Linux to open FTP and add User Configuration permissions, only allow access to their own directory, not to jump root directory

article source: http://www.cnblogs.com/mrcln/p/6179673.html1. Switch to the root user

2. Check if VSFTP is installed, I have installed this.

[Email protected] vsftpd]# Rpm-qa | grep vsftpdvsftpd-3.0.  2-11.el7_2.x86_64    

3. If not found, install.

Install vsftpd*-y

4. Start the VSFTPD service and restart the command (centos7.0 or later)

[[email protected] vsftpd]#/bin/systemctl start vsftpd.service[[email protected] vsftpd]#/bin/systemctl restart Vsftpd.service

Lower version try these commands:

/ETC/INIT.D/VSFTPD restart

Start ftp command #service vsftpd start stop ftp command #service vsftpd stop restart FTP command #service vsftpd restart

Set self-start: Chkconfig vsftpd on

5. Test if you can log in to FTP, install an FTP client component first.

Try logging in

Enter user name FTP, password (because the default is to allow anonymous)

A successful login means that the FTP service is available.

However, the external network is not accessible, so continue to configure.

6. Cancel Anonymous Login

Vi/etc/vsftpd/vsftpd.conf

Change the anonymous_enable=yes of the first line to No

Restart

[Email protected] vsftpd]#/bin/systemctl restart Vsftpd.service

7. Create a group to hold the FTP user

Groupadd ftpgroups

8. Create an FTP user, and join the Ftpgroups group,/HOME/FTP is the directory you built, does not exist to create a

useradd-d/home/ftp/ftptest-g ftpgroups ftptest

Set Password

passwd ftptest

setting is not allowed for user logon

Usermod-s/sbin/nologin Ftptest

You can see it's been built.

ls/home/ftpFTPN  ftptest 

Restart the VSFTPD service at this moment

/bin/systemctl Restart Vsftpd.service

Login to see, you can log in, but found also access to the upper directory, or even the root directory, which is not what we want, modify the configuration file so that it can only access its own directory

Vi/etc/vsftpd/vsftpd.conf

Settings as follows

chroot_local_user=yeschroot_list_enable=yes# (default follows) Chroot_list_file=/etc/vsftpd/chroot_list 

In addition, since 2.3.5, VSFTPD enhanced security checks, if the user is limited to their home directory, then the user's home directory can no longer have write permission! If the check finds that there are write permissions, the error is reported.

To fix this error, you can use the command chmod a-w/home/user to remove the Write permission from the user's home directory, and be careful to replace the directory with your own. Or you can add the following in the VSFTPD configuration file:

Allow_writeable_chroot=yes

OK, so you can only access the directory that you belong to.

If you want a user to be able to access the root directory, add the user name to

/etc/vsftpd/chroot_list

Does not exist create this file, one line at a user name.

If you still can not login FTP, it is probably the problem of selinux, this thing to turn him off on the line

Vi/etc/selinux/config

Selinux=enforcing set into selinux=disabled

Reboot the server

Reboot

Restart it. Don't forget to open the VSFTPD service, which is self-starting by default.

If the connection is not up, it is likely that the firewall is blocking, trying to shut down the firewall

Systemctl Stop Firewalld.service #停止firewallsystemctl disable Firewalld.service #禁止firewall开机启动firewall-cmd--state # View default firewall status (show notrunning after turn off, show running on when turned on)

If a remote folder cannot be displayed, use an active mode connection and set it on your FTP tool.

Article Source: http://www.cnblogs.com/mrcln/p/6179673.html

Linux to open FTP and add User Configuration permissions, only allow access to their own directory, not to jump root directory