How to Set up and configure CentOS FTP Server

Source: Internet
Author: User
Tags ftp file

Yum install vsftpd

2. Start/restart/shut down the vsftpd Server
[Root @ localhost ftp] #/sbin/service vsftpd restart
Shutting down vsftpd: [OK]
Starting vsftpd for vsftpd: [OK]
OK indicates that the restart is successful.
Change restart to start/stop for start and stop respectively.
If the source code is installed, find the start. sh and shutdown. sh files in the installation folder and execute them.

3. files and folders related to the vsftpd Server
The configuration file of the vsftpd server is/etc/vsftpd. conf.

The root directory of the vsftpd server, that is, the home directory of the FTP server:
Pub at/var/ftp
If you want to modify the path of the server directory, you only need to modify/var/ftp elsewhere.

4. Add an FTP Local User
Some FTP servers require the user name and password to log on, because FTP users and permissions are set.
FTP users generally cannot log on to the system, but can only access the FTP server's own directory, which is for security. such a user is called a virtual user. in fact, it is not a real virtual user, but cannot log on to the SHELL, and cannot log on to the system.

/Usr/sbin/adduser-d/opt/test_ftp-g ftp-s/sbin/nologin test
This command indicates:
Use the command (adduser) to add the test user. You cannot log on to the system (-s/sbin/nologin). Your own folder is in (-d/opt/test_ftp )), group ftp (-g ftp)
Then you need to set the passwd test password for it.
In this way, an FTP user is added. The following example can help you access the FTP server.

[Root @ localhost ftp] # ftp
Ftp> open 192.168.0.129
Connected to 192.168.0.129 (192.168.0.129 ).
220 (vsFTPd 2.0.5)
Name (192.168.0.129: gxl): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> quit
221 Goodbye.

In windows, you only need to enter ftp: // 192.168.0.129 in the browser to enter the FTP server, right-click to log on, and enter the user name and password to log on to your directory.
Of course, to ensure that you can read and write your own directories, you must set it in the configuration file vsftpd. conf to read and write.
Local_enable = yes
Write_enable = yes
Local_umask = 022

5. upload and download anonymously
Modify the configuration file to vsftpd. conf. Make sure there are the following lines. You can add them without yourself.
Anonymous_enable = yes
Anon_upload_enable = yes
Anon_mkdir_write_enable = yes
Anon_umask = 022

Then you can create a new folder and change its permissions to fully open. Any user can log on to the folder and upload and download files:
Mkdir/var/ftp/guest
Chmod 777/var/ftp/guest

6. Customize the welcome information for accessing the FTP server
Set in the vsftpd. conf file:
Dirmessage_enable = yes
Then go to the user directory and create a. message file. Enter the Welcome information (Welcome to gxlinux's FTP is written here !) :
[Root @ localhost test_ftp] # ftp 192.168.0.33
Connected to 192.168.0.33 (192.168.0.33 ).
220 (vsFTPd 2.0.5)
Name (192.168.0.33: gxl): test
331 Please specify the password.
Password:
230-Welcome to gxlinux's FTP!
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

7. Implement Virtual paths
Mount a directory to an FTP server for your use. This is called a virtual path.
For example, mount the gxl user directory to the FTP server for use by FTP Server users. Run the following command:
[Root @ localhost opt] # mount-bind/home/gxl/var/ftp/pub # Use the mount command
[Root @ localhost opt] # ls/var/ftp/pub
LumaQQ Screenshot.png Desktop

Automatic mounting available upon startup

This way

8. Enable the log function of vsFTPd.
Add the following line to the vsftpd. conf file. Generally, this line exists in the file. You only need to remove the annotator #. If not, add or modify the line:
Xferlog_file =/var/log/vsftpd. log

9. Limit the number of links and the maximum number of links per IP Address
Modify the configuration file. For example, vsftp supports a maximum of 100 connections. Each IP address supports five links:
Max_client = 100
Max_per = 5

10. limit transmission speed
Modify the configuration file, for example, allow anonymous users and users on vsftd (I .e. virtual users) to download at 80 KB = 1024*80 = 81920
Anon_max_rate = 81920
Local_max_rate = 81920

11. restrict users (generally virtual users) to their own directories
Modify the configuration file so that users can only access their own directories:
Chroot_local_user = yes
If you only want some users to access their own directories, and other users do not have this restriction, you need to go to the chroot_list file (this file is usually in/etc/vsftpd) add this user.
Edit this file. For example, if you add a user named test to this file, you can write it. Generally, a user occupies a row.
[Root @ localhost vsftpd] # cat chroot_list
Test

12. bind an IP address to vsFTPd
Sometimes it is necessary to restrict some IP addresses to access the server and only allow some IP addresses to access the server. For example, to allow only 192.168.0.129 to access the FTP, the configuration file is also modified:
Listen_address = 192.168.0.129

Configure vsftpd. conf
Anonymous_enable = NO # disable Anonymity
Local_enable = YES # Allow Local Login
Write_enable = YES # Allow write. Required for upload
Local_umask = 027 # Set the object upload permission to 777-local_umask.
Anon_upload_enable = YES # Allow Upload by virtual users and anonymous users
Anon_other_write_enable = YES # Allow virtual users and anonymous users to modify file names and delete files
Dirmessage_enable = YES
Xferlog_enable = YES # Enable Logging
Connect_from_port_20 = YES
Xferlog_file =/var/log/vsftpd. log # log storage location
Xferlog_std_format = YES # standard log format
Idle_session_timeout = 600 # idle connection timeout
Data _ connection_timeout = 120
Ftpd_banner = Welcome to ChinaRise FTP service # Welcome Information
Guest_enable = yes # Allow virtual users
Guest_username = vsftpdguest # SYSTEM account used by the virtual user
Virtual_use_local_privs = YES # virtual users have local system Permissions

Chroot_local_user = NO
Chroot_list_enable = YES
# The above two lines are restricted to virtual users under their directories, and cannot access other directories, or directly use
Chroot_local_user = YES

Listen = yes # listener/Passive Mode
Listen_port = 21 # listening port

Chroot_list_file =/etc/vsftpd. chroot_list # Save the virtual user name list in the file/etc/vsftpd. chroot_list
User_config_dir =/etc/vsftpd/vsftpd_user_conf # more detailed cultivation of each virtual user name is stored in/etc/vsftpd/vsftpd_user_conf

Other virtual user settings

Write the names of virtual users allowed to log on to the/etc/vsftpd. chroot_list file. Each line has one
Create a file named after the virtual user name in the/etc/vsftpd/vsftpd_user_conf folder,
Write: local_root =/var/FTP/subdirectory name
Create a directory under/var/FTP.

When the virtual user permission shows that the directory cannot be created and the upload is caused by selinux, the following methods can be used to solve the problem:

1

Yum remove selinux *-y

Of course you can.


2

Vi/etc/selinux/config

Change to: SELINUX = disabled

3. setsebool-P ftpd_disable_trans 1
Disallow him. It seems that you like it.

Retry and solve the problem!

Edit/etc/vsftpd. conf. Note that the upper and lower cases before the equal sign are sensitive. Make sure that all lowercase letters are used.

The settings are as follows.
Anonymous_enable = NO anonymous login not allowed (YES by default, need to be modified)
Local_enable = YES allow local users to log on (default)
Write_enable = YES. The permission to modify the local user logon is enabled (default)
Local_umask = 022 default file upload permission is 755 (777-022) (default)
Dirmessage_enable = YES (default)
Xferlog_enable = YES log (default)
Connect_from_port_20 = YES (default)
Xferlog_std_format = YES log format (default)
Listen = YES (default)
Chroot_local_user = YES restrict users to log on to their own directories only (newly added)
Pam_service_name = vsftpd (default)
Tcp_wrappers = YES (default)
Finally, delete the default userlist_enable = YES.
Save and exit

Next, create a user who cannot log on locally but can only use ftp. Assume that the user name is ftpuser and the folder to which the individual belongs.

/Var/ftp/ftpuser

Important 1,

The command is as follows:
Useradd-g ftp-d/var/ftp/ftpuser-s/sbin/nologin ftpuser
Use the passwd ftpuser command to set the password.

Important 2,

Cd/etc/vsftpd/

Touch chroot_list

Vi chroot_list add ftpuser

Restart vsftpd

Note: If the following error occurs during the upload (man ftpd_selinux is helpful ):

Vsftp "553 cocould not create file"

Solution:

1. Execute

Setsebool-P ftpd_disable_trans 1
2.

Service vsftpd restart

Error 530 during virtual user logon ..

Solution:
Cp Path/RedHat/vsftpd. pam/etc/pam. d/ftp
Path is the source file directory for vsftp Decompression
This is because we have enabled PAM for RHEL and/etc/pam is required for vsftp. d/ftp file (this file is not installed by default in the source code). Therefore, you cannot log on to the file without using an anonymous local outdoor user.

As a result, anonymous users cannot log on.

Vsftp upload failure error 200 227 553


An error occurred copying a file to the FTP server. Make sure you have permission to put file on the server.

Details:

200 Switching to Binary mode.

227 Entering Passive Mode (192,168,130,102, 66,128)

553 cocould not create file.

Appendix: Significance of FTP digital code
110 restart and mark the response.
120 how long is the service ready.
125 data link port is enabled and ready for transmission.
150 the File status is normal and the data connection port is enabled.
200 the command is successfully executed.
202 command execution failed.
211 system status or system help response.
212 directory status.
The status of the 213 file.
214 help message.
215 name system type.
220 new online service ready.
221 the Service's control port is closed and can be canceled.
225 Data Link is enabled, but there is no transmission action.
226 close the data connection port and the requested file operation is successful.
227 enters the passive mode.
230 user login.
250 the requested file operation is complete.
257 display the current path name.
331 the user name is correct and the password is required.
332 account information is required for logon.
350 the requested operation requires a command.
421 unable to provide services. Disable the control link.
425 the data link cannot be enabled.
426 disable online and terminate transmission.
450 the requested operation was not executed.
451 command termination: there is a local error.
452 unexecuted command: the disk space is insufficient.
500 the format is incorrect and the command cannot be identified.
501 parameter syntax error.
502 command execution failed.
503 command order error.
504 the parameters connected to the command are incorrect.
530 not logged in.
532 Account Login is required to store files.
550 the requested operation is not performed.
551 the Request command is terminated and the type is unknown.
552 the requested file is terminated and the storage space overflows.
553 the name of the requested command is incorrect.

This error is reported today.

Solution

Disable selinux

Modify/etc/vsftpd. conf

Write_enable = YES

Assume that the directory to be uploaded is/home/ftp

The permission should be 770, the owner is the user name, and the group is the user.

Chmod 770/home/ftp proved that it would not work if it was 770. Otherwise, the web would not be accessible.

Chown Username: user/home/ftp

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.