linux ftp server environments to build vsftp

First, the server resources

Server: Ali cloud CentOS 7.3

Second, the installation deployment

Whether Detecting installed

rpm -qa | grep vsftpd // if the corresponding version information appears to indicate that you have installed such as: vsftpd-3.0.2-25.el7.x86_64

Otherwise, execute the following command to install:

yum install -y vsftpd

Wait for the installation to perform the detection end command to view the corresponding version information indicates a successful installation.

Third, configure the boot

1, the configuration file Roundup:

• vsftp default installation directory is: / etc / vsftpd / directory into the change you will see the following files:

/etc/vsftpd/vsftpd.conf // vsftpd core configuration file

/ Etc / vsftpd / ftpusers // used to specify which users can not access the FTP server. The default login is disabled list

/ Etc / vsftpd / user_list: // ftp login Custom user list, explain the specific role later

• Furthermore, in order to control user login directory permissions, our own and then create a sub-directory under the following files:
  

/ Etc / vsftpd / chroot_list // login user can control out of its list of the user's home directory, to explain the specific role later

2, create ftp user login:

Usually we recommend you open an anonymous user logs on using a local user (user vsftp system deployment server), so creating a local user here, to prepare a list of relevant user configuration vsftp to be used:

• Create a user: useradd -d [user name] user's home directory

Note: Execute the following command to create a user seally, specify and create the home directory is / usr / local / ftpworkspace / seally

useradd  -d  /usr/local/ftpworkspace/seally seally

• Set the user password: passwd [username]
  

passwd seally // followed prompted for a password

Note: generally used for ftp login account, it is best to disable login ssh, so we can execute the following command to disable the account login server developed: [account chsh -s / sbin / nologin]

chsh seally -s /sbin/nologin

3, start the configuration:

• Edit user_list, will account seally added to the file (if the original list of users, you can delete all the default user then add each user on a separate line)

• Edit ftpusers, clean out the original list of all users by default, this file is user ftp user blacklist, add the default account which can not login. If you want to disable certain exceptional circumstances into account need to be configured.

• Edit vsftpd.conf, clean out all the old configuration, go to the core configuration, as posted a core configuration, with appropriate modifications to copy the past:

#vsftp core configuration examples: /etc/vsftpd/vsftpd.conf

# Allow local users to write files to YES

write_enable=YES

# Open the directory can be written to limit the list of all the startup directory is set to YES otherwise limit the functionality a user can not log in

allow_writeable_chroot=YES

# Enable uploading and downloading log records

xferlog_enable=YES

# Set the log directory

xferlog_file=/var/log/xferlog

# Enable Logging Format

xferlog_std_format=YES

# Open active mode data transfer in the case of using the default port 20

connect_from_port_20=YES

# Set the timeout idle connections

idle_session_timeout=6000

# Set the data transmission timeout

data_connection_timeout=1200

# Whether to enable the independent monitor

listen=YES

# Custom Service listening port

listen_port=21

pam_service_name=vsftpd

# Enable host access control mechanism, set to YES

tcp_wrappers=YES 

# For safety, turn off anonymous access is configured to NO

anonymous_enable=NO

# Disable anonymous users to upload files to open even if NO also need write_enable = YES

anon_upload_enable=NO

# Disable anonymous users to create files in the directory is set to NO

anon_mkdir_write_enable=NO

# Enable local login account configured to YES

local_enable=YES

# Set the main directory of the local account login, set up after not set or does not exist then the path will log in to their home directory

local_root=/usr/local/ftpworkspace/

The default file mask (022 to 755 represent the final file permissions) # device users to upload local files

local_umask=022

# Restrict all users can use in their own home directory

chroot_local_user=YES

# Limit switch is enabled directory exclusion list feature

chroot_list_enable=YES

# Specify the directory path switching preventing exclusion list file, which you create yourself chroot_list file

chroot_list_file=/etc/vsftpd/chroot_list

# List of Log restriction type NO = user_list list of users can log list YES = not user logon

userlist_deny=NO

# Login is enabled user_list limit list feature

userlist_enable=YES

# Log file path list (each user on a separate line)

userlist_file=/etc/vsftpd/user_list

Note: the vsftpd.conf comparison file about the two configurations as follows:

• About registration list  
  

Determined by three configuration items [userlist_deny, userlist_enable, userlist_file], if userlist_deny configured to NO means allow users to log userlist_file in, if userlist_deny set to YES means that the user login refuse userlist_file in, userlist_enable indicate whether to enable userlist_file custom user users list, userlist_file the account open after the control userlist_deny = nO when able to log on, when userlist_deny = YES userlist_file users can not log on, so we would usually userlist_deny configured to nO, will be added to the assigned account userlist_file in in order to achieve a user can log on only allocated.

• Change directory on the restriction list 

[Allow_writeable_chroot, chroot_local_user, chroot_list_enable, chroot_list_enable, chroot_list_file] decided by four configuration items, allow_writeable_chroot all set to YES, or after chroot_local_user open the user is not able to log on (temporarily unknown reason, through testing found that the phenomenon), chroot_local_user indicates whether restrictions All the users can switch in the main directory, YES = means that all users can switch in the main directory, NO = indicates that all users can switch in any directory, for convenience of security management is usually set to YES, chroot_list_enable indicating whether added as chroot_local_user exclusion limit add user, if set to YES indicates chroot_list_file is unrestricted chroot_local_user, and just the opposite sense, i.e., if all users limit chroot_local_user = YES, then the chroot_list_file user can switch the unlimited directory, if chroot_local_user = nO does not restrict all users, then chroot_list_file users are not so free, only to switch in your home directory.

In summary:

Login control composition is normally provided in the following:

userlist_deny = NO, userlist_enable = YES, userlist_file added to allow login account.

Content switching control compositions set as follows:

chroot_local_user = YES, chroot_list_enable = YES, chroot_list_file added to allow out of their home directory account.

4, start the service, access the test browser:

• Execute the following command to start the service:

/bin/systemctl  restart  vsftpd.service

Login using java client browser or enter the address  ftp://www.seally.cn/  which www.seally.cn deployment vsftp server name or ip, you can log in accordance with the pop-up prompt for user and password seally .

Fourth, extended configuration

    Usually when we're creating a new user after specifying its good home directory, add the new user to login ftp user list file, restart the ftp service new users will be able to log in while the user ftp's working directory will also limit in their home directory, you can upload files to the designated directory, ftp master configuration file can only specify a home directory, so we can only put a lot of the user's home directory established under this main directory, so there is a disadvantages, different users can see someone else's directory, so we further expand its home directory specified separately for different users, to shield it sees someone else's directory:

Here if they added a new ftp user seally2, two current user's home directory is:

seally  -->  /usr/local/ftpworkspace/seally

seally2  -->  /usr/local/ftpworkspace/seally2

    Local user's home directory Our main configuration file vsftpd.conf set to: local_root = / usr / local / ftpworkspace /

Therefore account seally, after seally2 login will enter / usr / local / ftpworkspace / being able to see each other's home directory, although it can not upload files to the home directory to one another, but also not appropriate, thus increasing their home directory configuration to avoid this problem:

• Creating a multi-user profile directory:

mkdir  /etc/vsftpd/userconfig

• Access to the configuration directory, and user name to establish such a document at the same need to create a separate login directory seally:

vi seally and enter: local_root = / usr / local / ftpworkspace / seally then save.

vi seally2 and enter: local_root = / usr / local / ftpworkspace / seally2 then save.

• Edit the main configuration file vsftpd.conf add the following configuration items:

user_config_dir=/etc/vsftpd/userconfig/

• Restart services placed under two different files in their home directory accounts can log in to view validation!