Install and Configure FTP [vsftp] In CentOS

Source: Internet
Author: User
Tags socket error

1. FTP Installation
1. Check whether FTP is installed: [root @ localhost ~] # Rpm-q vsftpd

If installed, the following version information is displayed:
[Root @ localhost ~] # Vsftpd-2.0.5-16.el5_5.1

Otherwise: [root @ localhost ~] # Package vsftpd is not installed

2. If FTP is not installed, run the yum install vsftpd command.

The specific details are as follows: (if the update fails, you must first configure access to the Internet. I have a document named CentOS under VMware. How to connect to the Internet can solve the problem of no access to the Internet)

[Root @ localhost ~] # Yum install vsftpd

Setting up Install Process

Parsing package install arguments

Resolving Dependencies

-> Running transaction check

-> Package vsftpd. i386. 0.5-12. el5 set to be updated

Filelists.xml.gz 100% | =====================| 648 kB

Http://ftp.hostrino.com/pub/centos/5.2/ OS /i386/rep odata/filelists.xml.gz: [Errno 4] Socket Error: timed out

Trying other mirror.

Filelists.xml.gz 100% | =====================| 2.8 MB

Filelists.xml.gz 100% | =======================| 1.1 MB

Filelists.xml.gz 100% | =====================| 132 kB

Filelists.xml.gz 100% | =======================| 150 B

-> Finished Dependency Resolution

Dependencies Resolved

========================================================== ============================================

Package Arch Version Repository Size

========================================================== ============================================

Installing:

Vsftpd i386 2.0.5-12. el5 base 137 k

Transaction Summary

========================================================== ============================================

Install 1 Package (s)

Update 0 Package (s)

Remove 0 Package (s)

Total download size: 137 k

Is this OK [y/N]: y

Downloading Packages:

(1/1): vsftpd-2.0.5-12.el 100% |=========================| 137 kB

Warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID e8562897

Importing GPG key 0xE8562897 "CentOS-5 Key (CentOS 5 Official Signing Key)" from http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

Is this OK [y/N]: y

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

Installing: vsftpd ######################## [1/1]

Installed: vsftpd. i386. 0.5-12. el5

Complete!

[Root @ localhost ~] #

3. After ftp installation, comment out the root line in the/etc/vsftpd/user_list file and/etc/vsftpd/ftpusers file.

# Root

4. Run the following command:

# Setsebool-P ftpd_disable_trans = 1

Modify/etc/vsftpd. conf and add local_root =/in the last line/

5. restart the ftp process # service vsftpd restart

Note: every time you modify the ftp-related configuration file, you must restart the ftp process to take effect.

The ftp server can be used.

**************************************** *****************************

Ii. vsftpd configuration file description:

Vsftpd. ftpusers: located in the/etc directory. It specifies which user accounts cannot access the FTP server, such as root.

Vsftpd. user_list: located in the/etc directory. The user account in this file cannot access the FTP server by default. Access is allowed only when the userlist_enable = NO option is enabled in the vsftpd. conf configuration file.

Vsftpd. conf: located in the/etc/vsftpd directory. Customize FTP server configurations, such as user logon control, user permission control, timeout settings, server function options, server performance options, and server response messages.

(1) User Logon Control

Anonymous_enable = YES, allows anonymous users to log on.

No_anon_password = YES. You do not need to enter a password when logging on as an anonymous user.

Local_enable = YES, allow local users to log on.

Deny_email_enable = YES, you can create a file to save the blacklist of some anonymous emails to prevent these people from using Dos attacks.

Banned_email_file =/etc/vsftpd. banned_emails. When the deny_email_enable function is enabled, the required path for saving the email blacklist is/etc/vsftpd. banned_emails by default ).

(2) user permission Control

Write_enable = YES. enable the global upload permission.

Local_umask = 022. The umask of the local user's uploaded file is set to 022 (the default value is 077. Generally, it can be changed to 022 ).

Anon_upload_enable = YES, which allows anonymous users to have the upload permission. Obviously, you must enable write_enable = YES to use this option. At the same time, we must create a directory that allows ftp users to read and write data (as mentioned earlier, ftp is mapped to user accounts by anonymous users ).

Anon_mkdir_write_enable = YES. Anonymous Users are allowed to create directories.

Chown_uploads = YES. If this option is enabled, the owner of the file to be uploaded anonymously will be changed to another user account. Note that you are advised not to specify the root account as the owner of the file to be uploaded anonymously!

Chown_username = whoever. When chown_uploads = YES is enabled, the specified owner account must be replaced by an appropriate user account.

Chroot_list_enable = YES. You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = YES, the specified users in this list are unrestricted.

Chroot_list_file =/etc/vsftpd. chroot_list. If chroot_local_user = YES, specify the Save path for the List (chroot_local_user) (/etc/vsftpd. chroot_list by default ).

Nopriv_user = ft1_cure: Specifies a secure User Account to allow the FTP server to be used as an independent user with full isolation and no privileges. This is a recommended option For vsftpd systems.

Async_abor_enable = YES. We strongly recommend that you do not enable this option, otherwise it may cause errors!

Ascii_upload_enable = YES; ascii_download_enable = YES. By default, the server will pretend to accept requests in asc ii mode but ignore such requests, enabling these two options enables the server to implement transmission in asc ii mode.

Note: enabling the ascii_download_enable option will enable malicious remote users to use commands such as "SIZE/big/file" in asc ii mode to consume a large amount of FTP server I/O resources.

The configuration options in asc ii mode are divided into upload and download, so that we can allow upload in asc ii mode (this can prevent the upload of malicious files such as scripts from crashing ), this vulnerability does not cause DoS attacks.

(3) User connection and timeout options

Idle_session_timeout = 600. You can set the default idle time-out period. If you do not wait for this period, the server will be kicked out.

Data_connection_timeout = 120, set the default data connection timeout time.

(4) server logs and welcome information

Dirmessage_enable = YES, which allows you to display information for directory configuration and the content of the message_file file under each directory.

Ftpd_banner = Welcome to blah FTP service. You can customize the Welcome information that FTP users can see when they log on to the server.

Xferlog_enable = YES, enabling the function of recording upload/Download activity logs.

Xferlog_file =/var/log/vsftpd. log. You can customize the log file storage path and file name. The default value is/var/log/vsftpd. log.

Anonymous_enable = YES allow anonymous login local_enable = YES Allow Local User Login

Write_enable = YES: Write Permission for Local Users

Local_umask = 022 set the local user-generated file mask to 022

# Anon_upload_enable = YES this setting allows anonymous users to upload files

# Anon_mkdir_write_enable = YES Enable write and Directory Creation permissions for anonymous users

Dirmessage_enable = YES when you switch to a directory, the contents of the. message file under the directory are displayed.

Xferlog_enable = YES activate upload and download logs

Connect_from_port_20 = YES Connection Request for enabling the FTP data port

# Chown_uploads = YES indicates whether the upload permission is granted. The user is specified by the chown_username parameter.

# Chown_username = whoever specifies the user with the upload permission. This parameter is used with chown_uploads.

# Xferlog_file =/var/log/vsftpd. log

Xferlog_std_format = YES use the standard ftpd xferlog log format

# Idle_session_timeout = 600 this setting will be interrupted after the user's session is idle for 10 minutes

# Data_connection_timeout = 120 will be interrupted after the data connection is idle for 2 minutes

# Ascii_upload_enable = YES enable the upload ASCII Transmission Mode

# Ascii_download_enable = YES enable the download ASCII Transmission Mode

# Ftpd_banner = Welcome to blah FTP service

# Deny_email_enable = NO. The default value of this parameter is NO. If the value is YES, you are not allowed to use the banned_email_file parameter to specify the e-mail address listed in the file.

# Banned_email_file =/etc/vsftpd. banned_emails specifies the file containing the rejected email address.

# Chroot_list_enable = YES: After logging on to a local user, you cannot switch to a directory other than your own directory.

# Chroot_list_file =/etc/vsftpd. chroot_list

# Ls_recurse_enable = YES

Pam_service_name = vsftpd: Set the name of the configuration file for the PAM Authentication Service, which is stored in/etc/pam. d/

Userlist_enable = YES this configuration/etc/vsftpd. the user specified in user_list cannot access the server either. If userlist_deny = No is added, only/etc/vsftpd is added. users in the user_list file can access the server, but other users cannot access the server. For example, if userlist_enable = NO and userlist_deny = YES, users specified in the file/etc/vsftpd. user_list cannot access the server, while other local users can access the server.
Listen = YES indicates that VSFTPD is started independently.

Tcp_wrappers = YES TCP_Wrappers remote access control mechanism is used in VSFTPD. The default value is YES.

3. Create an account named test for configuration.
After configuring FTP according to the actual situation, the following example shows how to create an FTP account and perform simple configuration:

1. Create an account named test:
# Mkdir/tmp/test // first create a directory
# Adduser-d/tmp/test-g ftp-s/sbin/nologin test //-s/sbin/nologin makes it unable to log on to the system, -d indicates that the user directory is/opt/srsman. That is, this account can only log on to ftp, but cannot log on to the system.
# Passwd test
Changing password for user beinan. // you will be prompted to set a new password.
New password:
Retype new password:
Passwd: all authentication tokens updated successfully
Account Created!

2. restrict user directories and do not change directories to superiors.
Modify/etc/vsftpd. conf
Convert the two rows
# Chroot_list_enable = YES
# Chroot_list_file =/etc/vsftpd. chroot_list
Comment removed
Chroot_list_enable = YES
Chroot_list_file =/etc/vsftpd/chroot_list
Add a file:/etc/vsftpd/chroot_list
User name to be restricted for content writing:
Test
Restart vsftpd
# Service vsftpd restart

3. Add the ftp process to the Startup File to prevent the server from being shut down or restarted after it is started:
(1) Find the/etc/rc. local file.
(2) open the file and add service vsftpd start in the last line.
(3) Save and exit

4. Enter ftp: // 192.168.179.30 (enter the IP address of the ftp server) in "My Computer" to enter the ftp server, and enter the configured account to log in.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.