Firewall turned on
[[Email protected] ~]# service iptables start
Add rule 20 Active port, 21 passive port
[[email protected] ~]# iptables-i INPUT 1-p tcp--dport 20:21-j ACCEPT
Save Configuration
[[Email protected] ~]# service Iptables Save
iptables:saving firewall rules to/etc/sysconfig/iptables:[OK]
Installing the VSFTPD Service
[email protected] ~]# Yum install vsftpd-y
Set to auto start on boot
[Email protected] ~]# chkconfig vsftpd on
Start the service
[[Email protected] ~]# service VSFTPD start
View FTP Port Status
[Email protected] ~]# Netstat-ntulp | grep FTP
Because the server 20 port to actively generate a random port access client, here to check whether the server loaded NF_CONNTRACK_FTP module, because the module will allow access
[Email protected] ~]# Lsmod | grep nf_conntrack_ftp #查看模块
[Email protected] ~]# modprobe nf_conntrack_ftp #加载模块
or load the module like this
[Email protected] ~]# Vim/etc/sysconfig/iptables-config
Modify iptables_modules= "Nf_conntrack_ftp"
Restart Service
[Email protected] ~]# service iptables restart
[Email protected] ~]# RPM-QL vsftpd
/etc/logrotate.d/vsftpd. Log files for vsftpd
/ETC/PAM.D/VSFTPD Pam Certification File
/ETC/RC.D/INIT.D/VSFTPD Startup scripts
directory where the/etc/vsftpd vsftpd configuration file is stored
/etc/vsftpd/ftpusers prohibit the use of VSFTPD user list files
/etc/vsftpd/user_list prohibit or allow the use of VSFTPD user list files
/ETC/VSFTPD/VSFTPD.CONF Master configuration file
/etc/vsftpd/vsftpd_conf_migrate.sh Some variables and settings for VSFTPD operations
/USR/SBIN/VSFTPD VSFTPD's main program
Some other explanatory documents and manuals file slightly!
/var/ftp Anonymous User home directory
/var/ftp/pub download directory for anonymous users
/ETC/VSFTPD/VSFTPD.CONF configuration:
VSFTPD supports three types of users: local user, anonymous user, virtual user
[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
............
Anonymous_enable=yes #是否启用匿名用户登录
...............
Local_enable=yes #是否允许本地用户登录
............
Write_enable=yes #是否允许本地用户写
...............
local_umask=022 #本地用户上传后文件过滤权限
...............
Anon_upload_enable=no #是否允许匿名用户上传文件
...............
Anon_mkdir_write_enable=no #是否允许匿名用户创建文件夹
Anon_other_write_enable=no #是否允许匿名用户上传文件
...............
Dirmessage_enable=yes
...............
Chroot_local_user=yes # Local User is imprisoned in the host directory as the home directory root
Chroot_list_enable=yes # Whether to restriction the system user in their home directory
Chroot_list_file=/etc/vsftpd.chroot_list # List of users who are not chroot
Anon_root=/var/ftp sets the FTP root of anonymous users, also known as the host directory. Anonymous log in the file directory, note that there is no "/" after FTP, or error
Local_root=/var/ftp Setting the FTP root directory for Local Users
Chown_upload=yes # Whether to change the owner of the uploaded file
Ftpd_banner=welcome to CHENLF FTP service. # Custom Welcome Information
Chown_username=username # If you need to enter a system user name
Xferlog_enable=yes # Whether the FTP transfer process is logged
Xferlog_file=/var/log/vsftpd.log # Path and name of FTP transfer log
Xferlog_std_format=yes # Whether to use standard FTP Xferlog mode
Connect_from_port_20=yes # Are you sure the port transfer is from (Ftp-data)
IDLE_SESSION_TIMEOUT=600 # Set Session timeout time
DATA_CONNECTION_TIMEOUT=120 # Set data transfer time-out
MAX_CLIENTS=50 # User Maximum number of connections default is 0 unlimited
Max_per_ip=5 # Maximum number of connections per IP address
anon_max_rate=102400 # anonymous Download speed KB
local_max_rate=102400 # Average user download speed KB
Userlist_enable=yes #是否启用用户列表
Userlist_deny=yes #只要出现在用户列表中的用户都是拒绝的
Userlist_file=/etc/vsftpd/user_list #用户列表文件
viewing bool values
[Email protected] ~]# Getsebool-a | grep FTP
Allow_ftpd_anon_write-Off #允许用户写
Allow_ftpd_full_access-On
Allow_ftpd_use_cifs--off
Allow_ftpd_use_nfs--off
Ftp_home_dir-On #允许创建家目录
ftpd_connect_db--off
Ftpd_use_fusefs--off
Ftpd_use_passive_mode--off
Httpd_enable_ftp_server--off
Tftp_anon_write--off
Tftp_use_cifs--off
Tftp_use_nfs--off
Must turn on Ftp_home_dir-on with allow_ftpd_full_access-on, Allow_ftpd_anon_write-->on
Setsebool-p Ftp_home_dir on
File cannot be uploaded from three considerations: Profile, File System (permissions), SELinux
[Email protected] ~]# chown ftp:ftp/var/ftp/
Settings for FTP access
Vim/etc/pam.d/vsftpd
Client
Linux Installation FTP Client tool
Yum Install FTP lftp-y
Can use FTP 192.168.1.104 connection, can enter user name
can also use lftp 192.168.1.104 connection, anonymous user connection
You can also specify user lftp-u FTP (user name) 192.168.1.104 Specify user connection
Put Xx.txt upload file
FTP Configuration in Linux