Environment:
centos: 7.2 1.
Installation
1. Check if
rpm -qa |grep vsftpd is
installed 2. Install
yum install -y vsftpd
2. Firewall:
Check the firewall service status
systemctl status firewall
Check the status of the
firewall firewall-cmd --state
Check the firewall The rule
firewall-cmd --list-all
closes the firewall
service firewalld stop
systemctl disable firewalld.service #Prohibit the firewall to start up
Second , modify the configuration file
vim /etc/vsftpd/vsftpd.conf
:
Modify the configuration file as follows:
1. Do not allow anonymous access
anonymous_enable=NO
2. Allow the use of local accounts for FTP user login authentication
local_enable=YES
3. Make users unable to leave the home directory (remove the previous comment, and create a file chroot_list under /etc/vsftpd/ and add the specified user)
When chroot_list_enable=YES and chroot_local_user=YES, users listed in the /etc/vsftpd/chroot_list file can switch to other directories; users not listed in the file cannot switch to other directories.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
The configuration file adds
allow_writeable_chroot=YES at the end,
otherwise it will report an error
of 500 OOPS: vsftpd: refusing to run with writable root inside chroot() If /etc/vsftpd/chroot_list does not exist, Then you need to create the file vim /etc/vsftpd/chroot_list systemctl restart vsftpd.service There is a problem: ftp access is unsuccessful. Check the port netstat -lnt to find the default ip6 port occupancy Solution : close ip6 sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1 Modify /etc/vsftpd/ vsftpd.conf
listen_ipv6=NO
useradd -d /var/www/html -g ftp -s /sbin/nologin ftpuser
-d: specify the starting directory when the user logs in
-s /sbin/nologin The specified user can only be used for ftp login, Refuse the user to log in to the system
and pay attention to modifying the directory permissions, otherwise the file still cannot be uploaded.
Modify the password of the FTP user
passwd ftpuser
Problem: After ftpuser logs in to ftp to upload a file or create a new directory, if "550 create directory operation failed" appears, it
is SELinux (Security-Enhanced Linux- ---It is the implementation of mandatory access control by the US National Security Agency, and it is the most outstanding new security subsystem on Linux.) The installation mechanism is a ghost. Just disable SELinux.
PS: Close SELinux method
[root@CenOS ~ ]# vim /etc/selinux/config
Change SELINUX=XXX -->XXX represents the level
to
SELINUX=disabled
and restart is OK!
centos: 7.2 1.
Installation
1. Check if
rpm -qa |grep vsftpd is
installed 2. Install
yum install -y vsftpd
2. Firewall:
Check the firewall service status
systemctl status firewall
Check the status of the
firewall firewall-cmd --state
Check the firewall The rule
firewall-cmd --list-all
closes the firewall
service firewalld stop
systemctl disable firewalld.service #Prohibit the firewall to start up
Second , modify the configuration file
vim /etc/vsftpd/vsftpd.conf
:
Modify the configuration file as follows:
1. Do not allow anonymous access
anonymous_enable=NO
2. Allow the use of local accounts for FTP user login authentication
local_enable=YES
3. Make users unable to leave the home directory (remove the previous comment, and create a file chroot_list under /etc/vsftpd/ and add the specified user)
When chroot_list_enable=YES and chroot_local_user=YES, users listed in the /etc/vsftpd/chroot_list file can switch to other directories; users not listed in the file cannot switch to other directories.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
The configuration file adds
allow_writeable_chroot=YES at the end,
otherwise it will report an error
of 500 OOPS: vsftpd: refusing to run with writable root inside chroot() If /etc/vsftpd/chroot_list does not exist, Then you need to create the file vim /etc/vsftpd/chroot_list systemctl restart vsftpd.service There is a problem: ftp access is unsuccessful. Check the port netstat -lnt to find the default ip6 port occupancy Solution : close ip6 sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1 Modify /etc/vsftpd/ vsftpd.conf
listen_ipv6=NO
listen = YES
Restart the computer to take effect.
useradd -d /var/www/html -g ftp -s /sbin/nologin ftpuser
-d: specify the starting directory when the user logs in
-s /sbin/nologin The specified user can only be used for ftp login, Refuse the user to log in to the system
and pay attention to modifying the directory permissions, otherwise the file still cannot be uploaded.
Modify the password of the FTP user
passwd ftpuser
Problem: After ftpuser logs in to ftp to upload a file or create a new directory, if "550 create directory operation failed" appears, it
is SELinux (Security-Enhanced Linux- ---It is the implementation of mandatory access control by the US National Security Agency, and it is the most outstanding new security subsystem on Linux.) The installation mechanism is a ghost. Just disable SELinux.
PS: Close SELinux method
[root@CenOS ~ ]# vim /etc/selinux/config
Change SELINUX=XXX -->XXX represents the level
to
SELINUX=disabled
and restart is OK!