CentOS 7.0 server installation configuration vsftp<\/p>\n
First, configure the firewall to open the ports needed to FTP server<\/p>\n
CentOS 7.0 is the default firewall as a firewall, here to iptables firewall.
\n1, closed firewall:<\/p>\n
systemctl stop firewalld.service # Stop firewall<\/p>\n
systemctl disable firewalld.service # prohibit firewall boot<\/p>\n
2. Install iptables firewall<\/p>\n
yum install iptables-services # installation<\/p>\n
vi \/etc\/sysconfig\/iptables # edit the firewall configuration file<\/p>\n
# Firewall configuration written by system-config-firewall<\/p>\n
# Manual customization of this file is not recommended.<\/p>\n
*filter<\/p>\n
:INPUT ACCEPT [0:0]<\/p>\n
:FORWARD ACCEPT [0:0]<\/p>\n
:OUTPUT ACCEPT [0:0]<\/p>\n
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT<\/p>\n
-A INPUT -p icmp -j ACCEPT<\/p>\n
-A INPUT -i lo -j ACCEPT<\/p>\n
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT<\/p>\n
-A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT<\/p>\n
-A INPUT -m state –state NEW -m tcp -p tcp –dport 10060:10090 -j ACCEPT<\/p>\n
-A INPUT -j REJECT –reject-with icmp-host-prohibited<\/p>\n
-A FORWARD -j REJECT –reject-with icmp-host-prohibited<\/p>\n
COMMIT<\/p>\n
:wq! # Save and exit<\/p>\n
systemctl restart iptables.service # final restart firewall configuration to take effect<\/p>\n
systemctl enable iptables.service # firewall boot<\/p>\n
Description: 21 port is the ftp service port; 10060-10090 port Vsftpd passive mode is required, you can customize the period of greater than 1024 tcp port.
\nSELINUX<\/p>\n
vi \/etc\/selinux\/config<\/p>\n
#SELINUX=enforcing # # commented<\/p>\n
#SELINUXTYPE=targeted<\/p>\n
SELINUX=disabled<\/p>\n
:wq!<\/p>\n
setenforce 0<\/p>\n
Third, install vsftpd<\/p>\n
yum install -y vsftpd # install vsftpd<\/p>\n
yum install -y psmisc net-tools systemd-devel libdb-devel perl-DBI # installation vsftpd virtual user configuration dependencies<\/p>\n
systemctl start vsftpd.service # Start<\/p>\n
systemctl enable vsftpd.service # set vsftpd boot<\/p>\n
vsftp<\/p>\n
cp \/etc\/vsftpd\/vsftpd.conf \/etc\/vsftpd\/vsftpd.conf-bak back up the default profile<\/p>\n
Execute the following command set<\/p>\n
sed -i “s\/anonymous_enable=YES\/anonymous_enable=NO\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#anon_upload_enable=YES\/anon_upload_enable=NO\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#anon_mkdir_write_enable=YES\/anon_mkdir_write_enable=YES\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#chown_uploads=YES\/chown_uploads=NO\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#async_abor_enable=YES\/async_abor_enable=YES\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#ascii_upload_enable=YES\/ascii_upload_enable=YES\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#ascii_download_enable=YES\/ascii_download_enable=YES\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
sed -i “s\/#ftpd_banner=Welcome to blah FTP service.\/ftpd_banner=Welcome to FTP service.\/g” ‘\/etc\/vsftpd\/vsftpd.conf’<\/p>\n
echo -e “use_localtime=YES\\nlisten_port=21\\nchroot_local_user=YES\\nidle_session_timeout=300<\/p>\n
\\ndata_connection_timeout=1\\nguest_enable=YES\\nguest_username=vsftpd<\/p>\n
\\nuser_config_dir=\/etc\/vsftpd\/vconf\\nvirtual_use_local_privs=YES<\/p>\n
\\npasv_min_port=10060\\npasv_max_port=10090<\/p>\n
\\naccept_timeout=5\\nconnect_timeout=1” >> \/etc\/vsftpd\/vsftpd.conf<\/p>\n
Fifth, the establishment of virtual user list file<\/p>\n
touch \/etc\/vsftpd\/virtusers<\/p>\n
Edit the virtual user account list file \ud83d\ude41 first line, second line password, note: do not use the root user name, the system retained)<\/p>\n
vi \/etc\/vsftpd\/virtusers<\/p>\n
web1
\n123456
\nweb2
\n123456
\nweb3
\n123456
\n:wq!<\/p>\n
Sixth, to generate a virtual user data file<\/p>\n
db_load -T -t hash -f \/etc\/vsftpd\/virtusers \/etc\/vsftpd\/virtusers.db<\/p>\n
chmod 600 \/etc\/vsftpd\/virtusers.db # set the PAM authentication files and specify the virtual user database file for reading<\/p>\n
Seven, in \/etc\/pam.d\/vsftpd file header by adding the following information (later joined invalid)<\/p>\n
Before the amendment to the backup cp \/etc\/pam.d\/vsftpd \/etc\/pam.d\/vsftpdbak
\ncp \/etc\/pam.d\/vsftpd \/etc\/pam.d\/vsftpdbak<\/p>\n
vi \/etc\/pam.d\/vsftpd<\/p>\n
auth sufficient \/lib64\/security\/pam_userdb.so db=\/etc\/vsftpd\/virtusers<\/p>\n
account sufficient \/lib64\/security\/pam_userdb.so db=\/etc\/vsftpd\/virtusers<\/p>\n
Note: If your system is 32-bit, top to lib, otherwise, the configuration fails<\/p>\n
Eight, the new system user vsftpd, user directory is \/home\/wwwroot, user login terminal is set to \/bin\/false (even if they can not log into the system)
\nuseradd vsftpd -d \/home\/wwwroot -s \/bin\/false<\/p>\n
chown vsftpd:vsftpd \/home\/wwwroot -R<\/p>\n
chown www:www \/home\/wwwroot -R ## If the virtual host user user www, the need for such settings.<\/p>\n
Nine, to create a virtual user’s personal profile Vsftp<\/p>\n
mkdir \/etc\/vsftpd\/vconf<\/p>\n
cd \/etc\/vsftpd\/vconf<\/p>\n
touch web1 web2 web3 # to create three virtual user profile here<\/p>\n
mkdir -p \/home\/wwwroot\/web1\/http\/<\/p>\n
vi web1 # web1 edit user profiles, with other similar configuration file<\/p>\n
local_root=\/home\/wwwroot\/web1\/http\/<\/p>\n
write_enable=YES<\/p>\n
anon_world_readable_only=NO<\/p>\n
anon_upload_enable=YES<\/p>\n
anon_mkdir_write_enable=YES<\/p>\n
anon_other_write_enable=YES<\/p>\n
Ten, the final restart vsftpd server<\/p>\n
systemctl restart vsftpd.service<\/p>\n
???<\/p>\n
guest_username=vsftpd # user-specified virtual host user (new user is in front of us)<\/p>\n
guest_username=www # If the ftp directory is pointing to the root directory of the site for uploading Web site, you can specify the user’s virtual host user accounts to run nginx www, avoid many problems permission settings<\/p>\n
Sample doc is attached<\/p>\n
<\/p>\n
<\/p>\n