Vsftpd server case installation
1) Case : The configuration allows only local users to access, allows system users to upload and download, create, and delete permissions, restrict users from leaving the home directory (chroot), limit the download rate, limit the permissions of users uploading files (mask), etc., set Set /var/ftp/local as the local user upload, create, delete, and download directory
-
Set profile
[root@vm vsftpd]# vi /etc/vsftpd/vsftpd.conf
# 禁止匿名用户访问
anonymous_enable=NO
# 与本地用户相关的参数
local_enable=YES
write_enable=YES
local_root=/var/ftp/local
local_umask=022
# 配置vsftpd服务器端口
connect_from_port_20=YES
listen_port=21
# 限制下载速率及客户端连接数
max_clients=5
max_per_ip=2
local_max_rate=2000000
# 配置chroot,实现所有除chroot_list定义的用户外,其他用户均被chroot
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
# 配置用户访问vsftpd白名单,即user_list文件中的用户允许访问,其他用户不允许登录
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
# 配置日志
xferlog_enable=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
# 配置提示信息
ftpd_banner=Welcome Access itwish.cn FTP service.
dirmessage_enable=YES
message_file=.message
# 服务器相关其他配置
use_localtime=YES
ascii_upload_enable=YES
ascii_download_enable=YES
listen=NO
pam_service_name=vsftpd
tcp_wrappers=YES
[root@vm ~]# service xinetd restart # 通过重启xinetd服务,实现vsftpd服务的重新启动,重读配置信息
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
-
Add users and configure user root directory permissions
[root@vm local]# groupadd -r fmadmin # 添加系统组fmadmin
[root@vm local]# useradd -r -s /sbin/nologin -g fmadmin fmadmin # 添加用户fmadmin,属于fmadmin组,并禁止登陆
[root@vm local]# useradd -r -s /sbin/nologin -g fmadmin fmuser
[root@vm local]# echo fmadmin | passwd --stdin fmadmin # 配置登录密码
Changing password for user fmadmin.
passwd: all authentication tokens updated successfully.
[root@vm local]# echo fmuser | passwd --stdin fmuser
Changing password for user fmuser.
passwd: all authentication tokens updated successfully.
[root@vm ~]# mkdir /var/ftp/local # 创建用户根目录
[root@vm ~]# chmod 775 /var/ftp/local/ # 配置文件夹权限
[root@vm ~]# chown fmuser:fmadmin /var/ftp/local/ # 配置文件夹属性-
Configure chroot file
[root@vm local]# touch /etc/vsftpd/chroot_list # 创建chroot_list 文件
[root@vm local]# vi /etc/vsftpd/chroot_list # fmadmin用户不会被chroot ,其他所有用户被chroot
fmadmin-
Configure user_list user whitelist
[root@vm ~]# vi /etc/vsftpd/user_list # 配置允许登陆vsftpd的用户白名单
fmuser
fmadmin[root@vm local]# vi /var/ftp/local/.message
欢迎访问 itwish FTP 服务器
该目录可允许本地用户上传、下载、删除等权限
感谢使用Then you can use ftp to test it! ! ! The above configuration file is transferred from: https://blog.51cto.com/itwish/2174058
You may also encounter various problems
code show as below
1. setebool -P ftpd_disable_trans 1
2. service vsftpd restart
If you solve it, don’t look down, otherwise look down another way.
We need to set allow_ftpd_full_access to 1.
code show as below
[root@umboyserver vsftpd]# setsebool allow_ftpd_full_access 1
[root@umboyserver vsftpd]# setsebool allow_ftpd_use_cifs 1
[root @ umboyserver vsftpd] # setsebool allow_ftpd_use_nfs 1
[root @ umboyserver vsftpd] # setsebool ftp_home_dir 1
centos7: setsebool tftp_home_dir 1
[root@umboyserver vsftpd]# setsebool httpd_enable_ftp_server 1
[root @ umboyserver vsftpd] # setsebool tftp_anon_write 1
[root@umboyserver vsftpd]# service vsftpd restart
View the setting status with sestatus -b | grep ftp
The above is transferred from https://blog.csdn.net/demo_deng/article/details/9622559
May also encounter other problems
Add in vsftpd.conf
pasv_enable=YES
pasv_min_port=6000
pasv_max_port=7000
And open these ports in the Alibaba Cloud background, otherwise it will never be connected
500 OOPS: priv_sock_get_result
seccomp_sandbox=NO
Reboot