使用vsftpd搭建FTP服务器详解
一、安装vsftpd服务程序
[root@VM_0_12_centos ~]# yum install vsftpd
二、关闭本机的firewall
[root@VM_0_12_centos ~]# systemctl stop firewalld.service
[root@VM_0_12_centos ~]# systemctl disable firewalld.service
三、安装FTP服务
[root@VM_0_12_centos ~]# yum install ftp
四、编辑vsftpd的配置文件
[root@VM_0_12_centos ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
解释:
禁止匿名访问模式
允许本地访问模式
设置可写权限
本地用户模式创建文件的umask值
本地访问模式是通过Linux系统本地的账号密码信息进行认证的模式,相对较安全
五、重启vsftpd服务程序并将配置好的服务添加到开机启动项
[root@VM_0_12_centos ~]# systemctl restart vsftpd
[root@VM_0_12_centos ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
六、这时发现使用root管理员登录失败
[root@VM_0_12_centos ~]# ftp 172.21.0.12
Connected to 172.21.0.12 (172.21.0.12).
220 (vsFTPd 3.0.2)
Name (172.21.0.12:root): root
530 Permission denied.
Login failed.
ftp>
七、查询相关资料发现vsftpd服务程序的两个“用户名单”文件(user_list、ftpusers禁止了root管理员登录,应该是出于安全的考虑)
[root@VM_0_12_centos ~]# cat /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@VM_0_12_centos ~]# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@VM_0_12_centos ~]# vim /etc/vsftpd/user_list
删除root
[root@VM_0_12_centos ~]# vim /etc/vsftpd/ftpusers
删除root
八、再次在本地尝试用root登录,成功了。
[root@VM_0_12_centos ~]# ftp 172.21.0.12
Connected to 172.21.0.12 (172.21.0.12).
220 (vsFTPd 3.0.2)
Name (172.21.0.12:root): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
九、创建新用户
[root@VM_0_12_centos ~]# useradd herrychen
[root@VM_0_12_centos ~]# passwd herrychen
Changing password for user herrychen.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
十、开启SELinux域中对FTP服务的允许策略。
[root@VM_0_12_centos ~]# getsebool -a | grep ftp
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@VM_0_12_centos /]# setsebool -P ftpd_full_access=on
十一、用创建的新用户登录,分别执行文件的创建、重命名及删除等命令,操作均成功!
[root@VM_0_12_centos /]# ftp 172.21.0.12
Connected to 172.21.0.12 (172.21.0.12).
220 (vsFTPd 3.0.2)
Name (172.21.0.12:root): herrychen
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files
257 “/home/herrychen/files” created
ftp> rename files database
350 Ready for RNTO.
250 Rename successful.
ftp> rmdir database
250 Remove directory operation successful.
ftp> exit
221 Goodbye.
十二、
桥接的windows系统ftp://x.x.x.x也可以正常访问了。
