1. See if VSFTP is installed
Rpm–qa|grep vsftpd
If the vsftpd-2.0.5-16.el5_5.1 instructions are installed Vsftp
Installing VSFTP
Yum-y Install VSFTPD
2. Test whether the installation is successful (IP to yourself ah, do not use my login for anonymous login user:anonymous password is empty if successful login will have the following content this indicates that VSFTPD installation succeeded) If you do not have an FTP command, run the Yum install-y ftp
[[Email protected] ~] #service vsftpd Start
For vsftpd start vsftpd:[OK]
[[Email protected] ~] #ftp 127.0.0.1
Connected to127.0.0.1.
(VsFTPd 2.0.5)
530 Loginwith USER and PASS.
530 Loginwith USER and PASS.
KERBEROS_V4 Rejectedas an authentication type
Name (127.0.0.1:root): Anonymous
331 specifythe password.
Password:
Loginsuccessful.
Remote system Typeis UNIX.
Using binary mode totransfer files.
Ftp> bye
221 Goodbye.
[Email protected] ~]#
3. Modify the configuration file/etc/vsftpd/vsftpd.conf
[[Email protected] ~] #vi/etc/vsftpd/vsftpd.conf
Uncomment or add a comment earlier in this section
anonymous_enable=yes/no whether anonymous user access is allowed
Chroot_list_enable=yes Limited User can not leave the home directory
Chroot_list_file=/etc/vsftpd/chroot_list
Loca_enable=yes/no whether local users can access note: If no then all virtual users will not be able to access the reason: Virtual user access on the host is actually accessed by local users
PAM_SERVICE_NAME=VSFTPD PAM Certified file name in/ETC/PAM.D/VSFTPD
Guest_enable=yes enabling the Virtual user feature
Guest_username=ftp the host user of the specified virtual user –centos has a built-in FTP user in it (note: The user specified in the chroot_list_file=/etc/vsftpd/chroot_list file)
user_config_dir=/etc/vsftpd/vuser_conf setting up a service profile for a virtual user's personal vsftp
(spaces cannot appear after this file)
4. See if DB4 db4-utils is installed
[[Email protected] ~] #rpm-qa|grep DB4 after running the following instructions have been installed can use the Db_load command (mainly db4-utils)
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-tcl-4.3.29-10.el5_5.2
db4-utils-4.3.29-10.el5_5.2
[Email protected] ~]#
Install Db4-utils if not installed
4.1 Installing Db4-utils
[[Email protected] ~] #yum-y install Db4-utils
5. Create a Chroot_list_file=/etc/vsftpd/chroot_list file
[[Email protected] ~] #vi/etc/vsftpd/chroot_list (edit file to write the value of Guest_username in/etc/vsftpd/vsftpd.conf to the file in this case, FTP)
Or just follow the steps below
[[Email protected] ~] #touch/etc/vsftpd/chroot_list
[[email protected] ~]# echoftp >>/etc/vsftpd/chroot_list (here FTP is also/etc/vsftpd/vsftpd.conf value in Guest_username)
6. Create a Virtual user directory (password text)
[[Email protected] ~] #vi/etc/vsftpd/vftpuser.txtx (odd behavior username, even behavior password)
This article is added as follows (viewed with the cat command)
[[Email protected] ~] #cat/ETC/VSFTPD/VFTPUSER.TXTX
Hope
Hope
Aa
Zzzzz
[Email protected] ~]#
7. Generate a DB file for the virtual user
[[Email protected] ~] #db_load-T-t hash-f/etc/vsftpd/vftpuser.txtx/etc/vsftpd/vftpuser.db
8. Generate authentication files for virtual users
[[Email protected]]# vi/etc/pam.d/vsftpd
#%pam-1.0
Session optional pam_keyinit.so Force revoke
Auth Required pam_listfile.so Item=user sense=denyfile=/etc/vsftpd/ftpusers onerr=succeed
Auth Required pam_shells.so
Auth include System-auth
Account include System-auth
Session include System-auth
Session Required Pam_loginuid.so
Comment out all the content in the/etc/pam.d/vsftpd anyway, it's not certified by the local user.
Pay special attention to the following differences
The 32-bit system adds the following two sentences:
Auth Required pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required Pam_userdb.so Db=/etc/vsftpd/vftpuser
The 64-bit system adds the following two sentences:
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required/lib64/security/pam_userdb.sodb=/etc/vsftpd/vftpuser
Here I found that add the DB suffix after the database is not recognized, 51cto a big tutorial inside is added db, the results can not read the database, of course, it will not be certified.
Note: Vftpuser in Db=/etc/vsftpd/vftpuser is the db file of the virtual user you generated
9. Create your own profile for each virtual user, the path to the configuration file is in/etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/vuser_conf Path
Under/etc/vsftpd/vuser_conf/, create a file with the username name (the name is the odd line below/ETC/VSFTPD/VFTPUSER.TXTX)
[[Email protected]]# cat/etc/vsftpd/vftpuser.txtx
Hope
Hope
Aa
Zzzzz
[Email protected]]# mkdir vuser_conf
[[Email protected]]# vi/etc/vsftpd/vuser_conf/hope
The contents are as follows
Local_root=/var/www (virtual user's root directory based on actual modification)
Write_enable=yes (writable)
Download_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_umask=022
10. Give permission to the folder (otherwise you can not upload the rights to self-set I give is 777)
[Email protected]]# chmod 777/var/www/
11. Restart VSFTPD
[[Email protected]]# service VSFTPD Restart
To this installation configuration complete if a connection is made to the same bit weight or other errors please view the current mode of SELinux
12. Login Test
[[Email protected] vsftpd]# FTP 127.0.0.1
Connected to 127.0.0.1.
(VsFTPd 2.0.5)
530 Login with USER and PASS.
530 Login with USER and PASS.
Kerberos_v4 rejected as Anauthentication type
Name (127.0.0.1:root): Hope
331 Specify the password.
Password:
Oops:cannot changedirectory:/var/www
Login failed.
Ftp>
View methods
[Email protected] vsftpd]# Getenforce
Enforcing if present (enforcing)
Close method: [[email protected] vsftpd] #setenforce 0 (0|1 open | off)
Test Login successfully again
[Email protected] vsftpd]# chmod 777/var/www/
[[Email protected] vsftpd]# FTP 127.0.0.1
Connected to 127.0.0.1.
(VsFTPd 2.0.5)
530 Login with USER and PASS.
530 Login with USER and PASS.
Kerberos_v4 rejected as Anauthentication type
Name (192.168.1.107:root): Hope
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
To see how many bits of the system are commands
[Email protected] ~]# getconf long_bit
64 (64|32)
General Windows access to the FTP server if there is a problem with the issue of permissions, in the bird Brother's Linux server architecture there is a solution
As
In the preface, FTP uses two ports, plus a randomly enabled data stream port, and a passive online
Server ports, and so on, you may have to do:
Join Iptables's ip_nat_ftp, ip_conntrack_ftp two modules
Open port 21 for Internet use
Open the port 65400~65410 port mentioned in the previous section for Internet connection
[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
# Add a few lines to the bottom!
pasv_min_port=65400
pasv_max_port=65410
[Email protected] ~]#/etc/init.d/vsftpd restart
Add module: Although the Iptables.rule has been added to the module, but the system file or modify the good
The
[Email protected] ~]# Vim/etc/sysconfig/iptables-config
iptables_modules= "Ip_nat_ftp ip_conntrack_ftp"
# Join the module! Two modules in the middle of the space bar separated! Then restart the Iptables service
Hello
[Email protected] ~]#/etc/init.d/iptables restart
# 2. The script to modify Iptables.rule is as follows:
[Email protected] ~]# Vim/usr/local/virus/iptables/iptables.rule
Iptables-a input-p tcp-i $EXTIF--dport--sport 1024:65534-j
ACCEPT
# Find the line above and take off the previous comment! and add the bottom line!
Iptables-a input-p tcp-i $EXTIF--dport 65400:65410--sport
1024:65534-j ACCEPT
Restart the firewall.
Linux FTP Setup and related problem solving