CentOS7 installation configuration vsftp setup FTP

Install and configure vsftpd to do FTP service, our Web application USES git management for iteration, and the public file software storage is managed by open source network disk Seafile, which is basically enough. I could not imagine the usage scenario of FTP, and I felt that it seemed to be getting old. Although I did not use this tool at present, the company just needed to use FTP to download the configuration file for one piece of hardware, so I used it for 1 time and recorded the usage process for 1 time.

The installation

Check to see if vsftpd is installed before installing

#  Check to see if it is installed   methods 1
[root@localhost ~]# rpm -q vsftpd
vsftpd-3.0.2-21.el7.x86_64

#  Check to see if it is installed   methods 2
[root@localhost ~]# vsftpd -v
vsftpd: version 3.0.2

#  The installation  vsftpd
[root@localhost ~]# yum -y install vsftpd

Check the position of

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

Start the vsftpd service

systemctl start vsftpd.service

Close firewall and SELinux

setenforce 0  #  Set up the SELinux  Become a permissive model   (closed SELinux ) 
setenforce 1  #  Set up the SELinux  Become a enforcing model    (open SELinux ) 

#  Or modify the configuration 
vi /etc/selinux/config
# SELINUX=enforcing
#  Comment out the 
# SELINUXTYPE=targeted
#  Comment out the 
SELINUX=disabled
#  increase 
:wq! # Save the exit 
setenforce 0

Or set SELinux

getsebool -a | grep ftp
setsebool -P ftpd_full_access on

systemctl stop firewalld.service
# stop firewall
systemctl disable firewalld.service
# ban firewall Powered up 

If you are not willing to turn off the firewall, you need to add the FTP service to the firewall.

firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload

Modify the configuration file

Configuration file/etc vsftpd/vsftpd conf

anonymous_enable=NO    #  Do not allow anonymous access, disable anonymous login 
chroot_local_user=YES   #  Enable qualified users in their home directory 
use_localtime=YES     #  When using local ( To add )
chroot_list_enable=YES
local_enable=YES      #  Allows using a local account FTP User login verification 
allow_writeable_chroot=YES #  If you enable qualified users to add this configuration in their home directory, resolve the error  500 OOPS: vsftpd: refusing to run with writable root inside chroot()
xferlog_enable=YES     #  Enable upload and download log function, default enabled. 
local_umask=022      #  Set the local user default file mask 022
# FTP On the local file permissions, the default is 077 , but vsftpd The default is in the configuration file after installation 022

Virtual user advanced parameters

When virtual_use_local_privs=YES, the virtual user and the local user have the same permissions. When virtual_use_local_privs=NO, virtual users and anonymous users have the same permissions, and NO is the default. When virtual_use_local_privs=YES, write_enable=YES, the virtual user has write permissions (upload, download, delete, rename). When virtual_use_local_privs=NO, write_enable=YES, anon_world_world_only =YES, anon_upload_enable=YES, virtual users can not browse the directory, can only upload files, no other permissions. When virtual_use_local_privs=NO, write_enable=YES, anon_world_readable_only=NO, anon_upload_enable=NO, the virtual user can only download files without other permissions. When virtual_use_local_privs=NO, write_enable=YES, anon_world_readable_only=NO, anon_upload_enable=YES, virtual users can only upload and download files without other permissions. When virtual_use_local_privs=NO, write_enable=YES, anon_world_readable_only=NO, anon_mkdir_write_enable=YES, the virtual user can only download files and create folders without other permissions. When virtual_use_local_privs=NO, write_enable=YES, anon_world_readable_only=NO, anon_other_write_enable=YES, the virtual user can only download, delete, and rename files, and has no other permissions.

Anonymous logins

After installation, anonymous login is enabled by default, which corresponds to the /var/ftp directory. Once the service is started, FTP can be connected directly. The default username is ftp and the password is empty. If you configure anonymous_enable=NO in your configuration, you can't log in anonymously.

$ ftp 192.168.188.114

Connected to 192.168.188.114.
220 (vsFTPd 3.0.2)
Name (192.168.188.114:kennywang): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||47867|).
150 Here comes the directory listing.
-rw-r--r--  1 0    0       12 Jan 18 06:31 README.md
drwxr-xr-x  2 0    0        6 Nov 05 19:43 pub
226 Directory send OK.

Multi-user configuration

The multi-user configuration needs to be manually added, so go to the end of vsftpd.conf

# 
# 

use_localtime=YES     #  When using local ( To add )
listen_port=21
chroot_local_user=YES   #  Enable qualified users in their home directory 
idle_session_timeout=300

data_connection_timeout=120 #  Data connection timeout 
guest_enable=YES       #  Set to enable the virtual user function 
guest_username=ftpuser    #  Specify the host user for the virtual user  ftpuser (that's the user we'll create later) 
# guest_username=www
#  if ftp The directory is the directory that points to the root of the website, which is used to upload the website application, 
#  The host user of the virtual user can be specified as nginx Running account www , you can avoid many permission setup problems  


user_config_dir=/etc/vsftpd/vuser_conf  #  Virtual user profile directory 
virtual_use_local_privs=YES # NO , the virtual user and the anonymous user have the same permissions, the default is NO

pasv_min_port=10060     #  Passive mode minimum port number 10060
pasv_max_port=10090     #  Passive mode maximum port number 10090

accept_timeout=5
connect_timeout=1

Create a host user

New system user ftpuser, user directory is /home/vsftpd, user login terminal is set to /bin/false(even if it cannot log in the system)

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

0

Delete user userdel ftpuser

Create a virtual user file

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

1

Generate virtual user data files

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

2

Creating user profiles

mkdir /etc/vsftpd/vuser_conf #  Create a virtual user profile vsftp Configuration file 
cd /etc/vsftpd/vuser_conf   #  Enter the directory 
touch hss wcj         #  Two virtual user profiles are created here 

Each file configuration file is the same, except for the parameter local_root.

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

4

Create a user directory

Each user directory folder is created by the root user, which is the local_root configuration directory above, and its permissions should be set to 755. You cannot upload files directly in this folder because of permissions issues. If it is set to 777, it cannot be accessed, because of the security Settings of vsftpd. The solution to the upload problem is to create a new upload folder in the local_root folder, with the permissions set to 777, to upload files to the local_root folder.

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

5

Several user distinctions in vsftpd:

Local user: the user has an account on the FTP server, which is the account of the local user. The user can be authorized to log in through his/her own account and password. The login directory is his/her home directory $HOME

Virtual user: the user has an account on the FTP server, but this account can only be used for file transfer services. The login directory is a specific directory, which can usually be uploaded and downloaded

Anonymous user: the user has no account on the FTP server, and the login directory is /var/ftp

Finally, restart the vsftpd server

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

6

Service operations

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

7

FTP command

ftp> ascii #  Set to ASCII Mode transfer file ( The default value ) 
ftp> bell  #  Each completed 1 Secondary file transfer , Alarm prompt . 
ftp> binary #  Set to 2 Transfer files in base mode . 
ftp> bye  #  Termination of the host FTP process , And exit FTP Management style . 
ftp> case #  As for the ON when , with MGET The command copies the file name to the local machine , All lowercase . 
ftp> cd   #  with UNIX the CD The command . 
ftp> cdup  #  On the back 1 Level directory . 
ftp> chmod #  Changes file permissions for remote hosts . 
ftp> close #  Termination distal FTP process , Return to the FTP Command status ,  All macro definitions have been deleted . 
ftp> delete #  Deletes files from the remote host . 
ftp> dir [remote-directory] [local-file] #  Lists the files in the current remote host directory . If you have a local file , Write the result to a local file . 
ftp> get [remote-file] [local-file] #  From the remote host to the localhost . 
ftp> help [command] #  The interpretation of the output command . 
ftp> lcd #  Changes the working directory of the current localhost , If the default , Go to the current user's HOME directory . 
ftp> ls [remote-directory] [local-file] #  with DIR. 
ftp> macdef         #  Define macro command . 
ftp> mdelete [remote-files] #  delete 1 The batch file . 
ftp> mget [remote-files]  #  Received from a remote host 1 Batch files to localhost . 
ftp> mkdir directory-name  #  Create a directory on the remote host . 
ftp> mput local-files #  Put localhost in 1 The batch file is sent to the remote host . 
ftp> open host [port] #  To establish a 1 Three new connections . 
ftp> prompt      #  Interactive prompt mode . 
ftp> put local-file [remote-file] #  The local 1 File to the remote host . 
ftp> pwd #  Lists the current remote host directory . 
ftp> quit #  with BYE. 
ftp> recv remote-file [local-file] #  with GET. 
ftp> rename [from] [to]   #  Change the file name in the remote host . 
ftp> rmdir directory-name  #  Delete the directory from the remote host . 
ftp> send local-file [remote-file] #  with PUT. 
ftp> status  #  Show the current FTP The state of the . 
ftp> system  #  Displays the remote host system type . 
ftp> user user-name [password] [account] #  Log in to the remote host again with a different user name . 
ftp> ? [command] #  with HELP. [command] Specify the name of the command that needs help. If not specified  command . ftp  A list of all commands is displayed. 
ftp> ! #  from  ftp  The subsystem exits into the shell.  

Close the FTP connection

bye

exit

quit

The download file

[root@localhost ~]# whereis vsftpd
vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz

9

Upload a file

ftp> put /path/readme.txt #  upload  readme.txt  file 
ftp> mput *.txt      #  Multiple files can be uploaded 

Status code

230 - login was successful 200 - command executed successfully 150 - file status is normal, open data connection port 250 - directory switching completed 226 - closed data connection port, requested file operation successful