centos configure vsftpd service 2

ftp building

First, set up the premise of
a, ssh service is turned on, b, turn off the firewall, c, networking
1, ssh and view the status of the firewall
Service sshd Status
Service Status iptables

2, open SSH
Service Start sshd

3, turn off the firewall
chkconfig iptables off

4, test whether the Internet

Second, install and open the tftp and vsftpd
# yum install tftp
# yum install vsftpd
#chkconfig vsftpd ON
#chkconfig tftp ON

Service vsftpd start
service vsftpd start
to see the state of vsftpd start
service vsftpd status

Third, open ports 21 and 20
# / sbin / iptables the INPUT -p tcp --dport the -I 21 -j ACCEPT
# / sbin / iptables the INPUT -p tcp --dport the -I 20 -j ACCEPT
# /etc/rc.d /init.d/iptables save

Fourth, add ftp user
* add into the next vsftpd under etc
#cd / etc / vsftpd /
# useradd-ftpuser
#passwd ftpuser

Fifth, modify the configuration file vsftpd.conf
#vi /etc/vsftpd/vsftpd.conf
. 1, the first row anonymous_enable = YES, instead NO
** ftpusers: located in the / etc / vsftpd / directory. It specifies which users can not access the FTP server account, such as root and so on.
** user_list: the / etc / directory under vsftpd. The documents in the default user account can not access the FTP server, enable userlist_enable only when vsftpd .conf configuration file = NO option if access is allowed.

Sixth, restart the service
service vsftpd restart

Seven open SELinux
1, getsebool -a | grep ftp: whether to open the ftp is supported under SELinux view
the allow_ftpd_full_access -> OFF,
ftp_home_dir -> OFF are changed on.

#setsebool ftp_home_dir 1
#setsebool allow_ftpd_full_access 1

(* If getsebool appear: SELinux is disabled error, need to re-open the SELinux
#vi etc / SELinux / config
* = enable SELinux
* restart linux, open selinux)

ftp login
1, ftp + ip address
2, name:
3, password:
4, returns Login successful Login successful

ftp directory operations
1, ls: list all the files in the current folder
2, cd: linux operating the same switching position and

ftp file download
1, lcd: downloading to the designated location (eg: LCD C: \ Test \)
2, GetFile: download the file (eg: get index.html to a specified location and blind ah)
mgetfile: downloading a plurality of files (eg : mget * .xls download all files xls suffix)

ftp file upload
1, put file: upload files to a specified ftp upload the file location
mput file: Upload multiple files

Close ftp
1, bye 2, exit 3, quit

ftp build issues
500 OOPS: can not change directory: / home / ***
is the path to the directory error Solution:
Add or change the default access path to the file in the configuration file
was added last local_root = / home in vsftpd.conf:'ll login default access this file folder path

*** ftp permission settings (lower /etc/vsftpd/vsftpd.conf) ***
. 1, and finally adding chroot_local_user = YES in the configuration file
or the configuration of chroot_local_user = YES # '#' to remove all local users to limit the a folder for a given access path
if only limit the number of users, the
chroot_local_user NO =
# = YES chroot_list_enable
# (default Follows)
# = the chroot_list_file / etc / the vsftpd / chroot_list
// remove the '#', chroot_local_user to NO
: the user will want to limit added to this file inside

Specific configuration:

The configuration given /etc/vsftpd/vsftpd.conf default setting function

# Example config file /etc/vsftpd/vsftpd.conf

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

Allow anonymous user login

# Uncomment this to allow local users to log in.

local_enable=YES

The system allows the user login name

# Uncomment this to enable any form of FTP write command.

write_enable=YES

It allows any FTP can modify the file system command

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

New local user file permissions

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

Allow anonymous users to upload files

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

Allow anonymous users to create new directories

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

It allows you to display information for the directory configuration, display the contents of each file directory of message_file

# Activate logging of uploads/downloads.

xferlog_enable=YES

Turn on journaling

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

Port 20 using a standard connection ftp

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

All anonymous users to upload your files will be changed to chown_username

#chown_username=whoever

Upload your user name anonymous file

# You may override where the log file goes if you like. The default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

Log File Location

# If you want, you can have your log file in standard ftpd xferlog format

xferlog_std_format=YES

Using a standard format

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

Idle connection timeout

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

Data transmission timeout

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

When the user name used to run the server when the bottom

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

Allows the use of \ "async ABOR \" command, generally do not, error-prone

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

ASCII mode control is available to upload. The default value is NO

#ascii_download_enable=YES

ASCII mode control is available for download. The default value is NO

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

Display a welcome message when login. If you set this setting is invalid banner_file

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

If the anonymous user password is required, use banned_email_file inside the e-mail address of the user can not log in

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

E-mail address as a password when users log in prohibiting the use of anonymous

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

If you enable this feature, all users listed in chroot_list_file can not be changed in the root directory

# (default follows)

#chroot_list_file=/etc/vsftpd/chroot_list

You can not change the definition of a user's home directory file

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

Can you use ls -R command to prevent waste a lot of server resources

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

listen=YES

Listen_port bound to the specified port, since all that is bound to have open every time, is that what

standalone mode

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd whith two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

pam_service_name=vsftpd

Defines the name used by PAM, by default vsftpd

userlist_enable=YES

If this option is enabled, userlist_deny option was only starting

tcp_wrappers=YES

Support open tcp_wrappers