Installing the FTP server on CentOS 7

The FTP server that is commonly used in Linux systems is vsftpd, so I'll take a look at how I installed VSFTPD on a Linux host without vsftpd installed.

1. Install VSFTPD Package

sudo  Yuminstall vsftpd

2. Configure FTP Account

In the Linux system, the FTP account is also a special system user, but the FTP account permissions need special settings. So, let's add an FTP account first:

sudo  useradd -d/home/www www

Where Useradd is the command to add a user, the command is available only to users of the Super users group. The parameter "-D" indicates that the user's home directory is specified after the parameter. One of the last parameters is the FTP user name.

Then set the password for the WWW User:

Www

Enter the password two times as prompted.

3, set the permissions of WWW users:

/sbin/nologin www

Where Usermod is a command to modify user information, it can only be used by members of the Super users group. The parameter "-S" indicates that the shell used by the user login is specified later in the parameter. We can see what shell:cat/etc/shells are in the system.

The following are shown on my CentOS 7:

/bin/sh
/bin/bash
/sbin/nologin
/usr/bin/sh
/usr/bin/bash
/usr/sbin/nologin
/bin/tcsh
/bin/csh

We can see that there are two shell named Nologin, in fact, the two are the same, but the/sbin directory is the directory of/usr/sbin directory, which is what we usually call the folder shortcut. If we assign a user to a shell that he uses to log in, it means that he will not be allowed to log in to the system using SSH, but he can still have other permissions, Nologin. For security purposes, the FTP account we just created won't allow him to have SSH access to the system, so he needs to set his login shell to Nologin.

Setup can not log in is not finished, imagine, if the FTP user to log into the system through FTP, he can see in addition to his home directory, is not also able to switch to other non-home directories under the directory, the answer is of course, if not the qualification is so. Therefore, we also need to limit the WWW users to see only their own home directory of things. Oh, well, don't forget that an anonymous user has to be banned.

These configurations need to be configured in the VSFTPD configuration file:

/etc/vsftpd/vsftpd.conf

So, there are so many options in the configuration file, which we should configure, do not worry, we can go to VSFTPD official website to find the answer. But unfortunately, I can not open the official website, it's okay, we could go to wikipedia.org look, soon I opened the Wikipedia on the VSFTPD entry, I found that there is not how to configure VSFTPD, but I am in the below external link " External links "List of Config directives" was found and opened, and I found this was the configuration description I was looking for.

Looking down from top to bottom, I found some settings about anonymous accounts, which start with "anon", most of which are no, I see "anon_world_readable_only" and "anonymous_enable" The default value for these two items is yes. Where the "anon_world_readable_only" option is yes, allowing anonymous users to download files on the server is obviously not allowed, so this option should be set to No. The "anonymous_enable" option controls whether anonymous users are allowed to log on to the FTP server, and it is clear that this should also be set to No. Therefore, we need to configure the following two items in the configuration file:

Anon_world_readable_only=no
Anonymous_enable=no

Looking down, I found that I can change the user root directory of the two options "Chroot_local_user" and "chroot_list_enable", where Chroot is actually a C function named chroot (const char *path), The purpose of this function is to change the calling process's root directory to the specified path. If the value of the option "Chroot_local_user" is set to Yes, then the local user will be locked into his own root directory after being logged in via FTP, instead of being allowed to switch to a directory other than its own root directory and its subdirectories. If the option "Chroot_list_enable" is set to Yes, then VSFTPD will allow us to specify a file containing a list of local users through the "chroot_list_file" option to control which users will be locked into their root directory after logging in.

We need to note that the actual meaning of the "chroot_local_user" option and the "chroot_list_enable" option combination is the opposite. What do you mean, I'll use a table below to illustrate:

Chroot_local_user	Chroot_list_enable	Actual meaning
YES	YES	Only the users listed in "Chroot_list_file" will not be locked into their root directory.
YES	NO	All local users are locked into their own root directory.
NO	YES	Only users listed in "Chroot_list_file" will be locked into their root directory.
NO	NO	All local users are not locked into their own root directory.

Therefore, usually the option "Chroot_local_user" and the option "chroot_list_enable" should not be used at the same time, unless there is a special hobby.

I only need to set the "chroot_local_user" option here:

Chroot_loacl_user=yes

Looking down, I found an option called "Connect_from_port_20", which controls how FTP is transmitted and, if set to Yes, transmits the data using port mode. About the FTP transmission way, the Baidu Library has the detailed description: Http://wenku.baidu.com/view/728dc0104431b90d6c85c79c.html the corresponding also has the PASV way, for this way, we need to " Connect_from_port_20 "option is set to No or commented out. You should also set the following options:

Pasv_enable=yes
PASV_MAX_PORT=PASV Mode Maximum Port
PASV_MIN_PORT=PASV Mode Minimum Port

However, the PASV mode is usually applied to multiple clients and I use it alone, so I don't need to use this mode. So I just set "Connect_from_port_20=yes" on OK.

4. Restart the VSFTPD server:

/ETC/INIT.D/VSFTPD restart

Reference documents

• Http://vsftpd.beasts.org/vsftpd_conf.html
• Http://man7.org/linux/man-pages/man2/chroot.2.html

Installing the FTP server on CentOS 7