Detailing the ftp environment configuration solution (vsftpd)

1. Install vsftpd components

Installation command: [root @ink4t ~]# sudo ES9en-ES10en install vsftpd

After the installation, there are/etc vsftpd/vsftpd conf file, is vsftp configuration file.

2. Add 1 ftp user

This user is used to log in to the ftp server.

[root@ink4t ~]# useradd ftpuser 

So once a user is done, you can log in with this, remember to log in with normal instead of anonymous. The default path after login is /home/ftpuser

3. Add password to ftp user

[root@ink4t ~]# passwd ftpuser

Enter your password twice and then change it.

4. Firewall opens port 21

Because ftp defaults to port 21 and centos defaults to not being turned on, the iptables file is modified

[root@ink4t ~]# vi /etc/sysconfig/iptables 

We have 22-ES52en ACCEPT one more line up below and type in the same line, just replace 22 with 21, and then: wq save.

Again, restart iptables

[root@ink4t ~]# service iptables restart

5. Modify the configuration file ES62en.conf

Anonymous user access is allowed and the directory for anonymous users is restricted to /home/ftpuser

anonymous_enable=YES 
anon_root=/home/ftpuser

Note here, /home/ftp directory, can not have w permissions, this is a read-only directory, if the error will be reported. Modify permissions can be used

sudo chmod a-w /home/ftpuser

Local users can access it and have write permissions

local_enable=YES 
write_enable=YES

After logging in, the local user is restricted to his/her home directory. At the same time, he/she specifies the user who does not need to limit the directory through the file /etc/ vsftpd.chroot_list (for example, our user1 does not need to limit the directory, so we need to write user1 under the file) and at the same time allows the user to make changes to his/her home directory.

chroot_local_user=YES 
chroot_list_enable=YES 
chroot_list_file=/etc/vsftpd.chroot_list 
allow_writeable_chroot=YES

Enable user list, disable logins for users not in the list (so user1, user2, anonymous, ftp in etc/allowed_users, the last two of which represent anonymous logins)

user_list_enable=YES 
user_list_deny=NO 
userlist_file=/etc/allowed_users

This is a rule of thumb, configured to allegedly avoid 1 error, as described in the references.

seccomp_sandbox=NO

Here, we also noticed that there are two files involved, one is /etc/ vsftpd.es105EN_ES106en, and the other is /etc/allowed_users. We need to create these two files manually after we save them.

[root@ink4t ~]# passwd ftpuser

0

Then in /etc/ vsftpd.es115EN_ES116en the user is not restricted directory, in this example we want to write user1, /etc/allowed_users to allow access to the server users, here is user1, user2, and anonymous users anonymous, ftpuser, note that each line only write 1 user name.