FTP server vsftpd installation and Setup

Yum install vsftpd

2. Start/restart/shut down the vsftpd Server
[Root @ localhost FTP] #/sbin/service vsftpd restart
Shutting down vsftpd: [OK]
Starting vsftpd For vsftpd: [OK]
OK indicates that the restart is successful.
Change restart to start/stop for Start and Stop respectively.
If the source code is installed, find the start. SH and shutdown. Sh files in the installation folder and execute them.

3. files and folders related to the vsftpd Server
The configuration file of the vsftpd server is/etc/vsftpd. conf.

The root directory of the vsftpd server, that is, the home directory of the FTP server:
Pub at/var/ftp
If you want to modify the path of the server directory, you only need to modify/var/FTP elsewhere.

4. Add an FTP Local User
Some FTP servers require the user name and password to log on, because ftp users and permissions are set.
FTP users generally cannot log on to the system, but can only access the FTP server's own directory, which is for security. such a user is called a virtual user. in fact, it is not a real virtual user, but cannot log on to the shell, and cannot log on to the system.

/Usr/sbin/adduser-D/opt/test_ftp-g ftp-S/sbin/nologin Test
This command indicates:
Use the command (adduser) to add the test user. You cannot log on to the system (-S/sbin/nologin). Your own folder is in (-D/opt/test_ftp )), group FTP (-g ftp)
Then you need to set the passwd Test password for it.
In this way, an FTP user is added. The following example can help you access the FTP server.

[Root @ localhost FTP] # ftp
Ftp> open 192.168.0.33
Connected to 192.168.0.33 (192.168.0.33 ).
220 (vsftpd 2.0.5)
Name (192.168.0.33: GXL): Test
331 please specify the password.
Password:
230 login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

Ftp> quit

In Windows, you only need to enter ftp: // 192.168.0.33 in the browser to enter the FTP server, right-click to log on, and enter the user name and password to log on to your directory.
Of course, to ensure that you can read and write your own directories, you must set it in the configuration file vsftpd. conf to read and write.
Local_enable = Yes
Write_enable = Yes
Local_umask = 022

5. upload and download anonymously
Modify the configuration file to vsftpd. conf. Make sure there are the following lines. You can add them without yourself.
Anonymous_enable = Yes
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_umask = 022

Then you can create a new folder and change its permissions to fully open. Any user can log on to the folder and upload and download files:
Mkdir/var/FTP/guest
Chmod 777/var/FTP/guest

6. Customize the welcome information for accessing the FTP server
Set in the vsftpd. conf file:
Dirmessage_enable = Yes
Then go to the user directory and create a. Message file. Enter the welcome information (Welcome to gxlinux's FTP is written here !) :
[Root @ localhost test_ftp] # ftp 192.168.0.33
Connected to 192.168.0.33 (192.168.0.33 ).
220 (vsftpd 2.0.5)
Name (192.168.0.33: GXL): Test
331 please specify the password.
Password:
230-Welcome to gxlinux's FTP!
230 login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

7. Implement Virtual paths
Mount a directory to an FTP server for your use. This is called a virtual path.
For example, mount the GXL user directory to the FTP server for use by FTP Server users. Run the following command:
[Root @ localhost opt] # Mount -- bind/home/GXL/var/FTP/pub # Use the mount command
[Root @ localhost opt] # ls/var/FTP/pub
Lumaqq screenshot.png Desktop

8. Enable the log function of vsftpd.
Add the following line to the vsftpd. conf file. Generally, this line exists in the file. You only need to remove the annotator #. If not, add or modify the line:
Xferlog_file =/var/log/vsftpd. Log

9. Limit the number of links and the maximum number of links per IP Address
Modify the configuration file. For example, vsftp supports a maximum of 100 connections. Each IP address supports five links:
Max_client = 100
Max_per = 5

10. limit transmission speed
Modify the configuration file, for example, allow anonymous users and users on vsftd (I .e. virtual users) to download at 80 KB = 1024*80 = 81920
Anon_max_rate = 81920
Local_max_rate = 81920

11. restrict users (generally virtual users) to their own directories
Modify the configuration file so that users can only access their own directories:
Chroot_local_user = Yes
If you only want some users to access their own directories, and other users do not have this restriction, you need to go to the chroot_list file (this file is usually in/etc/vsftpd) add this user.
Edit this file. For example, if you add a user named test to this file, you can write it. Generally, a user occupies a row.
[Root @ localhost vsftpd] # Cat chroot_list
Test

12. bind an IP address to vsftpd
Sometimes it is necessary to restrict some IP addresses to access the server and only allow some IP addresses to access the server. For example, if only 192.168.0.33 is allowed to access the FTP, the configuration file is also modified:
Listen_address = 192.168.0.33

Configure vsftpd. conf
Anonymous_enable = No # disable Anonymity
Local_enable = yes # Allow Local Login
Write_enable = yes # Allow write. Required for upload
Local_umask = 027 # Set the object upload permission to 777-local_umask.
Anon_upload_enable = yes # Allow Upload by virtual users and anonymous users
Anon_other_write_enable = yes # Allow virtual users and anonymous users to modify file names and delete files
Dirmessage_enable = Yes
Xferlog_enable = yes # Enable Logging
Connect_from_port_20 = Yes
Xferlog_file =/var/log/vsftpd. log # log storage location
Xferlog_std_format = yes # standard log format
Idle_session_timeout = 600 # idle connection timeout
Data _ connection_timeout = 120
Ftpd_banner = welcome to chinarise FTP service # Welcome Information
Guest_enable = yes # Allow virtual users
Guest_username = vsftpdguest # SYSTEM account used by the virtual user
Virtual_use_local_privs = yes # virtual users have local system Permissions

Chroot_local_user = No
Chroot_list_enable = Yes
# The above two lines are restricted to virtual users under their directories, and cannot access other directories, or directly use
Chroot_local_user = Yes

Listen = yes # listener/Passive Mode
Listen_port = 21 # listening port

Chroot_list_file =/etc/vsftpd. chroot_list # Save the virtual user name list in the file/etc/vsftpd. chroot_list
User_config_dir =/etc/vsftpd/vsftpd_user_conf # more detailed cultivation of each virtual user name is stored in/etc/vsftpd/vsftpd_user_conf

Other virtual user settings

Write the names of virtual users allowed to log on to the/etc/vsftpd. chroot_list file. Each line has one
Create a file named after the virtual user name in the/etc/vsftpd/vsftpd_user_conf folder,
Write: local_root =/var/FTP/subdirectory name
Create a directory under/var/FTP.

Possible problems and solutions:

When performing ftp ip login

500 Oops: vsftpd: cannot locate user specified in 'ftp _ username': ftp

Error Message

Ftp_username = ftpuser (User) must be added to vsftpd. conf. The default user of ftp_username should be FTP

/Etc/init. d/vsftpd restart

If "550 create directory operation failed" appears"

This is the ghost of SELinux installation mechanism. You only need to disable SELinux.

# Vi/etc/SELinux/config
Set SELinux = xxx --> XXX to the level
Change
SELinux = disabled
Or setsebool-P ftpd_disable_trans on + service vsftpd restart or setsebool-P ftp_home_dir on + service vsftpd restart.

If the task cannot be executed, the prompt"
Cocould not change active booleans: Invalid Boolean
"

Run the following command:
Setsebool allow_ftpd_full_access 1
Setsebool allow_ftpd_use_cifs 1
Setsebool allow_ftpd_use_nfs 1
Setsebool ftp_home_dir 1
Setsebool httpd_enable_ftp_server 1

Setsebool tftp_anon_write

The following are detailed steps for reference:

1. Enable the firewall FTP port

VI/etc/sysconfig/iptables # edit the firewall configuration file

-A input-M state -- state new-m tcp-p tcp -- dport 21-J accept (port 21 is allowed to pass the firewall) -A input-M state -- state new-m tcp-p tcp -- dport 20-J accept (allow port 20 to pass through the firewall) -A input-M state -- state new-m tcp-p tcp -- dport 9000: 9045-J accept (set the port range in FTP passive mode)

Note: If the ftp port is changed to another port (such as 2222), the firewall must enable port 2222. Here, the Firewall uses centos 6.0 as an example.

-A input-M state -- state new-m tcp-p tcp -- dport2222-J accept (Port 2222 is allowed to pass the firewall)

/Etc/init. d/iptables restart # restart the firewall to make the configuration take effect.

2. Check whether vsftp is installed in the system.
Rpm-Q vsftpd
Package vsftpd is not installed # This indicates that vsftpd is not installed in the system.
3. Install vsftpd
Yum install vsftpd
Press Y and press enter to automatically install
/Etc/init. d/vsftpd start # Start vsftpd
Service vsftpd restart # restart
Service vsftpd stop # Stop
Chkconfig vsftpd on # Set automatic running upon startup
4. Configure the vsftp Server
Configuration File description:
Core configuration file of/etc/vsftpd. conf vsftpd
/Etc/vsftpd/ftpusers is used to specify which users cannot access the FTP server
/Etc/vsftpd/user_list specifies the list of users that can use vsftpd
/Etc/vsftpd/vsftpd_conf_migrate.sh is a variable and setting Script For vsftpd operations.
/Var/FTP/root directory of anonymous users by default
========================================================== ======================================
Configure/etc/vsftpd. conf
Back up data before configuration
CP/etc/vsftpd. CONF/etc/vsftpd. confbak
Restore Files
CP/etc/vsftpd. confbak/etc/vsftpd. conf

VI/etc/vsftpd. conf # Configuration

Use_localtime = yes # ftp time and system synchronization. If an error occurs during startup, log out of reverse_lookup_enable = No # Add this line to solve the problem of slow client login! Important! DNS response resolution is enabled by default in vsftpd! Disable it here. If an error occurs during startup, log out! Listen_port = 21 # This line does not exist by default. The ftp port is 21. Add listen_port = 2222 to change the default port to 2222. Note: at the same time, the firewall must enable port 2222 anonymous_enable = No # disable anonymous user local_enable = yes to set local user access. Note: It is mainly a virtual host user. If this project is set to no, all virtual users will not be able to access write_enable = yes # global settings, whether to allow writing (whether anonymous or local users, enable the upload permission) local_umask = 022 sets the permission mask for uploaded files. Anon_upload_enable = No prohibit Upload by anonymous users. Anon_mkdir_write_enable = No prohibit anonymous users from creating directories. Dirmessage_enable = yes. Xferlog_enable = yes. Connect_from_port_20 = Yes set port 20 for data connection. Chown_uploads = No: It is disabled to upload files to change the host. Xferlog_file =/var/log/vsftpd. log storage path (create a file first) xferlog_std_format = yes # use the standard format async_abor_enable = yes to set support for asynchronous transmission. Ascii_upload_enable = yesascii_download_enable = yes is set to support the upload and download functions in ASCII mode. Ftpd_banner = welcome to awei FTP servers: Set the login slogan of vsftpd. Chroot_local_user = Yes prohibit local users from logging out of their FTP home directory. Pam_service_name = vsftpd: Set the authentication configuration file name For vsftpd under the PAM service. Therefore, the PAM Authentication will refer to the vsftpd file configuration under/etc/PAM. d. When userlist_enable = yes is set to yes, if a user name is in the file specified by the userlist_file parameter, they will be directly refused to log in before asking them to enter the password. Whether TCP_WRAPPERS = Yes supports tcp_wrappersidle_session_timeout = 300 # timeout setting data_connection_timeout = 1 # server disconnection after 1 second idle ################### ####################################### is an important configuration item For vsftpd virtual user support. Default vsftpd. conf does not contain these configuration items, manually add configuration ################################### ###################### guest_enable = Yes sets to enable the virtual user function. Guest_username = vsftpd specifies the host user of the virtual user (this is the user we will create later) user_config_dir =/etc/vsftpd/vconf sets the path for storing the configuration file of the virtual user's personal vsftp. That is to say, the specified directory stores the configuration files of each vsftp virtual user. Note that these configuration files must be the same as the virtual user name. For example, vsftpd. conf configuration file. copy the file to this directory and configure the mV to virtual_use_local_privs = yes # When this parameter is activated (yes, the virtual user has the same permissions as the local user. # When this parameter is disabled (NO), virtual users use the same permissions as anonymous users. By default, this parameter is disabled (NO ). Pasv_min_port = 9000 (set the port range in passive mode) pasv_max_port = 9045 (set the port range in passive mode) accept_timeout = 5 # Keep 5 seconds connect_timeout = 1 # connect again after 1 second

5. Create a single virtual user name file first:
Touch/etc/vsftpd/virtusers
Edit the virtual user name single file: (the first line of the account, the second line of the password, Note: Do not use root as the user name, the system retains)
VI/etc/vsftpd/virtusers
Web1
123456
Web2
123456
Web3
123456
========================================================== ====================================
6. Generate a virtual user data file:
Db_load-T-t hash-F/etc/vsftpd/virtusers. DB
Chmod 600/etc/vsftpd/virtusers. DB # Set the PAM Authentication file, and specify to read the virtual user database file ================================== ==========================================================
7. Add the following information to the header of the/etc/PAM. d/vsftpd file (it is invalid to add the following information)
Back up CP/etc/PAM. d/vsftpd/etc/PAM. d/vsftpdbak before modification
Recover CP/etc/PAM. d/vsftpdbak/etc/PAM. d/vsftpd
VI/etc/PAM. d/vsftpd

Auth sufficient/lib/security/pam_userdb.so DB =/etc/vsftpd/virtusers
Account sufficient/lib/security/pam_userdb.so DB =/etc/vsftpd/virtusers
Note: If the system is 64, the above Lib is changed to lib64; otherwise, the configuration fails.
8. Create a New System User vsftpd. the user's home directory is/home/wwwroot, and the user logon terminal is set to/bin/false (even if the user cannot log on to the system)

Useradd vsftpd-D/home/wwwroot-S/bin/false
Chown vsftpd: vsftpd/home/wwwroot-R
Chown Apache: Apache/home/wwwroot-R # If the virtual user's host user is Apache, you need to set it like this.
9. Create a configuration file for the virtual user's personal vsftp
System O & M reminder: qihang01 original content is copyrighted. For more information, see the source and original article links.
Mkdir/etc/vsftpd/vconf
CD/etc/vsftpd/vconf
Touch web1 web2 web3 # create three virtual user configuration files here

VI web1 # edit the user's web1 configuration file. Others are similar to this configuration file.

Local_root =/home/wwwroot/web1/
Write_enable = Yes
Anon_world_readable_only = No
Anon_upload_enable = Yes
Anon_mkdir_write_enable = Yes
Anon_other_write_enable = Yes
10. Restart the vsftpd server.
/Etc/init. d/vsftpd restart

Note: guest_username = vsftpd # specifies the host user of the virtual user (the user we created earlier)
For example, if the FTP directory directs to the root directory of the website
Guest_username = Apache # specifying the virtual user's host user as the Apache running account can avoid many permission settings Problems

If the following error occurs when a virtual user data file is generated
Users. DB-Bash: db_load: Command not found
Because the software package is not installed when the DB command is executed
Db4
Db4-devel
Db4-java
Db4-tcl
Db4-utils

You can run the yum install db4 * command to install

Now, the vsftpd installation and configuration are complete.