Linux FTP Setup and related problem solving

Source: Internet
Author: User

1. See if VSFTP is installed
Rpm–qa|grep vsftpd
If the vsftpd-2.0.5-16.el5_5.1 instructions are installed Vsftp

Installing VSFTP
Yum-y Install VSFTPD
2. Test whether the installation is successful (IP to yourself ah, do not use my login for anonymous login user:anonymous password is empty if successful login will have the following content this indicates that VSFTPD installation succeeded) If you do not have an FTP command, run the Yum install-y ftp

[[Email protected] ~] #service vsftpd Start

For vsftpd start vsftpd:[OK]
[[Email protected] ~] #ftp 127.0.0.1
Connected to127.0.0.1.
(VsFTPd 2.0.5)
530 Loginwith USER and PASS.
530 Loginwith USER and PASS.
KERBEROS_V4 Rejectedas an authentication type
Name (127.0.0.1:root): Anonymous
331 specifythe password.
Password:
Loginsuccessful.
Remote system Typeis UNIX.
Using binary mode totransfer files.
Ftp> bye
221 Goodbye.
[Email protected] ~]#

3. Modify the configuration file/etc/vsftpd/vsftpd.conf

[[Email protected] ~] #vi/etc/vsftpd/vsftpd.conf

Uncomment or add a comment earlier in this section

anonymous_enable=yes/no whether anonymous user access is allowed

Chroot_list_enable=yes Limited User can not leave the home directory

Chroot_list_file=/etc/vsftpd/chroot_list

Loca_enable=yes/no whether local users can access note: If no then all virtual users will not be able to access the reason: Virtual user access on the host is actually accessed by local users

PAM_SERVICE_NAME=VSFTPD PAM Certified file name in/ETC/PAM.D/VSFTPD

Guest_enable=yes enabling the Virtual user feature

Guest_username=ftp the host user of the specified virtual user –centos has a built-in FTP user in it (note: The user specified in the chroot_list_file=/etc/vsftpd/chroot_list file)

user_config_dir=/etc/vsftpd/vuser_conf setting up a service profile for a virtual user's personal vsftp

(spaces cannot appear after this file)

4. See if DB4 db4-utils is installed

[[Email protected] ~] #rpm-qa|grep DB4 after running the following instructions have been installed can use the Db_load command (mainly db4-utils)
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-devel-4.3.29-10.el5_5.2
db4-4.3.29-10.el5_5.2
db4-tcl-4.3.29-10.el5_5.2
db4-utils-4.3.29-10.el5_5.2
[Email protected] ~]#

Install Db4-utils if not installed
4.1 Installing Db4-utils
[[Email protected] ~] #yum-y install Db4-utils
5. Create a Chroot_list_file=/etc/vsftpd/chroot_list file

[[Email protected] ~] #vi/etc/vsftpd/chroot_list (edit file to write the value of Guest_username in/etc/vsftpd/vsftpd.conf to the file in this case, FTP)

Or just follow the steps below

[[Email protected] ~] #touch/etc/vsftpd/chroot_list

[[email protected] ~]# echoftp >>/etc/vsftpd/chroot_list (here FTP is also/etc/vsftpd/vsftpd.conf value in Guest_username)
6. Create a Virtual user directory (password text)

[[Email protected] ~] #vi/etc/vsftpd/vftpuser.txtx (odd behavior username, even behavior password)

This article is added as follows (viewed with the cat command)

[[Email protected] ~] #cat/ETC/VSFTPD/VFTPUSER.TXTX
Hope
Hope
Aa
Zzzzz
[Email protected] ~]#
7. Generate a DB file for the virtual user

[[Email protected] ~] #db_load-T-t hash-f/etc/vsftpd/vftpuser.txtx/etc/vsftpd/vftpuser.db
8. Generate authentication files for virtual users

[[Email protected]]# vi/etc/pam.d/vsftpd
#%pam-1.0

Session optional pam_keyinit.so Force revoke
Auth Required pam_listfile.so Item=user sense=denyfile=/etc/vsftpd/ftpusers onerr=succeed
Auth Required pam_shells.so
Auth include System-auth
Account include System-auth
Session include System-auth
Session Required Pam_loginuid.so

Comment out all the content in the/etc/pam.d/vsftpd anyway, it's not certified by the local user.

Pay special attention to the following differences
The 32-bit system adds the following two sentences:
Auth Required pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required Pam_userdb.so Db=/etc/vsftpd/vftpuser
The 64-bit system adds the following two sentences:
Auth required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vftpuser
Account Required/lib64/security/pam_userdb.sodb=/etc/vsftpd/vftpuser

Here I found that add the DB suffix after the database is not recognized, 51cto a big tutorial inside is added db, the results can not read the database, of course, it will not be certified.

Note: Vftpuser in Db=/etc/vsftpd/vftpuser is the db file of the virtual user you generated

9. Create your own profile for each virtual user, the path to the configuration file is in/etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/vuser_conf Path

Under/etc/vsftpd/vuser_conf/, create a file with the username name (the name is the odd line below/ETC/VSFTPD/VFTPUSER.TXTX)

[[Email protected]]# cat/etc/vsftpd/vftpuser.txtx
Hope
Hope
Aa
Zzzzz

[Email protected]]# mkdir vuser_conf

[[Email protected]]# vi/etc/vsftpd/vuser_conf/hope

The contents are as follows

Local_root=/var/www (virtual user's root directory based on actual modification)
Write_enable=yes (writable)
Download_enable=yes
Anon_world_readable_only=no
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
local_umask=022

10. Give permission to the folder (otherwise you can not upload the rights to self-set I give is 777)

[Email protected]]# chmod 777/var/www/
11. Restart VSFTPD

[[Email protected]]# service VSFTPD Restart

To this installation configuration complete if a connection is made to the same bit weight or other errors please view the current mode of SELinux

12. Login Test

[[Email protected] vsftpd]# FTP 127.0.0.1

Connected to 127.0.0.1.

(VsFTPd 2.0.5)

530 Login with USER and PASS.

530 Login with USER and PASS.

Kerberos_v4 rejected as Anauthentication type

Name (127.0.0.1:root): Hope

331 Specify the password.

Password:

Oops:cannot changedirectory:/var/www

Login failed.

Ftp>

View methods

[Email protected] vsftpd]# Getenforce

Enforcing if present (enforcing)

Close method: [[email protected] vsftpd] #setenforce 0 (0|1 open | off)

Test Login successfully again

[Email protected] vsftpd]# chmod 777/var/www/

[[Email protected] vsftpd]# FTP 127.0.0.1

Connected to 127.0.0.1.

(VsFTPd 2.0.5)

530 Login with USER and PASS.

530 Login with USER and PASS.

Kerberos_v4 rejected as Anauthentication type

Name (192.168.1.107:root): Hope

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

To see how many bits of the system are commands

[Email protected] ~]# getconf long_bit

64 (64|32)

General Windows access to the FTP server if there is a problem with the issue of permissions, in the bird Brother's Linux server architecture there is a solution

As
In the preface, FTP uses two ports, plus a randomly enabled data stream port, and a passive online
Server ports, and so on, you may have to do:
Join Iptables's ip_nat_ftp, ip_conntrack_ftp two modules

Open port 21 for Internet use

Open the port 65400~65410 port mentioned in the previous section for Internet connection

[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
# Add a few lines to the bottom!
pasv_min_port=65400
pasv_max_port=65410
[Email protected] ~]#/etc/init.d/vsftpd restart

Add module: Although the Iptables.rule has been added to the module, but the system file or modify the good
The
[Email protected] ~]# Vim/etc/sysconfig/iptables-config
iptables_modules= "Ip_nat_ftp ip_conntrack_ftp"
# Join the module! Two modules in the middle of the space bar separated! Then restart the Iptables service
Hello
[Email protected] ~]#/etc/init.d/iptables restart
# 2. The script to modify Iptables.rule is as follows:
[Email protected] ~]# Vim/usr/local/virus/iptables/iptables.rule
Iptables-a input-p tcp-i $EXTIF--dport--sport 1024:65534-j
ACCEPT
# Find the line above and take off the previous comment! and add the bottom line!
Iptables-a input-p tcp-i $EXTIF--dport 65400:65410--sport

1024:65534-j ACCEPT
Restart the firewall.

Linux FTP Setup and related problem solving

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.