Install vsftpd on Centos to set up an ftp server

1. Install vsftp

Here, we set up virtual users. The so-called virtual users do not use real accounts, but only map accounts and Set permissions by some means.

Yum install vsftpd

Touch/var/log/vsftpd. log # create a vsftp log File

In CentOS, you can build a simple anonymous FTP. You can access ftp: // yourip, but this FTP does not have any permissions.

2. Start/restart/shut down the vsftpd Server

[Root @ localhost ftp] #/sbin/service vsftpd restart

Shutting down vsftpd: [OK]

Starting vsftpd for vsftpd: [OK]

OK indicates that the restart is successful.

Change restart to start/stop for start and stop respectively.

If the source code is installed, find the start. sh and shutdown. sh files in the installation folder and execute them.

3. files and folders related to the vsftpd Server

The configuration file of the vsftpd server is/etc/vsftpd. conf.

The root directory of the vsftpd server, that is, the home directory of the FTP server:/var/ftp/pub

If you want to modify the path of the server directory, you only need to modify/var/ftp elsewhere.

4. Add a local FTP user (virtual user, simple solution)

Some FTP servers require the user name and password to log on, because FTP users and permissions are set.

FTP users generally cannot log on to the system, but can only access the FTP server's own directory, which is for security.

Such a user is called a virtual user. In fact, it is not a real virtual user, but it cannot log on to the SHELL and has no permission to log on to the system.

/Usr/sbin/adduser-d/opt/test_ftp-g ftp-s/sbin/nologin test

This command indicates:

Use the command (adduser) to add the test user. You cannot log on to the system (-s/sbin/nologin). Your own folder is in (-d/opt/test_ftp )), group ftp (-g ftp)

Then you need to set the ftp logon password passwd test for it.

Passwd test

Changing password for user test.

New UNIX password:

Changing password for user test. New UNIX password:

Note: The PASSWORD here must be a combination of letters and numbers. If the PASSWORD does not comply with the PASSWORD verification mechanism, the change will fail. There will be various errors, "bad password: it's WAY too short ", which indicates that the password is too short and does not comply with/etc/login. defs settings, "bad password: it is based on your username", this is the PASSWORD and account cannot have the same name, this is not consistent with/etc/pam. d/passwd settings. "Bad password: it is based on a dictionary word" is because a character string in the dictionary appears. If you use both English and numbers, no error is reported.

Bytes ----------------------------------------------------------------------------------------------------------

1) in/etc/vsftpd. conf, perform the following CentOS FTP service configuration: (complex solution)

Anonymous_enable = NO: anonymous access is not allowed.

Local_enable = YES indicates that the local user can access it. Note: If a virtual host user is used, all virtual users cannot access the project if the project is set to NO.

Chroot_list_enable = YES so that the user cannot leave the main directory

Xferlog_file =/var/log/vsftpd. log sets the path for saving service logs of vsftpd. Note: This file does not exist by default. Must be manually touch

Ascii_upload_enable = YES

Ascii_download_enable = YES: supports the upload and download functions in ASCII mode.

Pam_service_name = vsftpd PAM Authentication file name. PAM will be authenticated according to/etc/pam. d/vsftpd

The following are important CentOS FTP service configuration items for Vsftpd virtual user support.

By default, vsftpd. conf does not contain these configuration items. You must manually add the CentOS FTP service configuration.

Guest_enable = YES sets to enable the virtual user function.

Guest_username = ftp specifies the host user of the virtual user. -CentOS already has built-in ftp users.

User_config_dir =/etc/vsftpd/vuser_conf set the path for storing the CentOS FTP service file of the virtual user's personal vsftp.

CentOS FTP service file that stores virtual user personality (configuration file name = virtual user name)

2) create a chroot list and add the user ftp:

Touch/etc/vsftpd/chroot_list

Echo test>/etc/vsftpd/chroot_list

3) perform authentication (no authentication is allowed ):

First, install the Berkeley DB tool. Many people cannot find db_load. The problem is that this package is not installed.

Yum install db4 db4-utils

Then, create the User Password text/etc/vsftpd/vuser_passwd.txt, note that the odd line is the user name, even the line is the password

Ftpuser1

Ftppass1

Ftpuser2

Ftppass2

Next, generate the database file for virtual user authentication

Db_load-T-t hash-f/etc/vsftpd/vuser_passwd.txt/etc/vsftpd/vuser_passwd.db

Then, edit the authentication file/etc/pam. d/vsftpd and comment out all the original statements.

Add the following two sentences:

Auth required pam_userdb.so db =/etc/vsftpd/vuser_passwd

Account required pam_userdb.so db =/etc/vsftpd/vuser_passwd

Finally, create a CentOS FTP service file

Mkdir/etc/vsftpd/vuser_conf/

Vi/etc/vsftpd/vuser_conf/ftpuser1

The content is as follows:

Local_root =/opt/var/ftp1 root directory of the virtual user (based on actual modification)

Write_enable = YES writable

Anon_umask = 022 mask

Anon_world_readable_only = NO

Anon_upload_enable = YES

Anon_mkdir_write_enable = YES

Anon_other_write_enable = YES

Bytes -------------------------------------------------------------------------------------------------------------------------

5. Common Errors:

After the installation, you may find that the ftp server is connected, generally due to SELinux problems, for the following reasons:

His system is CentOS and belongs to the RH faction. I have installed and configured vsftpd, and thought it was a success, but the client access prompt is as follows:

500 OOPS: cannot change directory:/home/ftp

The reason is that SELinux is installed in his CentOS system. Because FTP support is not enabled by default, access is blocked.

// View SELinux settings

# Getsebool-a | grep ftp

Ftpd_disable_trans --> off

Ftp_home_dir --> off

// Use the setsebool command to enable

# Setsebool ftpd_disable_trans 1

# Setsebool ftp_home_dir 1

This setting needs to be reset once the operating system is restarted. Here we use the-P parameter.

// Setsebool uses the-P parameter. You do not need to enter this command every time you start the system.

# Setsebool-P ftpd_disable_trans 1

# Setsebool-P ftp_home_dir 1

// Check whether the current status is on

# Getsebool-a | grep ftp

Ftpd_disable_trans --> on

Ftp_home_dir --> on

# Service vsftpd restart

Selinux Configuration

For example, if it is disabled, only warning, and forced, You need to edit/etc/sysconfig/selinux, which is forced by default.

1.553 cocould not create file

This is generally a problem with SELinux. Set a value for SELinux and restart the server.

Setsebool-P ftpd_disable_trans 1

Service vsftpd restart

2.500 OOPS: bad bool value in config file for: write_enable

Note that there is no space at the end of each line in your CentOS FTP service file. Generally, an error is caused by extra spaces.

Open/etc/selinux/config

Change selinux = enforcing to permissive or disabled.

• Enforcing forced mode, which cannot be executed as long as SELinux is not allowed;

• In permissive Warning mode, the event is recorded and can still be executed;

• Disabled SELinux;

• To disable or enable the Service, restart the computer;

• You do not need to restart the computer to switch enforcing and permissive modes using setenforce;

• Getenforce and sestatus check the execution mode;

Disable selinux command: setenforce 0

When my FTP cannot be accessed, the following error occurs: ftp: connect: Unknown error code.

I have asked this question before. My friends said that the LINUX Firewall was not closed.

How can I disable the firewall on LINUX in character mode?

Yongpeng

When my FTP cannot be accessed, the following error occurs: ftp: connect: Unknown error code.

Service iptables stop

Or

/Etc/rc. d/init. d/iptables stop

Nios

When my FTP cannot be accessed, the following error occurs: ftp: connect: Unknown error code.

Thank you,

Does LINUX use this firewall by default ??

By the way, I just found a command to view the service.

/Sbin/service -- status-all

Ftp: connect: Unknown error code

The possible cause is that the ftp service is not successfully started. You can perform the following steps:

1. Check whether the two machines can be pinged.

2. Disable the firewall: service iptables stop (you can also run chkconfig iptables off to disable it. Other services are similar)

3. Check whether port 21 is temporarily used: netstat-ano | grep 21

If it is temporarily used, modify the default ftp port