only access the FTP server's own directory, which is for security. such a user is called a virtual user. in fact, it is not a real virtual user, but cannot log on to the SHELL, and cannot log on to the system. /usr/sbin/adduser-d/opt/test_ftp-g ftp-s/sbin/nologin test command: Use the command (adduser) to add the test user, you cannot log on to the system (-s/sbin/nologin). Your folder is in (-d/opt/test_ftp) and belongs to the group ftp (-g ftp) then you need to set the password passwd test for it so that an FTP user is added. the following example helps you access the FTP server. [root @ localhost ftp] # ftpftp> open 192.168.0. 33 Connected to 192.168.0.33 (192.168.0.33 ). 220 (vsFTPd 2.0.5) Name (192.168.0.33: gxl): test331 Please specify the password. password: 230 Login successful. remote system type is UNIX. using binary mode to transfer files. ftp> quit in windows, you only need to enter ftp: // 192.168.0.33 in the browser to enter the FTP server, right-click to log on, and enter the user name and password to log on to your directory. of course, you must ensure that you can read and write your own directories in the configuration file vsftpd. set in conf to read and write. local_enable = yeswrite_enable = yeslocal_umask = 022 5. Upload, download, and modify the configuration file anonymously. conf. Make sure there are the following lines. You can add them without yourself. anonymous_enable = yesanon_upload_enable = yesanon_mkdir_write_enable = yesanon_umask = 022. Then you can create a folder and change its permissions to fully open. Any user can log on to this folder and upload and download files: mkdir/var/ftp/guestchmod 777/var/ftp/guest 6. welcome information customized to the FTP server is available in vsftpd. set dirmessage_enable = yes in the conf file and enter the user directory to create. in the message file, enter the Welcome information (Welcome to gxlinux's FTP is written here !): [Root @ localhost test_ftp] # ftp 192.168.0.33Connected to 192.168.0.33 (192.168.0.33 ). 220 (vsFTPd 2.0.5) Name (192.168.0.33: gxl): test331 Please specify the password. password: 230-Welcome to gxlinux's FTP! 230 Login successful. remote system type is UNIX. using binary mode to transfer files. 7. the virtual path is used to mount a directory to the FTP server for users to use. This is called the virtual path. for example, mount the gxl user directory to the FTP server for use by FTP Server users. Run the following command: [root @ localhost opt] # mount -- bind/home/gxl/var/ftp/pub # Use the mount command [root @ localhost opt] # ls/var/ftp/pubLumaQQ Screenshot.png Desktop 8. enable the log function of vsFTPd and add the following line to vsftpd. in the conf file, this line is usually included in the file. You only need to remove the annotator #. If not, add the line or modify xferlog_file =/var/log/vsftp. D. log 9. limit the number of links and the maximum number of links for each IP address to modify the configuration file. For example, vsftp supports a maximum of 100 connections. Each IP address supports five connections: max_client = 100max_per = 5 10. restrict transmission speed to modify the configuration file, for example, to allow anonymous users and users on vsftd (I .e. virtual Users) download anon_max_rate = 81920local_max_rate = 1024 11 at a speed of 80 KB = 81920*80 = 81920. restrict users (generally virtual users) to their own directories to modify the configuration file, so that users can only access their own directories: chroot_local_user = yes if you only want some users to access their own directories, and other users do not have this restriction, you need to file chroot_list (this file is generally in/etc/vsftpd) add this user. edit this file. For example, add the user test to this file and write it to it. generally, one user occupies one row. [root @ localhost Vsftpd] # cat chroot_listtest 12. binding an IP address to vsFTPd sometimes limits access from some IP addresses to the server and only allows access from some IP addresses. For example, only 192.168.0.33 is allowed to access the FTP, and the configuration file listen_address = 192.168.0.33 is also modified. conf anonymous_enable = NO # disable anonymous local_enable = YES # Allow Local logon write_enable = YES # Allow write. to upload files, you must set local_umask = 027 # Grant File Upload permissions: 777-local_umask anon_upload_enable = YES # Allow virtual users and anonymous users to upload anon_other_write_enable = YES # Allow virtual users and anonymous users to modify file names and delete files dirmessage_enable = YES xferlog_enable = YES # Open the log record connect_from_port_20 = YES xferlog_file =/var/log/vsftpd. log # log storage location xferlog_std_format = YES # standard log format timeout = 600 # idle connection timeout data_connection_timeout = 120 ftpd_banner = Welcome to ChinaRise FTP service # Welcome information guest_enable = yes # Allow virtual user guest_username = vsftpdguest # The virtual user's system account virtual_use_local_privs = YES # The virtual user has the local system permission chroot_local_user = NO chroot_list_enable = YES # the preceding two rows limit the virtual user to the directory, cannot access other directories, Alternatively, use chroot_local_user = YES listen = yes # listener/Passive mode listen_port = 21 # listener port chroot_list_file =/etc/vsftpd. chroot_list # The virtual user name is stored in the file/etc/vsftpd. user_config_dir =/etc/vsftpd/vsftpd_user_conf in chroot_list # more detailed cultivation of each virtual user name is saved in/etc/vsftpd/vsftpd_user_conf. write the names of virtual users allowed to log on to the chroot_list file. Create a file named after the virtual user name in the/etc/vsftpd/vsftpd_user_conf folder in each row and write the file: local_root =/var/FTP/sub-Object You can create a corresponding directory under/var/FTP by recording the name and the possible problems and solutions: 500 OOPS: vsftpd occurs during ftp IP logon: cannot locate user specified in 'ftp _ username': the ftp error message must be in vsftpd. ftp_username = ftpuser (User) is added to the conf file. The default user of ftp_username should be ftp/etc/init. d/vsftpd restart. If "550 create directory operation failed" appears, it is a ghost of SELinux installation mechanism. you only need to disable SELinux. # vi/etc/selinux/config change SELINUX = XXX --> XXX representative level to SELINUX = disabled or setsebool-P ft Pd_disable_trans on + service vsftpd restart or setsebool-P ftp_home_dir on + service vsftpd restart. If the execution fails, the prompt "cocould not change active booleans: invalid boolean "you can run the following command setsebool defaults 1 setsebool limit 1 setsebool limit 1 setsebool ftp_home_dir 1 setsebool limit 1 setsebool tftp_anon_write. The following are the practice steps for you to enable ftp port /sysconfig/EPT Ables # edit the firewall configuration file-a input-m state -- state NEW-m tcp-p tcp -- dport 21-j ACCEPT (allow port 21 to pass the firewall) -a input-m state -- state NEW-m tcp-p tcp -- dport 20-j ACCEPT (allow port 20 to pass through the firewall) -a input-m state -- state NEW-m tcp-p tcp -- dport 9000: 9045-j ACCEPT (set the port range in ftp passive mode) Note: if the ftp port is changed to another port (such as 2222), the firewall must enable port 2222, here, the Firewall uses CentOS 6.0 as an example-a input-m state -- state NEW-m tcp-p tcp -- dport2222-j ACCEPT (allow port 2222 to pass defense Fire Wall)/etc/init. d/iptables restart # restart the firewall to make the configuration take effect. 2. Check whether vsftprpm-q vsftpdpackage vsftpd is not installed is installed. # If vsftpd3 is not installed, Press Y to enter vsftpd, the system automatically installs/etc/init. d/vsftpd start # start vsftpdservice vsftpd restart # restart service vsftpd stop # stop chkconfig vsftpd on # Set automatic running upon startup 4. Configure vsftp server configuration file description: /etc/vsftpd. conf vsftpd core configuration file/etc/vsftpd/ftpusers is used to specify which users cannot access the FTP server/etc/vsftpd/user_list to allow vsftp D's user list file/etc/vsftpd/vsftpd_conf_migrate.sh is the variable For vsftpd operations and the root directory of anonymous users by default when setting scripts/var/ftp/==== ========================================================== ==================================== Configure/etc/vsftpd. back up cp/etc/vsftpd before configuring conf. conf/etc/vsftpd. confbak recovery file cp/etc/vsftpd. confbak/etc/vsftpd. conf vi/etc/vsftpd. conf # configure use_localtime = YES # ftp time and system synchronization. If an error occurs during startup, log out of reverse_lookup_enable = NO # Add this Line to solve the problem of slow Client Login! Important! DNS response resolution is enabled by default in vsftpd! Disable it here. If an error occurs during startup, log out! Listen_port = 21 # This line does not exist by default. The ftp port is 21. Add listen_port = 2222 to change the default port to 2222. Note: at the same time, the firewall must enable port 2222 anonymous_enable = NO # disable anonymous user local_enable = YES to set local user access. Note: It is mainly a virtual host user. If this project is set to NO, all virtual users will not be able to access write_enable = YES # global settings, whether to allow writing (whether anonymous or local users, enable the upload permission) local_umask = 022 sets the permission mask for uploaded files. Anon_upload_enable = NO prohibit Upload by anonymous users. Anon_mkdir_write_enable = NO prohibit anonymous users from creating directories. Dirmessage_enable = YES. Xferlog_enable = YES. Connect_from_port_20 = YES set port 20 for data connection. Chown_uploads = NO: It is disabled to upload files to change the host. Xferlog_file =/var/log/vsftpd. log storage path (create a file first) xferlog_std_format = YES # use the standard format async_abor_enable = YES to set support for asynchronous transmission. Ascii_upload_enable = YESascii_download_enable = YES is set to support the upload and download functions in ASCII mode. Ftpd_banner = Welcome to Awei FTP servers: Set the login slogan of Vsftpd. Chroot_local_user = YES prohibit local users from logging out of their FTP home directory. Pam_service_name = vsftpd: Set the authentication configuration file name For Vsftpd under the PAM service. Therefore, the PAM Authentication will refer to the vsftpd file configuration under/etc/pam. d. When userlist_enable = YES is set to YES, if a user name is in the file specified by the userlist_file parameter, they will be directly refused to log in before asking them to enter the password. Whether tcp_wrappers = YES supports tcp_wrappersidle_session_timeout = 300 # timeout setting data_connection_timeout = 1 # server disconnection after 1 second idle ################### ####################################### is an important configuration item For Vsftpd virtual user support. Default Vsftpd. conf does not contain these configuration items, manually add configuration ################################### ###################### guest_enable = YES sets to enable the virtual user function. Guest_username = vsftpd specifies the host user of the virtual user (this is the user we will create later) user_config_dir =/etc/vsftpd/vconf sets the path for storing the configuration file of the virtual user's personal Vsftp. That is to say, the specified directory stores the configuration files of each Vsftp virtual user. Note that these configuration files must be the same as the virtual user name. For example, vsftpd. conf configuration file. copy the file to this directory and configure the mv to virtual_use_local_privs = YES # When this parameter is activated (YES, the virtual user has the same permissions as the local user. # When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ). Pasv_min_port = 9000 (set the port range in passive mode) pasv_max_port = 9045 (set the port range in passive mode) accept_timeout = 5 # Keep connect_timeout = 1 # connect again after 1 second 5. Create a virtual user name single file first: touch/etc/vsftpd/virtusers edit virtual user name single file: (the first line of the account, the second line of the password, Note: Do not use root as the user name, the system retains) vi/etc/vsftpd/login userswebapps3456web2123456web3123456 ============================ =====================================================6, generate a virtual user data file: db_load-T-t hash-f/etc/vsftpd/virtusers/etc/vsftpd/Login User S. dbchmod 600/etc/vsftpd/virtusers. db # Set the PAM Authentication file, and specify to read the virtual user database file ================================== ========================================================== 7. in/etc/pam. d. Add the following information to the file header of vsftpd (invalid after) and back up cp/etc/pam before modification. d/vsftpd/etc/pam. d/vsftpdbak resume cp/etc/pam. d/vsftpdbak/etc/pam. d/vsftpdvi/etc/pam. d/vsftpd auth sufficient/lib/security/pam_userdb.so db =/etc/vsftpd/virtusersaccount sufficient/lib/security/pam_userd B. so db =/etc/vsftpd/virtusers Note: if the system is 64, the above lib is changed to lib64; otherwise, the configuration fails. 8. Create a New System User vsftpd, the user's home directory is/home/wwwroot, and the user's logon terminal is set to/bin/false (even if the user cannot log on to the system) useradd vsftpd-d/home/wwwroot-s/bin/falsechown vsftpd: vsftpd/home/wwwroot-Rchown apache: apache/home/wwwroot-R # This setting is required if the virtual user's host user is apache. 9. Create a virtual user's personal Vsftp configuration file system O & M reminder: qihang01 original content is copyrighted, for more information, see the source and original links mkdir/etc/vsftpd/vconfcd/etc/vsftpd/vconftouch web1 web2 web3 # create three virtual user configuration files vi web1 # edit the user web1 configuration file, other configuration files are similar to local_root =/home/wwwroot/web1/write_enable = YESanon_world_readable_only = NOanon_upload_enable = affinity = YES10. Restart the vsftpd server/etc/init. d/vsftpd restart remarks: guest_username = vsftpd # specifies the virtual user's host User (the user we created earlier). If the ftp directory directs to the root directory of the website, guest_username = apache # specifies that the host user of the virtual user is the apache running account, this can avoid many permission settings problems. If the following error occurs when a virtual user data file is generated. db-bash: db_load: command not found because the package does not have a db4db4-develdb4-javadb4-tcldb4-utils installed when running the db command, you can run the yum install db4 * command to install this point, and the vsftpd installation configuration is complete.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.