Configure the red character file top:
Vsftp
D.conf
4.5KB useradd-d/home/bai_du-s/sbin/nologin bai_du Modify access rights: Usermod-d/home/webroot/fourcar.diliulian.com/-s/sbin/nol Ogin Fourcar
- Before creating the FTP server, the command: Ps-ef |grep vsftpd
Feiyuan Star Copyright Q "9715234" Check the system has not installed VSFTPD this server, if it appears as shown in the interface instructions are not installed. Then execute: Yum install vsftpd-y for online installation vsftpd this service. After the installation is successful, the anonymous login fee meta-Star copyright Q "9715234" will be closed. Use command: vim/etc/vsftpd/vsftpd.conf then find in Richeng: Anonymous_enable=no then check vsftpd This service has not been started. Use the command: Chkconfig--list If you like the same fee as shown in Star copyright Q "9715234" does not start. No startup using Startup: Chkconfig--level vsftpd on Environment: FTP is VSFTP. The user named Test is restricted. Restricted path for/home/test User: Under root User: useradd-d/home/test Test//Add user test, and charge meta-Star copyright Q "9715234" fixed test user's home directory is/home/test if directory already exists , there will be a prompt, but do not affect the user's rights to login passwd test//Set the password for test to change the user's corresponding permission settings: usermod-s/sbin/nologin test//Limit user test cannot telnet, only ftpusermod-s /sbin/bash test//user test back to normal usermod-d/test Test//change user test's home directory to/test restrict user access to/home/test only, cannot access other path modifications/etc/vsftpd/ Vsftpd.conf as follows: Chroot_list_enable=yes//Restrict access to own directory # (default follows) Chroot_list_file=/etc/vsftpd/vsftpd.chroot_list There are additional basic enhancement options at the end of the file with the following settings: # new added by netseeklisten_port=5021; command Channel port, default to 21listen_data_port=5020; Data channel port, The default is 20pasv_enable=yes, the passive mode pasv_min_port=10000 is allowed, and the passive mode uses the port range pasv_max_port=10010local_max_rate=200000. User broadband limit Chroot_local_user=yes; Prevent users from leaving the home directory listen_address=192.168.0.21; let him listen ip:192.168.0.21 edit vsftpd.chroot_list files, add restricted users, each user name to complete the configuration file, do not forget to restart the VSFTPD server [[email protected] root]#/etc/init.d/vsftpd Restart if you need to allow the user to change the password, but do not have Telnet login to the system: usermod-s/USR/BIN/PASSWD Test//user Telnet will go directly to the change interface Finally restart the Services: Service VSFTPD Start if a startup failure occurs, you can use:/etc/rc.d/init.d/vsftpd restart successfully linked to the FTP server. ------------------------------------------------------------------------------------------------problems: Login Prompt in Vsftp The first workaround for the Oops:cannot Change Directory is: (1) [[email protected] ~]# setsebool-p ftpd_disable_trans 1Boolean ftpd_d Isable_trans is not defined (I will have this hint here) [[email protected] ~]# getsebool-a |grep ftp_homeftp_home_dir-On (if If it is off, execute the command below) [[[email protected] ~] #setsebool-P ftp_home_dir 1 after execution, then go to the landing test. (2) [[email protected] ~]# setsebool-p ftpd_disable_trans 1 If this command executes successfully, [[email protected] ~]service vsftpd Restart try again (3) if it doesn't work.Just try the bottom way, if it doesn't work, then use the following full way: [[email protected] vsftpd]# setsebool allow_ftpd_full_access 1[[email Protected] vsftpd]# setsebool allow_ftpd_use_cifs 1[[email protected] vsftpd]# setsebool allow_ftpd_use_nfs 1[[ Email protected] vsftpd]# setsebool-p ftp_home_dir 1[[email protected] vsftpd]# setsebool httpd_enable_ftp_ Server 1[[email protected] vsftpd]# setsebool tftp_anon_write 1[[email protected] vsftpd]# service vsftpd restart This is the problem I have encountered, for everyone's reference. Firewall Issues 2: A temporary workaround is to execute the following command: [[email protected] soft]# modprobe ip_nat_ftp Long-term scenario: But when you restart the server then the Iptables rule fails and the same situation occurs, so we need to modify the/etc/sysconfig/iptables-config file, [[email protected] soft]# vi/etc/sysconfig/iptables-config we need to change iptables_modules= "" To: iptables_modules= "Ip_nat_ftp" This eliminates the need to execute mobprobe every time after restarting the server. encountered an issue 3:ftpuser uploading files after signing in to FTP or creating a new directory If "550 Create directory operation failed" is SELinux (security-enhanced Linux----is the United States National Security Agency for the implementation of mandatory access control, Linux is the most outstanding new security subsystem.) Installation mechanism the Ghost. As long as the disable SELinux. PS: Turn off SELinux method [[email protected] ~]# vim/etc/selinux/config change selinux=xxx-->xxx delegate level to selinux= Disabled restart is OK! Issue 4: Resolve VSFTPD connection Error 425 Security:bad IP connectingwww.111cn.net update: 2014-03-18 edit: Mengchu9 Source: Reproduced today on the Linux machine installed a VSFTPD server, the results when the connection occurred 425 Security:bad IP connecting error, after a morning's search summed up a solution to this problem. Error message 425 Security:bad IP connecting is primarily required to add the following line to the/etc/vsftpd/vsftpd.conf file:
The code is as follows |
Copy Code |
Pasv_promiscuous=yes Service vsftpd Restart |
Pasv_promiscuous option Parameter Description: When this option is activated, security checks for PASV mode are turned off. This check ensures that the data connection and the control connection are from the same IP address. Be careful to turn this option on. The only reasonable use of this option is in an organization that is comprised of a secure tunneling scheme. The default value is No. A reasonable usage is to enable it in some secure tunnel configuration environment, or to better support FXP. If not, change subsystem sftp/usr/libexec/openssh/sftp-server to subsystem sftp internal-sftpsystemctl restart Sshd.service Lin Under UX How to modify the user default directory 1, switch to the root user, direct repair meta-Star copyright Q "9715234" change/etc/passwd file, find your user name your line, as shown in modify the path, and then save. 2, switch to the root user, using the Usermod command, such as USERMOD-D/TMP test (test for your user name), use this command please make sure that the user does not run the software or process last switch to the normal account, you will see the fee meta-Star copyright Q "9715234" The current default directory has changed. Feiyuan Star Copyright Q "9715234" FTP allows root login [[email protected] vsftpd]# cat ftpusers# Users that is not allowed to login via ftp#root [[E Mail protected] vsftpd]# cat User_list
"Linux Build FTP Server"---perfect solution-Fayon