Ali cloud ECS server installation and configuration vsftpd Linux CentOS7
1. Check whether the installation vsftp
rpm –qa|grep vsftpd
2. Install vsftp
yum -y install vsftpd
3. Configure vsftpd service
vim /etc/vsftpd/vsftpd.conf
Press i to enter the edit mode
DESCRIPTION vsftpd.conf common setpoint
3.1 compared with the set value associated with the server environment
-
connect_from_port_20 = YES (NO)
port number of the FTP server active line use. -
= 21 is LISTEN_PORT
the vsftpd command channel port used in this setting is only suitable way to start stand alone! (For super daemon invalid). -
dirmessage_enable = YES (NO)
when a user enters a directory, displays the contents of the directory is to be noted, the default display file is .message, you can use the following setting items to revise! -
message_file = .message
when dirmessage_enable = YES, you can set the program to allow vsftpd to find the file to display the message! -
listen = YES (NO)
If the setting is represented vsftpd is YES standalone mode to start! Default is NO! So CentOS will change it to YES, in order to use stand alone way to wake up. -
pasv_enable = YES (NO)
passive mode supports online data stream (passive mode), must be set to YES. -
write_enable = YES (NO)
if you allow users to upload data, it is necessary to start the set value. -
use_localtime = YES (NO)
whether to use local time? vsftpd preset time in GMT (Greenwich), the file date within a preset FTP Taiwan than 8 hours later, proposed changes set to YES! -
banner_file = / path / file
this project can specify a file as plain text welcome words when user logs vsftpd server displays. At the same time, also can put some of this to let users know the directory structure of the FTP server.
3.2 more entities associated with the user settings
-
guest_enable = YES (NO)
If this value is set to YES, then any entity accounts, will be assumed to be the guest Oh (so default is not open)! As visitors vsftpd which, by default get the privilege to ftp to this user. But it can be modified through guest_username. -
guest_username = ftp
take effect when guest_enable = YES, specify it as a guest. -
local_enable = YES (NO)
This value must be set, the account in the / etc / passwd is to sign our vsftpd server is YES to the user entity's way. -
chroot_local_user = YES (NO)
in the case of default, whether to restrict the user in their home directory of the (chroot)? If YES on behalf of the user's default will be chroot, if it is NO, then the default is no chroot. However, two actual parameters still need each other under the reference job. For safety, there should be set to YES to do. -
chroot_list_enable = YES (NO)
is functioning chroot written list of enabled? And chroot_list_flie under the relevant! The project was to be open, otherwise the bottom of the list file will be invalid.
3.3 anonymous login set value
-
anonymous_enable = YES (NO)
is set to allow anonymous visit our vsftpd host! Default is YES, all set beneath all this needs to be set to take effect after anonymous_enable = YES! -
anon_world_readable_only = YES (NO)
allows only anonymous having jurisdiction readable file, the default is YES -
anon_other_write_enable = YES (NO)
whether to allow anonymous permissions in addition to having written? Including deleting and rewriting file permissions and file name, etc. on the server. Of course, the default is NO! If you want to set to YES, then open to anonymous written permission of directories also need to be adjusted, so that the owner vsftpd PID can be written down. -
anon_mkdir_write_enable = YES (NO)
whether to allow anonymous have permission to create the directory? The default value is NO! If you want to set to YES, then anony_other_write_enable must be set to YES! -
anon_upload_enable = YES (NO)
whether to allow anonymous has the function of uploading data, the default is NO, if you want to set to YES, anon_other_write_enable = YES must be set.
3.4 Some set value on system security
-
ascii_download_enable = YES (NO)
If set to YES, then the client will take precedence (the default) to download files using ASCII format. -
ascii_upload_enable = YES (NO)
and set on a similar, but in terms of the settings for uploading! Default is NO. -
tcp_wrappers = YES (NO)
Of course, we are used to support TCP Wrappers friends! Therefore, it is set to YES! -
one_process_model = YES (NO)
This setting is a little more dangerous - when the project is set to YES, representing each established connection will have a process in charge, you can increase the effectiveness of vsftpd. However, unless your system more secure, and hardware equipment is relatively high, or likely to run out of system resources Oh! General recommendations set to NO. -
nopriv_user = nobody
our vsftpd default permissions for this to nobody as a service performer. Because permissions nobody is quite low, so even if the invasion, the invaders can only get nobody's permission.
4. Add users
4.1 Run the following command to create a Linux user for the FTP service. In this example, the user name ftptest.
useradd ftptest
4.2 ftptest run the following command to modify user's password.
passwd ftptest
4.3 Creating a file directory for the FTP service uses.
mkdir / var / ftp / test
Owner 4.4 Change / var / ftp / test directory is ftptest.
chown -R ftptest:ftptest /var/ftp/test
5. Set the security group
After set up the FTP site, you need to add the following FTP port clearance rules in the direction of instances security group, follow these steps:
5.1 ECS server to find their strength in aliyun list page, click the instance ID / Name
5.2 Selecting this instance security group, configuration rules
5.3 add the security group rules
5.4 add port 21 and an authorization object, which represents the 0.0.0.0/0 to allow or deny access to all IP
Above is the detailed steps and instructions ECS Ali cloud server Linux CentOS7 installation and configuration of vsftpd.
