CentOS7 +vsftpd 之 匿名
Posted Showmu
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7 +vsftpd 之 匿名相关的知识,希望对你有一定的参考价值。
CentOS7 +vsftpd (一)之 匿名
ftp的搭建是一个基础性的工作,CentOS7 +vsftpd 是一个比较容易实现的平台,但在搭建中问题会不少,本系列将通过四篇随笔与大家分享。
一、CentOS7
1、实验环境为:VMware Workstation Pro +CentOS 7 64位最小化安装(略)(网络采用桥接方式)。
2、安装完后,网络设置(如果未能启用网络,请采用以下步骤)
[[email protected] pub]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255 <======================未启用网络设备,没有这些IP,请执行 ifup ens33 inet6 fe80::ccbe:f76:f63f:8270 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:09:37:0a txqueuelen 1000 (Ethernet) RX packets 4721 bytes 426895 (416.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3090 bytes 384658 (375.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [[email protected] pub]# ifup ens33 <=======================ens33 你的网络设备名,
3、安装工具 VIM
yum install -y vim
4、设置静态IP地址
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 <=======================ens33 你的网络设备名 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=4c9cac13-3d1d-451a-88ba-91aaddfa09d5 DEVICE=ens33 ONBOOT=yes <=======================开机启动 BOOTPROTO=static <=================静态IP方式 IPADDR=192.168.1.21 <================IP NETMASK=255.255.255.0 <=================子网掩码 DNS1=192.168.1.1 <=================DNS1 DNS2=114.114.114.114 <=============DNS2 GATEWAY=192.168.1.1 <=============网关
5、测试网络
[[email protected] pub]# ping baidu.com PING baidu.com (123.125.114.144) 56(84) bytes of data. 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=52 time=46.7 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=52 time=48.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=52 time=46.6 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=5 ttl=52 time=40.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=6 ttl=52 time=40.9 ms ^C --- baidu.com ping statistics --- 6 packets transmitted, 5 received, 16% packet loss, time 5023ms rtt min/avg/max/mdev = 40.880/44.798/48.869/3.288 ms
二、vsftp 安装
1、服务器上安装,并测试
[[email protected] ~]# yum install -y vsftpd [[email protected] ~]# systemctl start vsftpd [[email protected] ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. [[email protected] ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-10-05 22:36:52 EDT; 50s ago Main PID: 1661 (vsftpd) CGroup: /system.slice/vsftpd.service └─1661 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf Oct 05 22:36:52 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon... Oct 05 22:36:52 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon. Hint: Some lines were ellipsized, use -l to show in full. [[email protected] ~]# yum install -y ftp [[email protected] ~]# ftp 192.168.1.21 Connected to 192.168.1.21 (192.168.1.21). 220 (vsFTPd 3.0.2) Name (192.168.1.21:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,1,21,244,190). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Aug 03 06:10 pub 226 Directory send OK. ftp> quit 221 Goodbye.
2、进阶设置
通过第一步的安装,说明vsftpd已在服务器上运行,并能在服务器上访问,下面的设置是为了能从网络上访问a、防火墙
[[email protected] ~]# firewall-cmd --zone=public --add-service=ftp --permanent [[email protected] ~]# firewall-cmd --reload
b、匿名用户权限
[[email protected] ~]# cd /etc/vsftpd/ [[email protected] vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh [[email protected] vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F` [[email protected] vsftpd]# ls ftpusers vsftpd.conf vsftpd_conf_migrate.sh user_list vsftpd.conf_2017-10-05 [[email protected] vsftpd]# mkdir /www
[[email protected] vsftpd]# mkdir /www/ftp
[[email protected] vsftpd]# mkdir /www/ftp/pub
[[email protected] vsftpd]# chmod 777 /www/ftp/pub <================匿名用户口的上传目录
[[email protected] pub]# vim /etc/vsftpd/vsftpd.conf <================修改这个配置文件 内容如下
[[email protected] pub]# grep -Ev ‘(^#\s.*|^#|^$)‘ /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_mkdir_write_enable=YES
anon_root=/www/ftp
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
c、SElinux设置
550错误是vsftpd最为常见的错误,多是由SElinux设置、vsftpd.conf和FTP目录权限引起,这三者搞清楚,vsftpd设置起来就很容易,如出错重点也是检查这三处
[[email protected] ~]# getsebool -a | grep ftpd <====================最小化安装Selinux 级别为 1 即 ===>Current mode: enforcing ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off
[[email protected] ~]# setsebool -P ftpd_full_access on <========================开启ftpd全部存取权限
#========================================如果以上仍然不行,可用 setenforce 0 临时下调 Selinux 级别 0 相当于关闭Selinux =====可能确定故障点 ==
[[email protected] ~]# setenforce 1 <====================重新开启Selinux
[[email protected] pub]# systemctl restart vsftpd
三、关键
1、防火墙
2、FTP目录权限
3、vsftpd.conf设置 参见 http://yuanbin.blog.51cto.com/363003/108262/
4、Selinux级别与开关
以上是关于CentOS7 +vsftpd 之 匿名的主要内容,如果未能解决你的问题,请参考以下文章