CentOS 7.0 server installation configuration vsftp

CentOS 7.0 server installation configuration vsftp

First, configure the firewall to open the ports needed to FTP server

CentOS 7.0 is the default firewall as a firewall, here to iptables firewall.
1, closed firewall:

systemctl stop firewalld.service # Stop firewall

systemctl disable firewalld.service # prohibit firewall boot

2. Install iptables firewall

yum install iptables-services # installation

vi /etc/sysconfig/iptables # edit the firewall configuration file

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 10060:10090 -j ACCEPT

-A INPUT -j REJECT –reject-with icmp-host-prohibited

-A FORWARD -j REJECT –reject-with icmp-host-prohibited

COMMIT

:wq! # Save and exit

systemctl restart iptables.service # final restart firewall configuration to take effect

systemctl enable iptables.service # firewall boot

Description: 21 port is the ftp service port; 10060-10090 port Vsftpd passive mode is required, you can customize the period of greater than 1024 tcp port.
SELINUX

vi /etc/selinux/config

#SELINUX=enforcing # # commented

#SELINUXTYPE=targeted

SELINUX=disabled

:wq!

setenforce 0

Third, install vsftpd

yum install -y vsftpd # install vsftpd

yum install -y psmisc net-tools systemd-devel libdb-devel perl-DBI # installation vsftpd virtual user configuration dependencies

systemctl start vsftpd.service # Start

systemctl enable vsftpd.service # set vsftpd boot

vsftp

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak back up the default profile

Execute the following command set

sed -i “s/anonymous_enable=YES/anonymous_enable=NO/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#anon_upload_enable=YES/anon_upload_enable=NO/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#anon_mkdir_write_enable=YES/anon_mkdir_write_enable=YES/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#chown_uploads=YES/chown_uploads=NO/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#async_abor_enable=YES/async_abor_enable=YES/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#ascii_upload_enable=YES/ascii_upload_enable=YES/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#ascii_download_enable=YES/ascii_download_enable=YES/g” ‘/etc/vsftpd/vsftpd.conf’

sed -i “s/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to FTP service./g” ‘/etc/vsftpd/vsftpd.conf’

echo -e “use_localtime=YES\nlisten_port=21\nchroot_local_user=YES\nidle_session_timeout=300

\ndata_connection_timeout=1\nguest_enable=YES\nguest_username=vsftpd

\nuser_config_dir=/etc/vsftpd/vconf\nvirtual_use_local_privs=YES

\npasv_min_port=10060\npasv_max_port=10090

\naccept_timeout=5\nconnect_timeout=1” >> /etc/vsftpd/vsftpd.conf

Fifth, the establishment of virtual user list file

touch /etc/vsftpd/virtusers

Edit the virtual user account list file 🙁 first line, second line password, note: do not use the root user name, the system retained)

vi /etc/vsftpd/virtusers

web1
123456
web2
123456
web3
123456
:wq!

Sixth, to generate a virtual user data file

db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db

chmod 600 /etc/vsftpd/virtusers.db # set the PAM authentication files and specify the virtual user database file for reading

Seven, in /etc/pam.d/vsftpd file header by adding the following information (later joined invalid)

Before the amendment to the backup cp /etc/pam.d/vsftpd /etc/pam.d/vsftpdbak
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpdbak

vi /etc/pam.d/vsftpd

auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers

Note: If your system is 32-bit, top to lib, otherwise, the configuration fails

Eight, the new system user vsftpd, user directory is /home/wwwroot, user login terminal is set to /bin/false (even if they can not log into the system)
useradd vsftpd -d /home/wwwroot -s /bin/false

chown vsftpd:vsftpd /home/wwwroot -R

chown www:www /home/wwwroot -R ## If the virtual host user user www, the need for such settings.

Nine, to create a virtual user’s personal profile Vsftp

mkdir /etc/vsftpd/vconf

cd /etc/vsftpd/vconf

touch web1 web2 web3 # to create three virtual user profile here

mkdir -p /home/wwwroot/web1/http/

vi web1 # web1 edit user profiles, with other similar configuration file

local_root=/home/wwwroot/web1/http/

write_enable=YES

anon_world_readable_only=NO

anon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

Ten, the final restart vsftpd server

systemctl restart vsftpd.service

???

guest_username=vsftpd # user-specified virtual host user (new user is in front of us)

guest_username=www # If the ftp directory is pointing to the root directory of the site for uploading Web site, you can specify the user’s virtual host user accounts to run nginx www, avoid many problems permission settings

Sample doc is attached

 

 

doc1