Hand-to-hand build Linux FTP service
Article Directory
SSH connection server
Open the terminal or other tools (you can connect remotely)
Configure vsftpd
vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc. It is a completely free, open source ftp server software that supports many other Features not supported by the FTP server. For example: very high security requirements, bandwidth limitations, good scalability, virtual users can be created, IPv6 support, high speed, etc.
vsftpd is the most respected FTP server program in Linux distributions . Features are small, light, safe and easy to use.
The commonly used FTPD suites in open source operating systems mainly include ProFTPD, PureFTPd, and wuftpd, etc.
installation
sudo yum install -y vsftpd
# sudo 使用管理员权限执行命令
# yum install -y backgroupname , -y: 安装过程中需确认默认为yes
The installation effect is as shown below
Verify installation
# 若正常出现版本号信息,则代表安装成功
vsftpd -verison
Anonymous user mode configuration
vsftpd (very secure FTP daemon) is the most respected FTP server in Linux distributions. vsftpd supports two access methods: anonymous access and local user mode. Anonymous access mode Any user can access the built FTP service; the local user mode only supports added local users to access the built FTP service.
Note: Only one of anonymous user mode and local user mode can be configured at the same time.
# 若没有在root下请使用sudo,否则将出现权限不足。而导致失败
sudo vim /etc/vsftpd/vsftpd.conf
# 进入之后找到(Link 29)anon_upload_enable = YES,i (vi/vim中切换为输入模式)
After editing, as shown in the figure below, press the ESC key to exit the editing mode, enter: wq to save and exit vim/vi.
Change the permissions of the /var/ftp/pub directory and add write permissions for FTP users.
chmod o+w /var/ftp/pub/
Restart service
systemctl restart vsftpd.service
Create a Linux user for FTP service
# 创建名为ftptest用户,权限为普通。(useradd 也可)
adduser ftptest
# 为其设置密码
passwd ftptest
# 创建一个供FTP服务使用的文件目录
sudo mkdir /var/ftp/test
# 更改/var/ftp/test目录的拥有者为ftptest。
chown -R ftptest:ftptest /var/ftp/test
Modify the vsftpd.conf configuration file.
To configure FTP to active mode, execute the following command:
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf #禁止匿名登录FTP服务器
sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf #监听IPv4 sockets
sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf #关闭监听IPv6 sockets
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf #全部用户被限制在主目录
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf #启用例外用户名单
sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf #指定例外用户列表文件,列表中的用户不被锁定在主目录
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf #设置本地用户登录后所在的目录
To configure FTP to passive mode, execute the following command:
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf #禁止匿名登录FTP服务器
sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf #监听IPv4 sockets
sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf #关闭监听IPv6 sockets
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf #全部用户被限制在主目录
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf #启用例外用户名单
sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf #指定例外用户列表文件,列表中的用户不被锁定在主目录
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf #设置本地用户登录后所在的目录
echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf #开启被动模式
echo "pasv_address=<FTP服务器公网IP地址>" >> /etc/vsftpd/vsftpd.conf #本教程中为ECS服务器弹性IP
echo "pasv_min_port=20" >> /etc/vsftpd/vsftpd.conf #设置被动模式下,建立数据传输可使用的端口范围的最小值
echo "pasv_max_port=21" >> /etc/vsftpd/vsftpd.conf #设置被动模式下,建立数据传输可使用的端口范围的最大值
Create a chroot_list file in the /etc/vsftpd directory, and write a list of exception users in the file.
# 使用vim命令编辑chroot_list文件,添加例外用户名单。此名单中的用户不会被锁定在主目录,可以访问其他目录。
vim /etc/vsftpd/chroot_list
# 没有例外用户时,也必须创建chroot_list文件,内容可为空。
# 重启 FTP服务
systemctl restart vsftpd.service
Client test
FTP client, Windows command line tool or browser can be used to test FTP server. (This step is only applicable to local users, the anonymous mode does not need to be tested)
Note: When an error occurs when using a browser to access the FTP server, it is recommended that you clear the browser cache and try again.
Open the Chrom browser and enter ftp://<FTP server IP address>:FTP port (21 by default) in the address bar,
The public IP address of the FTP server is the elastic IP address of the ECS server . For example: ftp://139.0.0.1:21.
In the pop-up dialog box, enter the user name and password.
m browser, enter ftp://<FTP server IP address>:FTP port (21 by default) in the address bar,
The public IP address of the FTP server is the elastic IP address of the ECS server . For example: ftp://139.0.0.1:21.
In the pop-up dialog box, enter the user name and password.