Uninstall vsftpd
- If you have installed the vsftpd service before, you need to uninstall it first
- View vsftpd in the current server:
rpm -qa|grep vsftpd For example, the execution result is: vsftpd-2.2.2-13.el6_6.1.x86_64 - Perform uninstallation: rpm -e vsftpd-2.2.2-13.el6_6.1.x86_64
- Delete the remaining files: rm -rf /etc/vsftpd
- Run the following command to install vsftpd: dnf install -y vsftpd
- Run the following command to set the FTP service to start automatically after booting: systemctl enable vsftpd.service
- Run the following command to start the FTP service systemctl start vsftpd.service
- Run the following command to view the port monitored by the FTP service. netstat -antup | grep ftp
Configure local users to access the FTP server
- Run the following command to create a Linux user for the FTP service: adduser ftptest
- Run the following command to change the password of the ftptest user. passwd ftptest
- Run the following command to create a file directory for FTP service. mkdir /var/ftp/test
- Run the following command to change the owner of the /var/ftp/test directory to ftptest. chown -R ftptest:ftptest /var/ftp/test
- Modify the vsftpd.conf configuration file
- Run the following command to open the configuration file. vim /etc/vsftpd/vsftpd.conf
- Press i to enter edit mode
- #Except for the parameters mentioned below, keep the default values for other parameters.
#修改下列参数的值 #禁止匿名登录FTP服务器 anonymous_enable=NO #允许本地用户登录FTP服务器 local_enable=YES #监听IPv4 sockets listen=YES #在行首添加#注释掉以下参数,关闭监听IPv6 sockets #listen_ipv6=YES #添加下列参数 #设置本地用户登录后所在目录 local_root=/var/ftp/test #全部用户被限制在主目录 chroot_local_user=YES #启用例外用户名单 chroot_list_enable=YES #指定例外用户列表文件,列表中用户不被锁定在主目录 chroot_list_file=/etc/vsftpd/chroot_list #开启被动模式 pasv_enable=YES allow_writeable_chroot=YES #本教程中为Linux实例公网IP pasv_address=<FTP服务器公网IP地址> #设置被动模式下,建立数据传输可使用的端口范围的最小值 pasv_min_port=<port number> #设置被动模式下,建立数据传输可使用的端口范围的最大值 pasv_max_port=<port number>6 Create a chroot_list file and write a list of exception users in the file.
1 Run the following command to create the chroot_list file. vim /etc/vsftpd/chroot_list
2 Press i to enter the editing mode, and add the user name just created to the file
3 Press Esc to exit the editing mode, then type: wq and press Enter to save and close the file.
7 Run the following command to restart the vsftpd service.
systemctl restart vsftpd.service
- #Except for the parameters mentioned below, keep the default values for other parameters.
Set up security group
After setting up the FTP site, add rules in the inbound direction of the instance security group and allow the following FTP ports. The FTP passive mode requires opening port 21 and all ports between the parameters pasv_min_port and pasv_max_port in the configuration file /etc/vsftpd/vsftpd.conf.
Use FileZilla client tool for test access
Add other ordinary users (only read permission, cannot upload and modify files)
useradd -d /home/ftptest test //Add a user and specify the folder to be accessed
vim /etc/vsftpd/chroot_list //Edit this file and add the user just added to the file