How to install and configure a Vsftp server in CentOS 7.0

1. Configure the firewall to enable the port required by the FTP server

CentOS 7.0 uses firewall as the firewall by default. Here, it is changed to iptables firewall.

1. Disable firewall:

Systemctl stop firewalld. service # stop firewall

Systemctl disable firewalld. service # disable firewall startup

2. Install iptables firewall

Yum install iptables-services # installation

Vi/etc/sysconfig/iptables # Edit the firewall configuration file

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

* Filter

: Input accept [0: 0]

: Forward accept [0: 0]

: Output accept [0: 0]

-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT

-A input-p icmp-j ACCEPT

-A input-I lo-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 21-j ACCEPT

-A input-m state -- state NEW-m tcp-p tcp -- dport 10060: 10090-j ACCEPT

-A input-j REJECT -- reject-with icmp-host-prohibited

-A forward-j REJECT -- reject-with icmp-host-prohibited

COMMIT

: Wq! # Save and exit

Systemctl restart iptables. service # restart the firewall to make the configuration take effect.

Systemctl enable iptables. service # set firewall startup

Note: Port 21 is the ftp service port, and Port 10060 to Port 10090 is the port required in Vsftpd passive mode. You can customize a tcp port greater than 1024.

II. Disable SELINUX

Vi/etc/selinux/config

# SELINUX = enforcing # Comment out

# SELINUXTYPE = targeted # Comment out

SELINUX = disabled # Add

: Wq! # Save and exit

Setenforce 0 # Make the configuration take effect immediately

3. Install vsftpd

Yum install-y vsftpd # install vsftpd

Yum install-y psmisc net-tools systemd-devel libdb-devel perl-DBI # install vsftpd Virtual User configuration dependency package

Systemctl start vsftpd. service # start

Systemctl enable vsftpd. service # set vsftpd to start upon startup

4. Configure the vsftp server

Cp/etc/vsftpd. conf/etc/vsftpd. conf-bak # back up the default configuration file

Run the following command to set

Sed-I "s/anonymous_enable = YES/anonymous_enable = NO/g" '/etc/vsftpd. Conf'

Sed-I "s/# anon_upload_enable = YES/anon_upload_enable = NO/g" '/etc/vsftpd. Conf'

Sed-I "s/# anon_mkdir_write_enable = YES/g" '/etc/vsftpd. Conf'

Sed-I "s/# chown_uploads = YES/chown_uploads = NO/g" '/etc/vsftpd. Conf'

Sed-I "s/# async_abor_enable = YES/g" '/etc/vsftpd. Conf'

Sed-I "s/# ascii_upload_enable = YES/g" '/etc/vsftpd. Conf'

Sed-I "s/# ascii_download_enable = YES/g" '/etc/vsftpd. Conf'

Sed-I "s/# ftpd_banner = Welcome to blah FTP service./ftpd_banner = Welcome to FTP service./g" '/etc/vsftpd. Conf'

Echo-e "use_localtime = YES \ nlisten_port = 21 \ nchroot_local_user = YES \ response = 300 \ ndata_connection_timeout = 1 \ nguest_enable = YES \ nguest_username = vsftpd

\ Nuser_config_dir =/etc/vsftpd/vconf \ Users = YES \ npasv_min_port = 10060 \ Users = 10090 \ naccept_timeout = 5 \ nconnect_timeout = 1 ">/etc/vsftpd. conf

5. Create a virtual user name single file

Touch/etc/vsftpd/virtusers

Edit The Virtual User Name Single File: (the first line of the account, the second line of the password, note: Do not use root as the user name, the system retains)

Vi/etc/vsftpd/virtusers

Web1

123456

Web2

123456

Web3

123456

: Wq! # Save and exit

6. Generate virtual user data files

Db_load-T-t hash-f/etc/vsftpd/virtusers. db

Chmod 600/etc/vsftpd/virtusers. db # set the PAM authentication file and specify to read the virtual user database file

7. Add the following information to the header of the/etc/pam. d/vsftpd File (it is invalid to add the following information)

Back up cp/etc/pam. d/vsftpd/etc/pam. d/vsftpdbak before modification

Vi/etc/pam. d/vsftpd

Auth sufficient/lib64/security/pam_userdb.so db =/etc/vsftpd/virtusers

Account sufficient/lib64/security/pam_userdb.so db =/etc/vsftpd/virtusers

Note: If the system is 32-bit, the above is changed to lib; otherwise, the configuration fails.

8. Create a system user vsftpd. The user directory is/home/wwwroot, and the user logon terminal is set to/bin/false (even if the user cannot log on to the system)

Useradd vsftpd-d/home/wwwroot-s/bin/false

Chown vsftpd: vsftpd/home/wwwroot-R

Chown www: www/home/wwwroot-R # if the virtual user's host user is www, you need to set it like this.

9. Create a configuration file for the virtual user's personal Vsftp

Mkdir/etc/vsftpd/vconf

Cd/etc/vsftpd/vconf

Touch web1 web2 web3 # create three Virtual User configuration files here

Mkdir-p/home/wwwroot/web1/http/

Vi web1 # edit the user's web1 configuration file. Others are similar to this configuration file.

Local_root =/home/wwwroot/web1/http/

Write_enable = YES

Anon_world_readable_only = NO

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

10. Restart the vsftpd server.

Systemctl restart vsftpd. service

Note:

Guest_username = vsftpd # specify the host user of the virtual user (that is, the user we created earlier)

Guest_username = www # if the ftp directory is directed to the website root directory and used to upload website programs, you can specify the Virtual User's host user as the nginx running account www, which can avoid many permission settings problems