Installation and configuration of vsftp in CentOS
- 2020-05-12 06:43:20
- OfStack
1 generally, we will automatically install vsftp service after installing the system, but sometimes we still need to do it by ourselves. For example, I configured 1 for my friend in the past two days, and conveniently recorded the process, so that I can refer to it when I need it or provide convenience to my friend in need :)
1. Install
Use chkconfig --list to see if the vsftpd service is installed;
Install directly using the yum command:
yum -y install vsftpd
Then create a log file for it:
touch /var/log/vsftpd.log
Two simple commands like this complete the installation of vsftp, but if you now want to access ftp://your_ip, that won't work. Why? Very simple, permission problem!
2. Start and configure self-start
Use chkconfig --list to view the vsftpd service launch items;
If you see the following results:
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
All the services are off. Notice that off here indicates whether the server will start the service when it is started. We use the following command to configure its self-start:
chkconfig --level 2345 vsftpd on #2345 corresponds to the 0 to 6 terms above
View and manage ftp services:
Start ftp service:
service vsftpd start
View ftp service status:
service vsftpd status
Restart ftp service:
service vsftpd restart
Shut down ftp service:
service vsftpd stop
3. Configure the vsftp service
Edit/etc/vsftpd/vsftpd conf files, configuration vsftp service
#vi /etc/vsftpd/vsftpd.conf
3.1 edit and modify the following items:
anonymous_enable=NO # is set to not allow anonymous access
local_enable=YES # to make it accessible to local users. Note: if a virtual host user is used, all virtual users will not be able to access it if the project is set to NO.
chroot_list_enable=YES # keep the user from leaving the home directory
xferlog_file = / var log/vsftpd log # set vsftpd service log save the path. Note that this file does not exist by default. You have to get touch out manually
ascii_upload_enable=YES # allows uploading in ASCII mode
ascii_download_enable=YES # is set to support the upload and download functions in ASCII mode.
pam_service_name=vsftpd #PAM PAM according to/etc/pam d/vsftpd certification
The following are important CentOS FTP service configuration projects for Vsftpd virtual user support. These Settings are not included in the default vsftpd.conf, so you need to manually add the RHEL/CentOS FTP service configuration.
guest_enable=YES # setting enables virtual user functionality.
guest_username=ftp # specifies the host user for the virtual user. centos already has a built-in ftp user
chroot_list_file=/etc/vsftpd/chroot_list) -RHEL/CentOS already has a built-in ftp user
user_config_dir=/etc/vsftpd/vuser_conf # set the RHEL/CentOS FTP service file location path of the virtual user's personal vsftp. Storing virtual user personalities
CentOS FTP service file (profile name = virtual username)
3.2 create chroot list and add ftp users:
touch /etc/vsftpd/chroot_list
echo ftp(# specifies the host user for the virtual user. See above) > > /etc/vsftpd/chroot_list
3.3 certification:
First, install the Berkeley DB tool. The problem many people can't find is that db_load is not installed.
yum install db4-utils or yum install db4*(* means to install all packages containing db4 characters)
Then, create the user password text /etc/vsftpd/ passwd.txt (the name of the 5 places should be the same), note that the odd line is the user name and the even line is the password
ftpuser1
ftppass1
ftpuser2
ftppass2
Next,. Generates the db file for the virtual user authentication
db_load-T-t hash-f /etc/vsftpd/ txt /etc/vsftpd/ vuser.db (,)
Edit certification documents/etc/pam d/vsftpd
Comment out/etc/pam d/vsftpd all the content in anyway already not to local user authentication
Pay special attention to the following differences
Add the following two sentences to the 32-bit system:
auth required pam_userdb. so db=/etc/vsftpd/vuser_passwd =/etc/vsftpd/vuser_passwd
account required pam_userdb. so db=/etc/vsftpd/vuser_passwd
64-bit systems add the following two sentences:
auth required lib64 / security/pam_userdb so db = / etc/vsftpd/vuser_passwd (4) the four parts of the file name to sample 1)
account required lib64 / security/pam_userdb sodb = / etc/vsftpd/vuser_passwd (5) the four parts of the file name to sample 1)
View system support number: getconf LONG_BIT
Finally, create the virtual user personality RHEL/CentOS FTP service file
mkdir /etc/vsftpd/vuser_conf/
vi /etc/vsftpd/vuser_conf/ftpuser1
It reads as follows:
local_root = / opt/var/ftp1 the root directory of the virtual users (according to the actual modification)
write_enable = YES writable
anon_umask = 022 mask
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
4. Restart the vsftp service with permissions for the directory:
mkdir opt/var ftp/ftpuser1 (create ftp storage directory)
chmod 777 /opt/var/ftp/ftpuser1
service vsftpd restart
5. Frequently asked questions:
5.1 553 Could not create file
1 is generally the problem of SELinux. Set one value of SELinux and restart the server.
setsebool -P ftpd_disable_trans 1
service vsftpd restart
5.2 500 OOPS: bad bool value in config file for: write_enable
Note in your CentOS FTP service file that there are no Spaces at the end of each line.
5.3 after the virtual user uploads, the default permission is: 600, and the user cannot download the file
Add or modify the value of the anon_umask item in the configuration file. Such as anon_umask = 022 or 000
6. Use the command to add ftp users (similar to 3.3)
6.1 add ftp user, command format:
adduser-d/directory path -g ftp-s /sbin/nologin username
If used: # adduser-d /opt/ dongge-g ftp-s /sbin/nologin dongge
A user named dongge has been added, and its directory is under /opt/dongge, belonging to the ftp user group. This user is not allowed to log into our terminal server.
6.2 add password:
#passwd dongge
Set permissions for users with the username FTPUSER to read and write from the directory
touch /var/log/vsftpd.log
0
6.3 directory mount:
If we want to put the /opt/dongge directory under our ftp directory, we can use the mount command
touch /var/log/vsftpd.log
1
This completes the configuration of adding users and mounting directories
7. http download is supported
Edit/etc httpd/conf/httpd conf file:
touch /var/log/vsftpd.log
2
Add the following code:
Alias /fileshare "/var/ftp/ftpuser1"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Restart the httpd service and you can use http://your_ip/fileshare to access and download the required files:)
8. Configuration method of lazy vsftp
After completion of step 1,2,3.1 directly add the following code to the/etc vsftpd/vsftpd conf file:
write_enable = YES writable
anon_umask = 022 mask
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
Just restart the vsftpd service