1, FTP installation
# Install yum install - the y-vsftpd # Set boot systemctl enable vsftpd.service # start systemctl Start vsftpd.service # stop systemctl STOP vsftpd.service # view the status systemctl status vsftpd.service
2, configure the FTP
# Open configuration file Vim / etc / the vsftpd / the vsftpd.conf # display line numbers : Number SET # modify the configuration of the line 12 anonymous_enable = NO # modify the configuration of the line 33 anon_mkdir_write_enable = YES # modify the configuration of the line 48 chown_uploads = YES # modify the configuration of 72 rows async_abor_enable = YES # modify the configuration of the line 82 ascii_upload_enable = YES # modify the configuration of the line 83 ascii_download_enable = YES # modify the configuration of the line 86 ftpd_banner = available for purchase to the FTP-Service blah. # modify the configuration lines 100 chroot_local_user = YES #添加下列内容到vsftpd.conf末尾 use_localtime=YES listen_port=21 idle_session_timeout=300 guest_enable=YES guest_username=vsftpd user_config_dir=/etc/vsftpd/vconf data_connection_timeout=1 virtual_use_local_privs=YES pasv_min_port=40000 pasv_max_port=40010 accept_timeout=5 connect_timeout=1 allow_writeable_chroot=YES
3, the establishment of user files
# Create a user to edit a file vim / etc / vsftpd / virtusers # first acts user name, password second behavior. You can not use root as the user name xiaoftp 123456
4, generates a user data file
-T -t hash db_load -f / etc / vsftpd / virtusers / etc / vsftpd / virtusers.db # set the PAM authentication file and specify the virtual user database file for reading chmod 600 /etc/vsftpd/virtusers.db
5, modify /etc/pam.d/vsftpd file
# Before the amendment back up cp /etc/pam.d/vsftpd /etc/pam.d/ vsftpd.bak vi /etc/pam.d/ vsftpd # first configuration file and all the Central Plains and some auth configuration line account of all comments off the auth Sufficient /lib64/security/pam_userdb.so DB = / etc / the vsftpd / virtusers Account Sufficient /lib64/security/pam_userdb.so DB = / etc / the vsftpd / virtusers # If the system is 32-bit, to the above lib
6, the vsftpd new system user, the user directory is / home / vsftpd
# User terminal to log in / bin / false (ie: making it impossible to log in) the useradd the vsftpd -d / Home / -s the vsftpd / bin / to false chown -R & lt the vsftpd: the vsftpd / Home / the vsftpd
7, to create a virtual user's personal configuration file
mkdir / etc / vsftpd / VCONF cd / etc / vsftpd / VCONF # establish a virtual user profiles here leo Touch leo # edit leo user profile, as follows, similar to other users vi leo # here local_root less a copy of the results in a lo (question vsftp of 500 OOPS: unrecognised variable in config file : cal_root) error resolved for a long time local_root = / Home / vsftpd / xiaoftp / write_enable = YES anon_world_readable_only = NO anon_upload_enable = YES anon_mkdir_write_enable = YES anon_other_write_enable = YES # establish leo user root mkdir -p / home / vsftpd / xoapftp /
8, firewall settings
# 1, directly off the firewall systemctl firewalld.service STOP # stop firewall systemctl disable firewalld.service # prohibit firewall boot # 2, set-Service iptables yum -Y iptables- the install Services # if you want to modify the firewall configuration, such as increasing the firewall port 3306 VI / etc / sysconfig / iptables # add rules -A -m State --state the INPUT -p tcp -m tcp NEW --dport 3306 - J ACCEPT # save and exit after systemctl iptables.service restart # restart the firewall configuration to take effect systemctl enable iptables .service # set the firewall boot # last reboot your system settings to take effect can be.
IPtables 的设置方式:
VI / etc / sysconfig / iptables # editing iptables file, add the following to open the port 21 -A State --state the INPUT NEW -m -m -p TCP TCP --dport 21 - J ACCEPT -A the INPUT -m State - NEW -m -p TCP TCP State --dport 40000: 40010 - J ACCEPT # arrangement of the firewall: firewall-cmd = --zone public-Service---add = FTP - Permanent firewall -cmd public --zone = - = 21 is Port--add / TCP - Permanent Firewall -cmd --zone public --add-Port = = 40000-40010 / TCP --permanent
9, restart the vsftpd server
systemctl restart vsftpd.service
10, using ftp tool to connect a test
at this time, when using ftp connection tools, we can find a connection. When transferring files, you will find file upload and download will appear 500,503, 200 and so on. This time, you can do the following:
Mode 1, turn off SELINUX
# Open SELINUX configuration file vim / etc / SELinux / config # modify configuration parameters # Comment SELINUX = enforcing # increase SELINUX = Disabled # modification is complete, need to restart!
Second way, modify SELINUX
0 setenforce # temporarily let into the Permissive mode SELinux # list associated with the ftp settings getsebool -a | grep ftp # The following is displayed permissions, off is off authority, on open access. It may not be as different machines displayed. I looked at my shows, and online tutorials on the other are not the same ftp_home_dir -> OFF ftpd_anon_write -> OFF ftpd_connect_all_unreserved -> OFF ftpd_connect_db -> OFF ftpd_full_access -> OFF ftpd_use_cifs -> OFF ftpd_use_fusefs -> OFF ftpd_use_nfs -> OFF ftpd_use_passive_mode -> OFF httpd_can_connect_ftp-> OFF httpd_enable_ftp_server -> OFF sftpd_anon_write -> OFF sftpd_enable_homedirs -> OFF sftpd_full_access -> OFF sftpd_write_ssh_home -> OFF tftp_anon_write -> OFF tftp_home_dir -> OFF # will contain ftp_home_dir and related ftpd_full_access are set to 1 setsebool -P ftp_home_dir 1 setsebool -P allow_ftpd_anon_write 1 setsebool -P ftp_home_dir 1 setenforce 1 # to enter Enforcing mode
Three ways, SELINUX not vsftp without any restrictions
setsebool -P ftpd_connect_all_unreserved 1
If you still have problems try to give our users the ftp directory, set about operating authority
chmod -R 775 /home/vsftpd/leo