When the Wanwang server is set up, there will be a phenomenon that the connection cannot be timed out because port 21 is not opened. It is necessary to open port 21 in the security group and security group rules of Wanwang.
It can be successfully connected
This article test environment
1, CentOS 7
2, test server IP 192.168.1.170
1. Install and start the FTP service
1.1 Install VSFTPD
yum
Install using vsftpd
yum install -y vsftpd
1.2 Start VSFTPD
After the installation is complete, start the FTP service:
service vsftpd start
After startup, you can see that the system has listened to port 21:
netstat -nltp | grep 21
At this point, visit ftp://192.168.1.170 to browse the /var/ftp directory on the machine.
2. Configure FTP permissions
2.1 Understanding VSFTP Configuration
The configuration directory of vsftpd is /etc/vsftpd, which contains the following configuration files:
- vsftpd.conf is the main configuration file
- ftpuusers Configure the list of users who are forbidden to access the FTP server
- user_list configure user access control
2.2 Block anonymous access and switch root directories
Anonymous access and switching root directories both bring security risks to the server, and we turn off these two features.
Edit /etc/vsftpd/vsftpd.conf, find the following two configurations and modify them:
# 禁用匿名用户 12 YES 改为NO
anonymous_enable=NO
# 禁止切换根目录 101 行 删除#
chroot_local_user=YES
After editing, save the configuration and restart the FTP service
service vsftpd restart
2.3 Create FTP user
create a user ftpuser
useradd ftpuser
Set password for user ftpuser
echo "javen205" | passwd ftpuser --stdin
2.4 Restrict the user to access only through FTP
Restrict users ftpuser
to access the server only through FTP, and not directly log in to the server:
usermod -s /sbin/nologin ftpuser
2.5 Assign home directories to users
ftpuser
Create a home directory for the user and agree:
/data/ftp
Main directory, this directory cannot upload files and /data/ftp/pub
files can only be uploaded to this directory
/data
Create the relevant directory in
mkdir -p /data/ftp/pub
2.5.1 Create a login welcome file
echo "Welcome to use FTP service." > /data/ftp/welcome.txt
Set access rights
chmod a-w /data/ftp && chmod 777 -R /data/ftp/pub
Set to the user's home directory:
usermod -d /data/ftp ftpuser
3. Access FTP
According to your personal working environment, choose a way to access the FTP service that has been built
Note: Remember to close the firewall or open the FTP default port (21)
# 关闭SELinux服务
setenforce 0
# 关闭防火墙
iptables -F
- Access via Windows Explorer
Windows users can copy the link below
to access the Explorer's address bar:
ftp://ftpuser:javen205@192.168.1.170
where ftpuser
is the username javen205
for logging in to FTP, and is the password for logging in to FTP
- Access via FTP client tool
There are many FTP client tools, two commonly used ones are recommended below:
WinSCP - FTP and SFTP connection client for Windows
FileZilla - Cross-platform FTP client, supports Windows and Mac