標籤:
##############################################################################
1. close the firewall service
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl stop firewalld.service //stop the firewall service
#systemctl disable firewalld.service //disable it to luanch when the system starts up
##############################################################################
2. install iptables
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#yum install iptables iptables-services //install iptables
#vim /etc/sysconfig/iptables //edit iptables‘ configuration file
# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 10060:10090 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
Type <- :wq! -> to save it and leave it out.
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl restart iptables.service //restart the firewall for taking effect
#systemctl enable iptables.service //configure the iptables service automatically reboot when the system starts up
Notice that: 21 port is the FTP server‘s port, however, the ports which are needed on the passive mode of the vsftpd are from 10060 port to 10090 port , these ports you can define by yourself, it is up to you.
##############################################################################
3. Close SELINUX
vim /etc/selinux/config
#SELINUX=enforcing #SELINUXTYPE=targeted SELINUX=disabled
:wq! to save and leave it out.
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#setenforce 0 //Enable configuration to take effect immediately
##############################################################################
4. Install vsftpd
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#yum install -y vsftpd //install vsftpd
#install install -y psmisc net-tools systemd-devel libdb-devel perl-DBI
# systemctl start vsftpd.service
#systemctl enable vsftpd.service
##############################################################################
5. Configure vsftpd server‘s configuation file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak
anon_upload_enable=NOanon_mkdir_write_enable=YESdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESchown_uploads=YES#xferlog_file=/var/log/xferlogxferlog_std_format=YESidle_session_timeout=300data_connection_timeout=1#nopriv_user=ftpsecureasync_abor_enable=YESascii_upload_enable=YESascii_download_enable=YESftpd_banner=Welcome to blah FTP service.#deny_email_enable=YES#banned_email_file=/etc/vsftpd/banned_emailschroot_local_user=YES#chroot_list_enable=YES#chroot_list_file=/etc/vsftpd/chroot_list#ls_recurse_enable=YESlisten=NOlisten_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESuse_localtime=YESlisten_port=21guest_enable=YESguest_username=vsftpduser_config_dir=/etc/vsftpd/vconfvirtual_use_local_privs=YESpasv_min_port=10060pasv_max_port=10090accept_timeout=5connect_timeout=1allow_writeable_chroot=YES
##############################################################################
6. create a virtual user list file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#touch /etc/vsftpd/virtusers
#vim /etc/vsftpd/virtusers
web1123456web2123456web3123456
:wq! to save and leave it out.
##############################################################################
7. generate a virtual user data file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db
#chmod 600 /etc/vsftpd/virtusers.db
##############################################################################
8. Edit /etc/pam.d/vsftpd file and add some information as below
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.backup
#vim /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusersaccount sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers
Note that: if your system is 32bit system, you can modify lib64 into lib, or you will fail to configure it correct.
##############################################################################
9. Create a system user vsftpd, its home directory is /home/wwwroot, set user login console as /bin/false (in order to disable its login function)
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#useradd vsftpd -m -d /home/wwwroot -s /bin/false
##############################################################################
10. Create the configuration file for the virtual user vsftpd
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#mkdir /etc/vsftpd/vconf
#cd /etc/vsftpd/vconf
#touch web1 web2 web3
#mkdir -p /home/wwwroot/web1/http/
#mkdir -p /home/wwwroot/web2/http/
#mkdir -p /home/wwwroot/web3/http/
#vim web1
local_root=/home/wwwroot/web1/http/write_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES
#vim web2
local_root=/home/wwwroot/web2/http/write_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES
#vim web3
local_root=/home/wwwroot/web3/http/write_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YES
##############################################################################
11. Restart vsftpd server
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl restart vsftpd.service
##############################################################################
Thank you for your reading!
That‘s all, at the same time, it‘s my pleasure to share something I know, hope it will be helpful for you.
##############################################################################
Setup and Configure the vsftpd server in CentOS 7 operation system
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
