文档章节

centos 安装ftp

若虚夜
 若虚夜
发布于 2017/08/24 17:55
字数 1187
阅读 9
收藏 0

什么是vsftpd

vsftpd是一款在Linux发行版中最受推崇的FTP服务器程序。特点是小巧轻快,安全易用。

vsftpd 的名字代表”very secure FTP daemon”, 安全是它的开发者 Chris Evans 考虑的首要问题之一。在这个 FTP 服务器设计开发的最开始的时候,高安全性就是一个目标。

安装vsftpd

1、以管理员(root)身份执行以下命令

  1. yum install vsftpd

2、设置开机启动vsftpd ftp服务

  1. chkconfig vsftpd on

3、启动vsftpd服务

  1. service vsftpd start

管理vsftpd相关命令:

停止vsftpd:  service vsftpd stop

重启vsftpd:  service vsftpd restart

配置防火墙(Centos6 为例)

打开/etc/sysconfig/iptables文件

  1. vi /etc/sysconfig/iptables

在REJECT行之前添加如下代码

  1. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

保存和关闭文件,重启防火墙

  1. service iptables start

配置vsftpd服务器

默认的配置文件是/etc/vsftpd/vsftpd.conf,你可以用文本编辑器打开。

  1. vi /etc/vsftpd/vsftpd.conf

添加ftp用户

下面是添加ftpuser用户,设置根目录为/home/wwwroot/ftpuser,禁止此用户登录SSH的权限,并限制其访问其它目录。

1、修改/etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=NO
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

allow_writeable_chroot=YES

3、增加用户ftpuser,指向目录/home/wwwroot/ftpuser,禁止登录SSH权限。

 

  1. useradd -d /home/wwwroot/ftpuser -g ftp -s /sbin/nologin ftpuser

4、设置用户口令

  1. passwd ftpuser

5、编辑文件chroot_list:

  1. vi /etc/vsftpd/chroot_list

内容为ftp用户名,每个用户占一行,如:

peter
john

6、重新启动vsftpd

  1. service vsftpd restart

7修改配置文件需要重启机器:

修改vim /etc/selinux/config 文件

将SELINUX=enforcing改为SELINUX=disabled

 

阿里云,FTP需要使用20/21,1024/65535端口

https://workorder.console.aliyun.com/attach/note_attach.do?spm=5176.2020520129.105.5.a9e646aeINjE5y&id=44711592&order=0 https://workorder.console.aliyun.com/attach/note_attach.do?spm=5176.2020520129.105.5.a9e646aeINjE5y&id=44711592&order=1

© 著作权归作者所有

共有 人打赏支持
上一篇: mysql支持emjo
下一篇: Idea插件
若虚夜
粉丝 2
博文 14
码字总数 7840
作品 0
南京
私信 提问
建立局域网内使用的CentOS7源

建立局域网内使用的CentOS7源 by 无若 1. 在CentOS下建立匿名的FTP访问服务 CentOS 7下安装配置pure-ftpd,并使用匿名用户登录 Pure-FTPd是Linux上的一个开源的FTP服务程序。 (1). 安装epel源...

无若
2016/08/04
64
0
常用CentOS vsftpd安装设置讲解

CentOS vsftpd还是比较常用的,于是我研究了一下CentOS vsftpd,在这里拿出来和大家分享一下,希望对大家有用。这里讲解介绍centos vsftpd的设置。CentOS Linux与RHEL产品有着严格的版本对应...

nothingfinal
2011/04/12
0
0
yum源yum-fastestmirror

对centos系统管理员来说,yum绝对是个好东西,只可惜,官方yum源的速度实在让人不敢恭维,而非官方的yum源又五花八门,让人难以取舍。 幸运的是,yum-fastestmirror插件弥补了这一缺陷:自动...

吕兵阳
2016/01/23
210
0
linux ftp安装

一. FTP 说明 linux 系统下常用的FTP 是vsftp, 即Very Security File Transfer Protocol. 还有一个是proftp(Profession ftp)。 我们这里也是简单的说明下vsftp的配置。 vsftp提供3种远程的登...

小木头的冬天
2016/03/06
73
0
centos 6.* 配置本地网络的FTP YUM源

服务端配置 创建挂载目录 mkdir /media/CentOS6.5Final 赋予挂载目录权限 chmod -R 777 /media/CentOS6.5Final 挂载iso mount -o loop CentOS-6.5-x8664-bin-DVD1.iso /media/CentOS6.5_Fina......

898009427
2017/10/19
0
0

没有更多内容

加载失败,请刷新页面

加载更多

初探Spring Cloud(一)

1. 什么是Spring Cloud? Spring提供了一系列工具,可以帮助开发人员迅速搭建分布式系统中的公共组件(比如:配置管理,服务发现,断路器,智能路由,微代理,控制总线,一次性令牌,全局锁,...

__HuWei
16分钟前
0
0
Mac配置ssh免密钥登录

Mac终端每次使用ssh -p 22 user@ip登录很是麻烦,下面介绍配置ssh免密钥登录: cd ~/.ssh下创建conf文件,写入以下配置: Host test HostName ip Port 22 IdentityFile /Users/t/key/test.p...

littlemesieV
31分钟前
1
0
Spark2.0操作ES

ES提供了支持包来方便的操作ES。首先添加ES的依赖maven: <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch-spark-20_2.11</artifactId> <version>6.2.0</ver......

守望者之父
32分钟前
1
0
专业术语

1、防御性编程 DruidDataSource类有一个init方法,我们在spring中配置druid时,都会指定 init-method='init'. 而且DruidDataSource也在其他地方,诸如getConnection()方法里作了防御性编程, 也就...

still5656
34分钟前
1
0
微信开发--测试账号相关

1、微信公众平台选择代码开发后,其平台上的部分功能会不可用 可在开发者工具中选择开通测试账号,进行相关的功能调试(测试账号出微信支付不可调试外,其他功能基本上都可以调试) 2、测试账号...

Code辉
40分钟前
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部