Set up an FTP server on centos 7 and set up ftp on centos 7

Set up an FTP server on centos 7 and set up ftp on centos 7
Note: This article refers to the CSDN blogger xiaocia's article 《Build an FTP server on CentOS7To verify the feasibility. However, there is one drawback:

After linux is restarted, ftp cannot be accessed. I have also provided correction methods for this. For details, refer to section 7 of this Article.

 

Software environment: + CentOS7a Ming:In my environment, the CentOS installation is minimized. Many tools and software are not installed by default.

I. Install the FTP software package

1: install the software package:Yum install vsftpd-y

2: After installation/Etc/vsftpd. confFile, which is the configuration file of vsftp.

 

 

II:Users who create an FTP server

1. Create a user:

Command:Useradd ftpuserAdd a user ftpuser

Passwd ftpuserSet a password for the ftpuser, during which two prompts are prompted to enter the password for confirmation.

 

 

3. Set a firewall for the FTP server

The default ftp port is 21, but centos is not enabled by default. Therefore, modify the iptables file.

Vi/etc/sysconfig/iptables

 

-A input-p tcp-m state -- state NEW-m tcp -- dport 21-j ACCEPTLast: WqSave

Restart firewall: service iptables restart

Note: The iptables. service file does not exist. Because Centos7 uses firewall as the firewall by default, iptables firewall is changed here.

 

Systemctl start firewalld.service
Systemctl stop firewalld.service
Systemctl disable firewalld.service: disable the startup of firewall

[Root @ bogon ~] #Setsebool-P allow_ftpd_full_access on

[Root @ bogon ~] #Setsebool-P ftp_home_dir on

Finally, install iptables Firewall

sudo yum install iptables-services 

Set firewall startup

sudo systemctl enable iptables

 

 

 

4. Modify seliunx

Note: If the Internet can be accessed, but the directory cannot be returned (the active mode of ftp is used, the passive mode is still inaccessible), and the upload cannot be performed because selinux is an exception.

Getsebool-a | grep ftpThe following statuses are all disabled:

 

Setsebool-P allow_ftpd_full_access on

Setsebool-P ftp_home_dir on

Run the preceding command, and then the returned result shows that both rows are off, indicating that Internet access is not enabled.

The status is on.

This should be okay (if it still doesn't work, check if the ftp client tool is used for passive mode access. If you prompt Entering Passive mode, it indicates passive mode, the default mode is unavailable because the ftp passive mode is blocked by iptables. The following describes how to enable it. If you are too lazy to enable it, check whether the ftp client has port mode options, or remove the passive mode option. If the client still does not work, check whether the firewall is enabled on the host computer on the client)

 

 

5. Disable Anonymous Access

Modify/Etc/vsftpd. conf file

Vi/etc/vsftpd. conf

 

 

 

Restart the FTP service:Service vsftpd restart

 

6. Enable Passive Mode

It is enabled by default, but you must specify a port range to open the vsftpd. conf file, and add

Pasv_min_port = 30000

Pasvanderbilt max_port = 30999

Indicates the port range is 30000 ~ 30999. This can be changed at will. Restart vsftpd.

Because the port range is specified, iptables must be enabled accordingly, so open the iptables file as above.

It is also in the top and bottom of the 21 line, the line is similar, just change 21 to 30000: 30999, then: wq save, restart iptables. This is done.

Certificate ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Before modification:

 

After modification:

 

-============================================== ========================================================== ========================================================== ======================

Modify vsftpd to indicate the port range is 30000 ~ 30999. Restart after modification

 

========================================================== ========================================================== ========================================================== ========================================================== ========================================================== ========

Ttp Tool Test: Because the ip address is 192.168.1.3, the ftp connection IP address is set to this value.

 

========================================================== ==============================

Enable the FTP service in linux

1. First, check whether the ftp software has been installed on the server:
# Which vsftpd
If the directory with vsftpd is displayed, the ftp software has been installed on the server.


2. view the ftp server status
# Service vsftpd status


3. Start the ftp server
# Service vsftpd start


4. Restart the ftp server
# Service vsftpd restart


5. Check whether the service has been started.
# Netstat-an | grep 21
Tcp 0 0 0.0.0.0: 21 0.0.0.0: * LISTEN
If the preceding information is displayed, the ftp service is enabled.


6. To enable the ftp permission of the root user, modify the following two files:
# Comment out root in vi/etc/vsftpd. ftpusers
# Comment out root in vi/etc/vsftpd. user_list
Then restart the ftp service.
 
7. vsftpd 500 OOPS: cannot change directory
Logon error:
C: \> ftp 192.168.0.101
Connected to 192.168.0.101.
220 (vsFTPd 2.0.5)
User (192.168.0.101 :( none): frank
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/frank
Login failed.
Ftp> ls
500 OOPS: child died
Connection closed by remote host.
Solution:
Setsebool ftpd_disable_trans 1
Service vsftpd restart
OK!
 
This is the setting command of SELinux. You can also disable SELinux before you are familiar with SELnux.

========================================================== ========================================================== ==============================================

7. Solve the problem that ftp cannot be accessed after linux is restarted

Solution 1: run the ntsysv command and select the ftp service. The ftp service will be automatically started when the machine is restarted next time. <Note: learn from Baidu Q & A>

The procedure is as follows:

1: Enter ntsysv and press Enter.

2: for example, find the ftp service, switch the cursor to the ftp option, press a space to make it selected, use the tab button to switch the cursor to the OK key, and press Enter.

3. Restart the linux system: reboot. After the system is restarted, use the ftp tool link again to pass the test.