Setup and Configure the vsftpd server in CentOS 7 operation system

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Setup and Configure the vsftpd server in CentOS 7 operation system相关的知识,希望对你有一定的参考价值。

##############################################################################

1. close the firewall service

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#systemctl stop firewalld.service                     //stop the firewall service

#systemctl disable firewalld.service                 //disable it to luanch when the system starts up

##############################################################################

2. install iptables 

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#yum install iptables iptables-services                        //install iptables

#vim /etc/sysconfig/iptables                      //edit iptables‘ configuration file

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 10060:10090 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

Type  <-  :wq! -> to save it and leave it out.

 

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#systemctl restart iptables.service                   //restart the firewall for taking effect

#systemctl enable iptables.service                   //configure the iptables service automatically reboot when the system starts up

Notice that:   21 port is the FTP server‘s port, however, the ports which are needed on the passive mode of the vsftpd  are from 10060 port to 10090 port , these ports you can define by yourself, it is up to you.

 

##############################################################################

3. Close  SELINUX

vim /etc/selinux/config

#SELINUX=enforcing 

#SELINUXTYPE=targeted 

SELINUX=disabled 

:wq! to save and leave it out.

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#setenforce 0                       //Enable configuration to take effect immediately

 

##############################################################################

4. Install vsftpd

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#yum install -y vsftpd     //install vsftpd

#install install -y psmisc net-tools systemd-devel libdb-devel perl-DBI 

# systemctl start vsftpd.service

#systemctl enable vsftpd.service 

 

##############################################################################

5. Configure vsftpd server‘s configuation file

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak

anon_upload_enable=NO
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
#xferlog_file=/var/log/xferlog
xferlog_std_format=YES
idle_session_timeout=300
data_connection_timeout=1
#nopriv_user=ftpsecure
async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd/banned_emails
chroot_local_user=YES
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd/chroot_list
#ls_recurse_enable=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES
listen_port=21
guest_enable=YES
guest_username=vsftpd
user_config_dir=/etc/vsftpd/vconf
virtual_use_local_privs=YES
pasv_min_port=10060
pasv_max_port=10090
accept_timeout=5
connect_timeout=1
allow_writeable_chroot=YES

 

##############################################################################

6. create a virtual user list file

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#touch /etc/vsftpd/virtusers

#vim /etc/vsftpd/virtusers

web1

123456

web2

123456

web3

123456

:wq! to save and leave it out.

##############################################################################

7. generate a virtual user data file

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db

#chmod 600 /etc/vsftpd/virtusers.db 

##############################################################################

8. Edit /etc/pam.d/vsftpd file and add some information as below

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.backup

#vim /etc/pam.d/vsftpd

auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

 

Note that:   if your system is 32bit system, you can modify lib64 into lib, or you will fail to configure it correct.

##############################################################################

9. Create a system user vsftpd, its home directory is /home/wwwroot, set user login console as /bin/false (in order to disable its login function)

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#useradd vsftpd -m -d /home/wwwroot -s /bin/false

##############################################################################

10.  Create the configuration file for the virtual user vsftpd

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#mkdir /etc/vsftpd/vconf

#cd /etc/vsftpd/vconf

#touch web1 web2 web3 

#mkdir -p /home/wwwroot/web1/http/

#mkdir -p /home/wwwroot/web2/http/

#mkdir -p /home/wwwroot/web3/http/

#vim web1

local_root=/home/wwwroot/web1/http/

write_enable=YES

anon_world_readable_only=NO

anon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

#vim web2

local_root=/home/wwwroot/web2/http/

write_enable=YES

anon_world_readable_only=NO

anon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

#vim web3

local_root=/home/wwwroot/web3/http/

write_enable=YES

anon_world_readable_only=NO

anon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

##############################################################################

11. Restart vsftpd server

=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======

#systemctl restart vsftpd.service

 

 

          ##############################################################################

 

  

                                Thank you for your reading!

                 That‘s all, at the same time, it‘s my pleasure to share something I know, hope it will be helpful for you.

  

 

          ##############################################################################

 

以上是关于Setup and Configure the vsftpd server in CentOS 7 operation system的主要内容,如果未能解决你的问题,请参考以下文章

[React Intl] Install and Configure the Entry Point of react-intl

configure: error: Bundled APR requested but not found at ./srclib/. Download and unpack the correspo

python安装失败提示“one or more issues caused the setup to fail . Please fix the issues and then retry set

Springboot异常--Identify and stop the process that‘s listening on port 9090 or configure this applicat

[Nuxt] Setup a "Hello World" Server-Rendered Vue.js Application with the Vue-CLI and Nuxt(

CodeForces 1084D The Fair Nut and the Best Path