文档章节

centos 安装ftp

若虚夜
 若虚夜
发布于 2017/08/24 17:55
字数 1187
阅读 7
收藏 0
点赞 0
评论 0

什么是vsftpd

vsftpd是一款在Linux发行版中最受推崇的FTP服务器程序。特点是小巧轻快,安全易用。

vsftpd 的名字代表”very secure FTP daemon”, 安全是它的开发者 Chris Evans 考虑的首要问题之一。在这个 FTP 服务器设计开发的最开始的时候,高安全性就是一个目标。

安装vsftpd

1、以管理员(root)身份执行以下命令

  1. yum install vsftpd

2、设置开机启动vsftpd ftp服务

  1. chkconfig vsftpd on

3、启动vsftpd服务

  1. service vsftpd start

管理vsftpd相关命令:

停止vsftpd:  service vsftpd stop

重启vsftpd:  service vsftpd restart

配置防火墙(Centos6 为例)

打开/etc/sysconfig/iptables文件

  1. vi /etc/sysconfig/iptables

在REJECT行之前添加如下代码

  1. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

保存和关闭文件,重启防火墙

  1. service iptables start

配置vsftpd服务器

默认的配置文件是/etc/vsftpd/vsftpd.conf,你可以用文本编辑器打开。

  1. vi /etc/vsftpd/vsftpd.conf

添加ftp用户

下面是添加ftpuser用户,设置根目录为/home/wwwroot/ftpuser,禁止此用户登录SSH的权限,并限制其访问其它目录。

1、修改/etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=NO
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

allow_writeable_chroot=YES

3、增加用户ftpuser,指向目录/home/wwwroot/ftpuser,禁止登录SSH权限。

 

  1. useradd -d /home/wwwroot/ftpuser -g ftp -s /sbin/nologin ftpuser

4、设置用户口令

  1. passwd ftpuser

5、编辑文件chroot_list:

  1. vi /etc/vsftpd/chroot_list

内容为ftp用户名,每个用户占一行,如:

peter
john

6、重新启动vsftpd

  1. service vsftpd restart

7修改配置文件需要重启机器:

修改vim /etc/selinux/config 文件

将SELINUX=enforcing改为SELINUX=disabled

 

阿里云,FTP需要使用20/21,1024/65535端口

https://workorder.console.aliyun.com/attach/note_attach.do?spm=5176.2020520129.105.5.a9e646aeINjE5y&id=44711592&order=0 https://workorder.console.aliyun.com/attach/note_attach.do?spm=5176.2020520129.105.5.a9e646aeINjE5y&id=44711592&order=1

© 著作权归作者所有

共有 人打赏支持
若虚夜
粉丝 2
博文 14
码字总数 7676
作品 0
南京
建立局域网内使用的CentOS7源

建立局域网内使用的CentOS7源 by 无若 1. 在CentOS下建立匿名的FTP访问服务 CentOS 7下安装配置pure-ftpd,并使用匿名用户登录 Pure-FTPd是Linux上的一个开源的FTP服务程序。 (1). 安装epel源...

无若 ⋅ 2016/08/04 ⋅ 0

常用CentOS vsftpd安装设置讲解

CentOS vsftpd还是比较常用的,于是我研究了一下CentOS vsftpd,在这里拿出来和大家分享一下,希望对大家有用。这里讲解介绍centos vsftpd的设置。CentOS Linux与RHEL产品有着严格的版本对应...

nothingfinal ⋅ 2011/04/12 ⋅ 0

配置CentOS yum更新源

yum是CentOS在线安装更新及软件的工具,但是这是RHEL5的收费功能,如果没有购买Redhat的服务时不能使用RHEL5的更新源的,会提示注册。 由于CentOS是从Redhat演化而来的免费Linux版本,因此可...

Neo_ ⋅ 2012/08/21 ⋅ 0

yum源yum-fastestmirror

对centos系统管理员来说,yum绝对是个好东西,只可惜,官方yum源的速度实在让人不敢恭维,而非官方的yum源又五花八门,让人难以取舍。 幸运的是,yum-fastestmirror插件弥补了这一缺陷:自动...

吕兵阳 ⋅ 2016/01/23 ⋅ 0

linux ftp安装

一. FTP 说明 linux 系统下常用的FTP 是vsftp, 即Very Security File Transfer Protocol. 还有一个是proftp(Profession ftp)。 我们这里也是简单的说明下vsftp的配置。 vsftp提供3种远程的登...

小木头的冬天 ⋅ 2016/03/06 ⋅ 0

CentOS笔记:yum使用说明

1、基本操作 a) 列出package # yum list b) 搜索package # yum search <package name> or # yum list | grep <package name> c) 查看package信息 # yum info <package name> d) 安装package......

mj4738 ⋅ 2011/10/24 ⋅ 0

建立centos6的yum源服务器

1.将rpm包拷贝到一个目录比如rpms 2.建立资源库索引 首先要安装 createrepo软件 yum install createrepo 然后建立索引 createrepo -o centos6 rpms 注:-o为目标dir rpms为软件源父目录 3.建...

taojinhuo ⋅ 2011/09/13 ⋅ 0

CentOS上FTP的安装和相关配置

昨天晚上也写了一篇关于centos上ftp的安装和配置,但发现截的图没传上去,额…重写一篇,有些原理我可能不知道,但这样装确实成功了…望高手指教。 1. 查看是否安装vsftp PS:这个图是装好后截...

yearnfar ⋅ 2012/02/18 ⋅ 5

实现系统 ftp网络yum服务器

1准备工作 在centos7中禁用关闭防火墙 [root@centos7 yum.repos.d]#systemctl disable firewalld.service 禁用防火墙 下次开机不启用 [root@centos7 yum.repos.d]#systemctl stop firewalld.......

工运搬维运 ⋅ 2017/11/26 ⋅ 0

centos 6.* 配置本地网络的FTP YUM源

服务端配置 创建挂载目录 mkdir /media/CentOS6.5Final 赋予挂载目录权限 chmod -R 777 /media/CentOS6.5Final 挂载iso mount -o loop CentOS-6.5-x8664-bin-DVD1.iso /media/CentOS6.5_Fina......

898009427 ⋅ 2017/10/19 ⋅ 0

没有更多内容

加载失败,请刷新页面

加载更多

下一页

从方法论到零售客户实践 解码阿里巴巴数据中台——2018上海云栖大会

摘要: 一、数据中台之道 6月8日,上海云栖大会进入了第二天的议程,数据中台专场论坛座无虚席,数据中台总架构师邓中华女士向在场的观众介绍了数据中台的衍生发展之道。 基于OneID、OneData...

阿里云云栖社区 ⋅ 23分钟前 ⋅ 0

Ubuntu部署django问题汇总

使用Anaconda3的Python3.6的pip安装UWSGI报错 原因是gcc版本不兼容,安装4.7并修改gccsudo apt-get install gcc-4.7sudo mv /usr/bin/gcc /usr/bin/gcc.baksudo ln -s /usr/bin/gcc-4.......

wuyaSama ⋅ 26分钟前 ⋅ 0

从方法论到零售客户实践 解码阿里巴巴数据中台——2018上海云栖大会

摘要: 一、数据中台之道 6月8日,上海云栖大会进入了第二天的议程,数据中台专场论坛座无虚席,数据中台总架构师邓中华女士向在场的观众介绍了数据中台的衍生发展之道。 基于OneID、OneData...

猫耳m ⋅ 26分钟前 ⋅ 0

Docker减肥小记

如果经常使用 docker,你会发现 docker 占用的资源膨胀很快,其中最明显也最容易被察 如何快速的清理 docker 占用的系统资源,具体点说就是删除那些无用的镜像、容器、网络和数据卷… 1、查看...

寰宇01 ⋅ 37分钟前 ⋅ 0

微信小程序中如何使用WebSocket实现长连接(含完整源码)

本文由腾讯云技术团队原创,感谢作者的分享。 1、前言 微信小程序提供了一套在微信上运行小程序的解决方案,有比较完整的框架、组件以及 API,在这个平台上面的想象空间很大。腾讯云研究了一...

JackJiang- ⋅ 45分钟前 ⋅ 0

定制库到Maven本地资源库

1.如果只有定制库的JAR文件 下载链接如下:pdf.jar 2.使用命令转换成Maven本地资源 mvn install:install-file -Dfile=/Users/manager/Downloads/clj-pdf-2.2.33.jar -DgroupId=clj-pdf -Dar......

年少爱追梦 ⋅ 49分钟前 ⋅ 0

高仿springmvc之xuchen-mvc

package org.mvc.framework.servlet; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.......

徐志 ⋅ 51分钟前 ⋅ 0

关于自定义URLStreamHandler的一次踩坑

关于自定义URLStreamHandler的一次踩坑 20180625 lambo init 说明 一般自定义实现url的协议解析.方案为实现URLStreamHandler.实现其 openConnection 就可以了, 如果我们执行 new URL("xx://...

林小宝 ⋅ 52分钟前 ⋅ 0

【SM2证书】利用BC的X509v3CertificateBuilder组装X509国密证书

演示证书文件 链接: https://pan.baidu.com/s/1ijHNnMQJj7jzW-jXEVd6Gg 密码: vfva 所需jar包 <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on --> <dependenc......

小帅帅丶 ⋅ 53分钟前 ⋅ 0

用Calendar 实现 计算 一段时间的毫秒值

Calendar c=Calendar.getInstance();c.add(Calendar.MONTH, -1);int lastMonthMaxDay=c.getActualMaximum(Calendar.DAY_OF_MONTH);c.set(c.get(Calendar.YEAR), c.get(Calendar.MONTH)......

岸芷汀兰 ⋅ 57分钟前 ⋅ 0

没有更多内容

加载失败,请刷新页面

加载更多

下一页

返回顶部
顶部