1. Install
yum install vsftpd
2. Edit Configuration
anonymous_enable = NO // prohibit anonymous account login
chroot_local_user=YES //开启chroot
chroot_list_enable=NO
dual_log_enable=YES //开启vsftpd.log
allow_writeable_chroot=YES
listen = YES // open listening mode IPv4
listen_port = 21 // native listener port 21
pasv_enable = YES // open pasv mode
pasv_address = *** // your server outside the network ip
pasv_min_port = 42001
pasv_max_port = 42020
pasv_promiscuous = YES // close the security check pasv mode
3. systemctl start vsftpd
4. In the default configuration, local user login the FTP can use the cd command to change to a different directory, this will be a security risk system. Directory may be controlled by the user to switch three profiles.
chroot_list_enable=YES/NO(NO)
Set whether to enable
chroot_list user list file _file configuration items specified. The default value is NO.
chroot_list_file=/etc/vsftpd.chroot_list
It is used to specify a user list file, which is used to control which users can switch to the parent directory user's home directory.
chroot_local_user=YES/NO(NO)
The user is used to specify a list of files in the user whether to allow the switch to the parent directory. The default value is
NO.
- When chroot_list_enable = YES, chroot_local_user = YES, the in / etc / the vsftpd users listed .chroot_list files can be switched to another directory; user not listed in the document, can not switch to another directory.
- When chroot_list_enable = YES, chroot_local_user = is NO, the / etc / the vsftpd users listed .chroot_list file, can not switch to another directory; user not listed in the document, can switch to another directory.
- When chroot_list_enable = NO, chroot_local_user = is YES, all users can not switch to another directory.
- When chroot_list_enable = NO, chroot_local_user = is NO, all the users can switch to another directory.