Set up a vsftpd File Transfer Server in CentOS

I. preparations before configuration: 1. install vsftpd package yuminstallvsftpd2. view vsftpd startup status chkconfig-listvsftpd3. set vsftpd2345 to the startup chkconfig-level2345vsftpdon4. view the Firewall Status/etc/init. d/iptablesstatus5. add open port 21 iptables-IINPUT-ptcp-dport21-jACCEPT6. save and restart the Firewall/etc/init. d/iptablessave/etc/init. d/iptablesrestart port 21 is only applicable to active mode of the server. If it is passive mode, the server must open other ports, and the port range is specified in the configuration file. Most FTP clients use the passive mode by default. In this case, you must specify the FTP client mode: (1 ). IE: Tools-> Internet Options-> advanced-> "use Passive FTP" (only supported by IE6.0 or later). Remove the preceding check box. (2 ). flashFXP: option-> Parameter Selection-> proxy/Firewall/identification-> "Active Mode" or site management-> corresponding site-> Option-> "Active Mode" or "quick connection-> switch-> "use active mode ". 7. view selinux status/usr/sbin/sestatus8. disable selinux/usr/sbin/setenforce0 and immediately disable vi/etc/sysconfig/selinux to modify the configuration file. SELINUX = disabledreboot will take effect after restart. vsftpd three login Methods configuration 1. for anonymous login, first back up the master configuration file cp/etc/vsftpd. conf/etc/vsftpd. conf_bakvi/etc/vsftpd. confwrite_enable = YES # enable any form of write permissions (such as uploading and deleting files). The default value is NOanon_root =/var/ftp/# Set the root directory of anonymous users, the default value is/var/ftp/anon_upload_enable = YES # whether anonymous users are allowed to upload files. If YES, NO is allowed. The default value is "NOanon _ Mkdir_write_enable = YES # whether anonymous users are allowed to write data to the Created directory. YES, NO value by default, NOanon_other_write_enable = YES # whether anonymous users are allowed to write data. If YES is allowed for renaming, overwriting, and deleting files, NO is allowed. By default, NO value is set, that is, NOanon_umask = 022 # sets the permission mask for the files uploaded by anonymous users, the default value is 077. When the value is 022, the new Directory Creation permission is 777-022 = 755, And the File Permission is 666-022 = 644anon_max_rate = 500000 # Restrict the maximum transmission rate of anonymous users (0 is unlimited ), the Unit is Bytes/s. Here, it is 500 KBytes/s, the default value is 0 to modify the folder permission chownftp/var/ftp/pub so that anonymous users can log on to the pub folder and perform operations. Do not change the owner of/var/ftp to ftp, or set the permission to 777. The default permission is 755. Otherwise, an error is reported. /Etc/init. d/vsftpdrestart2. local logon mode: vi/etc/vsftpd. confwrite_enable = YES # enable any form of write permissions (such as file upload and deletion). The default value is NOlocal_enable = YES # Can a local system user log on to vsftpd, the default value is YESlocal_umask = 022 # permission mask for the files uploaded by the local user. The default value is 077. When the value is 022, the permission for creating a new directory is 777-022 = 755, the File Permission is 666-022 = 644 # local_max_rate = 500000 # Restrict the maximum transmission rate of local users (0 is unlimited), measured in Bytes/s, where 500 KBytes/s, the default value is 0userlist_enable = YES # Whether to enable the user_list user list file. The default value is NOuserlist_deny = YES # Whether to disable users in the user_list file from logging on to the FTP server The default value is YES. When userlist_enable = YES and userlist_deny = YES, users in the user_list file are prohibited from logging on to the FTP server. When userlist_enable = YES and userlist_deny = NO, only users in the user_list file can log on to the FTP server userlist_file =/etc/vsftpd/user_list # the absolute path of the user list file. The default value is/etc/vsftpd. user_listpam_service_name = vsftpd # Set the PAM file location for user authentication (/etc/pam. d/file name corresponding to the directory). The default value is vsftpd. Note that if you set a virtual user, you may have to change the name here. Chroot_list_enable = YES # Whether to enable or disable lock on the Home Directory List (blacklist). YES indicates enabled, NO indicates disabled, and the default value is NO, to enable chroot_local_user = NOchroot_list_file =/etc/vsftpd/chroot_list # Lock the path of the Home Directory List (blacklist). The file format is one user per row, this option is not set by default # chroot_local_user = YES # Whether to lock the local user to the home directory, YES is enabled, NO is disabled, the default value is NO, # when this item is activated, the functions of the chroot_list_enable and chroot_local_users parameters will change. # users in the files specified by chroot_list_file will not be locked in their own directories # passwd_chroot_enable = YES # If enabled with chroot_local_user () the container location can be specified based on each user. # Each user's container comes from the field of each user's own directory in/etc/passwd # local_root =/var/ftp/# sets the local user's root directory. The default value is none, the default directory will be in your home directory. This option is applicable when the FTP root directory needs to be fixed # user_config_dir =/etc/vsftpd/loginuser. dir defines the directory where the user's personal configuration file is located. The user's personal configuration file is the file with the same name under this directory # guest_enable = YES # Sets whether access to virtual user accounts is supported. If this function is enabled, all non-Anonymous logins are considered as guest. The default value is NO # guest_username = virtual # defines the username of the guest user in the system. The default value is the four items above ftp. If you set a local user to access your home directory, you must comment them out. For example, add a user wssuseraddwss-d/var/wss-s/sbin/nologin to specify a specific directory and set a password for his/her home directory passwdwss so that he can access the specified directory. specify a specific directory, you can modify usermod-d/var/wsswsschownwss: wss/var/wssvi/etc/vsftpd/chroot_listwss in the following way to ban users from the/etc/init directory at home. d/vsftpdrestart3. virtual login: Install db_load tool yumlist | grepdb4yum-yinstalldb4db4-develdb4-utils create virtual user name/Password Database vi/etc/vsftpd/loginuser.txt wus.txt ishuaipasswd1! First behavior account, second behavior password and then use db_load tool to convert list file to DB database file cd/etc/vsftpd/db_load-T-thash-floginuser.txtloginuser.db-T: allow non-BerkeleyDB applications to use the DB data file-thash: Specify the basic method for reading data files-f: Specify the user name/password list file fileloginuser. check the chmod600/etc/vsftpd/loginuser file type in db. * reduce file permissions to improve security. Set up the root directory for FTP access and the system account useraddvirtual-d/home/ftp-s/sbin/nologinchownvirtual corresponding to the virtual user: virtual/home/ftp/chmod755/home/ftp/create the PAM Authentication file cd/etc/pam. d/cpvsftpdvsftpd. vuvivsftpd. vuauthr Equiredpam_userdb.sodb =/etc/vsftpd/loginuseraccountrequiredpam_userdb.sodb =/etc/vsftpd/loginuser modify vsftp. conf configuration file to add virtual users to support pam_service_name = vsftpd. vu # Set the PAM file location for user authentication (/etc/pam. d/file name in the directory). The default value is vsftpdwrite_enable = YES # enable this option for any form of write permission (such as file upload and deletion, the default value is NOuser_config_dir =/etc/vsftpd/loginuser. dir # defines the directory where the user's personal configuration file is located. The user's personal configuration file is a file of the same name under the directory. The format of the personal configuration file is vsftpd. the conf format is the same. The default value is no guest_enable = YES # Sets whether virtual user account access is supported. If this function is enabled, All non-Anonymous logins are considered as guest. The default value is NOguest_username = virtual # defines the username of the guest user in the system. The default value is ftp, which creates an independent configuration file mkdir/etc/vsftpd/loginuser for different virtual users. dir/cd/etc/vsftpd/loginuser. dir/configure the virtual user's personal permissions viwushuaishuailocal_root =/home/ftp/wushuaishuai # Set the virtual user's root directory. This setting is special, it is not set to anon_root # anon_world_readable_only = NO # whether to allow only virtual users to download readable documents. YES. Only virtual users can download readable files. # NO. Allows virtual users to browse the file system of the entire server. The default value is YESanon_upload_enable = YES # Whether the virtual user is allowed to upload files. YES, NO, NO, the default value is not set, that is, NOwrite_enable = YES # enable any form of write permissions (such as uploading and deleting files, the default value is NOanon_mkdir_write_enable = YES # Whether the virtual user is allowed to write data to the Created directory. YES, NO, NO, the default value is not set, that is, NOanon_other_write_enable = YES # whether to allow virtual users to have other write permissions. For example, you can rename, overwrite, and delete an object. # YES, NO, default value, that is, NOanon_max_rate = 500000 # limit the maximum transmission rate of virtual users (0 is unlimited), measured in Bytes/s, where 500 KBytes/s, the default value is 0anon_umask = 022 # sets the permission mask for the files uploaded by the virtual user. The default value is 077. When the value is 022, the permission for creating a new directory is 777-022 = 755, the File Permission is 666-022 = 644. Add the root directory mkdir-p/home/ftp/wushuaishuai/to set the root directory permission, if the owner is set to virtual, chowner rtual/home/ftp/wushuaishuai/restart FTP/etc/init. d/vsftpdrestart if you want to report a similar error, it may be because some rows in the configuration file are followed by spaces resulting in 500 OOPS: badboolvalueinconfigfilefor: write_enable build with Flas HFXP is used as an FTP client. It can report errors for debugging.