Of Stack

CentOS 7 Steps to install the vsftpd server

  • 2020-06-12 11:39:58
  • OfStack

Install the ftp server on CentOS7 to save images uploaded by the server.

1, CentOS uninstall vsftpd method

If the vsftpd service is already installed on the server, a configuration error requires the vsftpd service to be uninstalled.

1.1 Find the vsftpd service 


[root@localhost /]# rpm -aq vsftpd

The return result shows:

vsftpd-3.0.2-21. es20EN7.x86_64 # here is the return result of looking for vsftpd

Indicates that the vsftpd service was installed prior to this service period.

1.2 Delete the vsftpd service found

Note: Before uninstalling vsftpd, stop vsftpd 


[root@localhost /]# /sbin/service vsftpd stop

Uninstall vsftpd: 


[root@localhost /]# rpm -e vsftpd-3.0.2-21.el7.x86_64

The return result shows: 


warning: /etc/vsftpd/vsftpd.conf saved as /etc/vsftpd/vsftpd.conf.rpmsave # Backup will be taken when deleted vsftp User list file

1.3 Enter a validation command to verify that the vsftpd service has been deleted 


[root@localhost /]# /sbin/service vsftpd stop
Redirecting to /bin/systemctl stop vsftpd.service
Failed to stop vsftpd.service: Unit vsftpd.service not loaded. # Can't find vsftpd
[root@localhost /]# /sbin/service vsftpd start
Redirecting to /bin/systemctl start vsftpd.service
Failed to start vsftpd.service: Unit not found. # Can't find vsftpd

If both commands indicate that the vsftpd service cannot be found, then it has been successfully uninstalled.

2. Install vsftpd components 


[root@localhost /]# yum -y install vsftpd

2.1 start ftp 


[root@localhost home]# systemctl start vsftpd.service

2.2 Release port 21 


[root@localhost /]# firewall-cmd --zone=public --add-port=21/tcp --permanent
[root@localhost /]# firewall-cmd --reload

3. Detailed configuration of vsftpd service

3.1 Turn off anonymous users 


[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf

Modify the following three items in the ES67en.conf configuration file: 


anonymous_enable=NO
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES

Then restart the ftp service: 


[root@localhost /]# /sbin/service vsftpd stop
0

After configuring the restart, anonymous users can no longer log in.

3.2 Establish ftp virtual hosting account

Create a new user who cannot log in to the system. Only use the ftp service if there is no user directory set. Default is under home: 


[root@localhost vsftpd]# useradd ftpuser -s /sbin/nologin

Set password for ftpuser users: 


[root@localhost /]# passwd ftpuser

3.3 Check the status of ftp 


[root@localhost /]# /sbin/service vsftpd stop
3

Display results: 


[root@localhost /]# /sbin/service vsftpd stop
4

Set the two red states above to on: 


[root@localhost /]# /sbin/service vsftpd stop
5

3.4 configuration vsftpd conf

Limit system users to the /home/ftpuser directory

If I set it to 


[root@localhost /]# /sbin/service vsftpd stop
6

So, any user added to the file vsftpd.chroot_ES115en is an unlimited user

That is, you can browse the parent directory of its home directory.

So, if you don't want a user to be able to browse the contents of the parent directory of their home directory, you can set that as above, and then go to

The user is simply not added to the file vsftpd.chroot_list (at this point, users in the file can browse to directories other than their home directories).

Or, set it as follows 


chroot_local_user = NO
chroot_list_enable=YES( It has to be in this line ,  Otherwise the file vsftpd.chroot_list It won't work )
chroot_list_file=/etc/vsftpd.chroot_list

It then adds to the file vsftpd.chroot_ES133en any user in the file who does not wish to have such access to directories above their home directory (at this point, no user in the file is allowed to browse to a directory other than their home directory)

(1 line 1 user name). 


[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf

There are two schemes, and I use the second one. The configuration is as follows: 


[root@localhost /]# /sbin/service vsftpd stop
9

The default chroot_list does not exist 


[root@localhost vsftpd]# vim /etc/vsftpd/chroot_list

Then add ftpuser to indicate that only ftpuser cannot access the parent directory, and restart vsftpd.

3.5 Modify permission

Modify /home/ftpuser permission to be unwritable 


[root@localhost vsftpd]# chmod a-w /home/ftpuser/taotao

This is because we have made the /home/ftpuser/taotao file permissions non-writable above, so we create an images folder in this directory for uploading files. Assign permissions to the ftpuser user 


[root@localhost taotao]# mkdir images
[root@localhost images]# chown ftpuser images

4. Open PASV (passive mode)

In/etc vsftpd/vsftpd conf bottom to join 


pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30999

And add after the userlist_enable=YES file 


userlist_deny=NO
userlist_file=/etc/vsftpd/user_list

Open the firewall: 


[root@localhost taotao]# firewall-cmd --zone=public --add-port=30000-30999/tcp --permanent 
[root@localhost taotao]# firewall-cmd --reload

This allows you to upload files using the ftp server.

Related articles: