1、必须关掉selinux iptables
setenforce 0 或 vi /etc/selinux/config disable
service iptables stop 或 chkconfig iptables off
2、根目录权限必须为755 用户为root
默认根目录位置为/var/ftp
可以通过修改ftp用户的家目录,修改为其它目录
3、有写权限的目录为根目录的子目录,且权限为777
/var/ftp/pub
#/etc/pam.d/vsftpd session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_user account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_user account include password-auth auth required pam_shells.so auth include password-auth account include password-auth session required pam_loginuid.so session include password-auth
这两行
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_user account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_user
需在
account include password-auth auth required pam_shells.so
之前
添加虚拟用户文件
#/etc/vsftpd/virtual_user user1 passwd1
db_load -T -t hash -f /etc/vsftpd/virtual_user /etc/vsftpd/virtual_user.db
修改vsftpd的配置文件
#/etc/vsftpd/vsftpd.conf anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES guest_enable=YES guest_username=ftp virtual_use_local_privs=YES user_config_dir=/etc/vsftpd/vconf
给someuser用户配置权限
/etc/vsftpd/vconf/user1 local_root=/opt/ftp/pub anonymous_enable=NO write_enable=YES local_umask=022 anon_upload_enable=YES anon_mkdir_write_enable=YES
重启service vsftpd restart
修改目录位置
local_root=/opt/ftp anon_root=/opt/ftp
防火墙设置
ftp pasv_enable=YES pasv_min_port=10000 pasv_max_port=10010 iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 10000:10010 -j ACCEPT