Linux CentOS System Configuration install FTP server

The approximate process is:

First install VSFTP.

1 Installation vsftpd
Yum Install vsftpd
Press Y to enter, the system installs automatically
/ETC/INIT.D/VSFTPD Start #启动vsftpd
Service VSFTPD Restart #重启
Service VSFTPD Stop #停止
Chkconfig vsftpd on #设置开机时自动运行
2. Configure VSFTP Server
Configuration file Description:
/etc/vsftpd/vsftpd.conf vsftpd Core configuration file
/etc/vsftpd/ftpusers is used to specify which users cannot access the FTP server
/etc/vsftpd/user_list Specifies the user list file that is allowed to use VSFTPD
/etc/vsftpd/vsftpd_conf_migrate.sh are some variables and settings scripts for VSFTPD operations
/var/ftp/The root directory of anonymous users by default
========================================================================
Configure/etc/vsftpd/vsftpd.conf
Backup before configuration
Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.confbak
Recover files
Cp/etc/vsftpd/vsftpd.confbak/etc/vsftpd/vsftpd.conf

Vi/etc/vsftpd/vsftpd.conf #配置

Use_localtime=yes #ftp时间和系统同步, please log off if there is an error starting
Reverse_lookup_enable=no #添加此行, solve the problem of client landing slow! Important! The default VSFTPD has enabled DNS response resolution! This needs to be turned off, if there is an error in startup, please log off!

Listen_port=21 #默认无此行, FTP port is 21, add listen_port=2222 to change the default port to 2222, note: Firewall to open 2222 ports at the same time
Anonymous_enable=no #禁止匿名用户
Local_enable=yes
Set for local users to access. Note: Primarily for virtual host users, if the project is set to No, then all virtual users will not be able to access
Write_enable=yes #全局设置, whether to allow writing (either anonymous or local), to enable upload permission, you must open it.
local_umask=022 sets the permission mask for the uploaded file.
Anon_upload_enable=no prevents anonymous users from uploading.
Anon_mkdir_write_enable=no prevents anonymous users from building directories.
Dirmessage_enable=yes set to open the directory banner function.
Xferlog_enable=yes setting to open logging function.
Connect_from_port_20=yes set port 20 for data connection.
Chown_uploads=no settings prohibit uploading files to change the host.
Xferlog_file=/var/log/vsftpd.log Log Save path (first create a good file)
Xferlog_std_format=yes #使用标准格式
The Async_abor_enable=yes setting supports asynchronous transfer functions.
Ascii_upload_enable=yes
Ascii_download_enable=yes sets the upload and download capabilities that support ASCII mode.
Ftpd_banner=welcome to Awei FTP servers set vsftpd landing banner.
Chroot_local_user=yes prevents local users from logging out of their own FTP home directory.
PAM_SERVICE_NAME=VSFTPD Set the authentication profile name for VSFTPD under Pam service. Therefore, Pam validation will refer to the vsftpd file configuration under/etc/pam.d/.
When Userlist_enable=yes is set to Yes, if a user name is in the file specified by the Userlist_file parameter,
They will be denied access directly until they are asked to enter a password.
Does Tcp_wrappers=yes support Tcp_wrappers
idle_session_timeout=300 #超时设置
Data_connection_timeout=1 #空闲1秒后服务器断开
#########################################################
The following are important configuration items for VSFTPD virtual user support.
These settings are not included in the default vsftpd.conf and you need to manually add the configuration yourself
#########################################################
Guest_enable=yes setting enables virtual user functionality.
GUEST_USERNAME=VSFTPD Specify the host user for the virtual user (this is the user we want to create later)
User_config_dir=/etc/vsftpd/vconf set the configuration file storage path for the virtual user's personal vsftp.
In other words, this specified directory will store each VSFTP profile of the virtual user's personality, one that requires attention
The place is the configuration file name must be the same as the virtual user name.
For example vsftpd.conf configuration file, you copy to this directory, you want to MV, configured as a virtual user name

When Virtual_use_local_privs=yes #当该参数激活 (YES), the virtual user uses the same permissions as the local user.
#当此参数关闭 (NO), the virtual user uses the same permissions as the anonymous user. This parameter is off by default (NO).
pasv_min_port=9000 (set the port range for passive mode)
pasv_max_port=9045 (set the port range for passive mode)
Accept_timeout=5 #保持5秒
Connect_timeout=1 #1秒后重新连接
3, first set up a virtual user list file:
Touch/etc/vsftpd/virtusers
Edit Virtual User list file: (First line account, second line password, note: Can not use ROOT to do username, system reservation)
Vi/etc/vsftpd/virtusers
Tian
123456

4. Generate virtual user data files:
Db_load-t-T Hash-f/etc/vsftpd/virtusers/etc/vsftpd/virtusers.db
chmod 600/etc/vsftpd/virtusers.db #设定PAM验证文件 and specifies that the virtual user database file be read ================================================== =====================
5. Add the following information to the head of the/etc/pam.d/vsftpd file (invalid after adding)
Back up Cp/etc/pam.d/vsftpd/etc/pam.d/vsftpdbak before modifying
Restore CP/ETC/PAM.D/VSFTPDBAK/ETC/PAM.D/VSFTPD
Vi/etc/pam.d/vsftpd

Auth sufficient pam_userdb.so Db=/etc/vsftpd/virtusers
Account sufficient pam_userdb.so Db=/etc/vsftpd/virtusers
* Here I'm using a 64 system that doesn't require auth sufficient/lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers
6, a new system user vsftpd, user home directory for/var/www/, user login terminal set to/bin/false (even if it can not login system)

Useradd vsftpd-d/var/www/-s/bin/false
Chown vsftpd:vsftpd/var/www/-R
Chown apache:apache/var/www/-R #如果虚拟用户的宿主用户为apache, this setting is required.
7, the establishment of virtual user personal Vsftp profile
System operation Dimension Warm reminder: qihang01 original content copyright, reprint please specify the source and the original link
Mkdir/etc/vsftpd/vconf
Cd/etc/vsftpd/vconf
Touch tian# Here, create three virtual user profiles

VI Tian #编辑用户web1配置文件, the other is similar to this configuration file

local_root=/var/www/
Write_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
10, the last restart VSFTPD server
/ETC/INIT.D/VSFTPD restart

Use FTP Landing test on the OK.