1, check whether they have installed vsftpd
vsftpd -version
2, mounting the vsftpd ( CentOS7 )
yum install -y vsftpd
3, the new FTP directory
FTP directory is created as follows:
/data/KodServer/data/User/tomas/home
4. Create a new user
ftpname ftp created for you for a user name, / data / KodServer / data / User / tomas / home position after log in
useradd -d /data/KodServer/data/User/tomas/home -s /bin/bash ftpname
5, set a password for the new user
passwd ftpname
[Note: / passwd user can view the current system with a cat etc]
6, set the home directory (the directory you see when you log in to change, individuals need to look for changes, if step 4 has been set, this step can be ignored)
usermod -d /data/KodServer/data/User/tomas/home ftpname
7, add the user group (this step can be ignored)
groupadd ftpgroup
8, firewall add FTP service
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload
Solution:
①, see the ftp Selinux status: sestatus -b | grep ftp
②, the result can be seen: ftp_home_dir OFF
③, the status to ON: setsebool -P ftp_home_dir ON
④, Restart vsftp service: systemctl restart vsftpd.service
setsebool -P ftpd_full_access on
systemctl restart firewalld.service
9, the configuration can only access its own directory (/ data / KodServer / data / User / tomas / home), you can not access other paths
Modify /etc/vsftpd.conf
cd /etc/vsftpd/
vi vsftpd.conf
#去掉前面的注释
chroot_local_user=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#文件末尾添加
allow_writeable_chroot=YES
Save and restart vsftpd
Set boot:
systemctl enable vsftpd.service
Start vsftpd service
systemctl start vsftpd.service
Ftp ban users log on ftp server via port 22:
Because of the need to limit ftp users in their own directory, no problem at port 21, but when the user ftp with sftp login, you can still access the parent directory, so the ban ftp user ssh login, cutting off communication port 22.
First, run the following command to find the nologin shell :
vi /etc/shells
You can see forbid login shell file / usr / sbin / nologin, then execute the following command:
usermod -s /usr/sbin/nologin tomas
If you want to restore the tomas ssh login, execute the following command:
usermod -s /bin/bash tomas