Detailing the ftp environment configuration solution (vsftpd)
- 2021-01-03 21:11:45
- OfStack
1. Install vsftpd components
Installation command: [root @ink4t ~]# sudo ES9en-ES10en install vsftpd
After the installation, there are/etc vsftpd/vsftpd conf file, is vsftp configuration file.
2. Add 1 ftp user
This user is used to log in to the ftp server.
[root@ink4t ~]# useradd ftpuser
So once a user is done, you can log in with this, remember to log in with normal instead of anonymous. The default path after login is /home/ftpuser
3. Add password to ftp user
[root@ink4t ~]# passwd ftpuser
Enter your password twice and then change it.
4. Firewall opens port 21
Because ftp defaults to port 21 and centos defaults to not being turned on, the iptables file is modified
[root@ink4t ~]# vi /etc/sysconfig/iptables
We have 22-ES52en ACCEPT one more line up below and type in the same line, just replace 22 with 21, and then: wq save.
Again, restart iptables
[root@ink4t ~]# service iptables restart
5. Modify the configuration file ES62en.conf
Anonymous user access is allowed and the directory for anonymous users is restricted to /home/ftpuser
anonymous_enable=YES
anon_root=/home/ftpuser
Note here, /home/ftp directory, can not have w permissions, this is a read-only directory, if the error will be reported. Modify permissions can be used
sudo chmod a-w /home/ftpuser
Local users can access it and have write permissions
local_enable=YES
write_enable=YES
After logging in, the local user is restricted to his/her home directory. At the same time, he/she specifies the user who does not need to limit the directory through the file /etc/ vsftpd.chroot_list (for example, our user1 does not need to limit the directory, so we need to write user1 under the file) and at the same time allows the user to make changes to his/her home directory.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
Enable user list, disable logins for users not in the list (so user1, user2, anonymous, ftp in etc/allowed_users, the last two of which represent anonymous logins)
user_list_enable=YES
user_list_deny=NO
userlist_file=/etc/allowed_users
This is a rule of thumb, configured to allegedly avoid 1 error, as described in the references.
seccomp_sandbox=NO
Here, we also noticed that there are two files involved, one is /etc/ vsftpd.es105EN_ES106en, and the other is /etc/allowed_users. We need to create these two files manually after we save them.
[root@ink4t ~]# passwd ftpuser
0
Then in /etc/ vsftpd.es115EN_ES116en the user is not restricted directory, in this example we want to write user1, /etc/allowed_users to allow access to the server users, here is user1, user2, and anonymous users anonymous, ftpuser, note that each line only write 1 user name.