Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Specific steps for CentOS 7 to install vsftpd server

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Install the ftp server on CentOS7 to save the pictures uploaded by the server.

1. The method of uninstalling vsftpd by CentOS

If the vsftpd service is already installed on the server, the configuration error requires you to uninstall the vsftpd service.

1.1 find vsftpd services

[root@localhost /] # rpm-aq vsftpd

The returned result shows:

Vsftpd-3.0.2-21.el7.x86_64 # here is the result of finding vsftpd

Indicates that the vsftpd service has been installed before this service period.

1.2 Delete found vsftpd service

Note: stop vsftpd before uninstalling vsftpd

[root@localhost /] # / sbin/service vsftpd stop

Uninstall vsftpd:

[root@localhost /] # rpm-e vsftpd-3.0.2-21.el7.x86_64

The returned result shows:

Warning: / etc/vsftpd/vsftpd.conf saved as / etc/vsftpd/vsftpd.conf.rpmsave # the user list file of vsftp will be backed up when deleted

1.3 enter a validation command to verify that the vsftpd service has been deleted

[root@localhost /] # / sbin/service vsftpd stopRedirecting to / bin/systemctl stop vsftpd.serviceFailed to stop vsftpd.service: Unit vsftpd.service not loaded. # can't find vsftpd [root @ localhost /] # / sbin/service vsftpd startRedirecting to / bin/systemctl start vsftpd.serviceFailed to start vsftpd.service: Unit not found. # vsftpd not found

If neither of the above commands shows that the vsftpd service can be found, it proves that the uninstall has been successful.

2. Install vsftpd components

[root@localhost /] # yum-y install vsftpd

2.1 start ftp

[root@localhost home] # systemctl start vsftpd.service

2.2 release port 21

[root@localhost /] # firewall-cmd-- zone=public-- add-port=21/tcp-- permanent [root@localhost /] # firewall-cmd-reload

3. Detailed configuration of vsftpd service

3.1 turn off anonymous users

[root@localhost vsftpd] # vim / etc/vsftpd/vsftpd.conf

Modify the following three items in the vsftpd.conf configuration file:

Anonymous_enable=NO#anon_upload_enable=YES#anon_mkdir_write_enable=YES

Then restart the ftp service:

[root@localhost vsftpd] # systemctl restart vsftpd.service

After restarting through configuration, anonymous users can no longer log in.

3.2 establish a ftp virtual hosting account

Create a new user who cannot log in to the system. It is only used to log in to the ftp service, if the user directory is not set here. The default is under home:

[root@localhost vsftpd] # useradd ftpuser-s / sbin/nologin

Set the password for the ftpuser user:

[root@localhost /] # passwd ftpuser

3.3View the status of ftp

[root@localhost /] # getsebool-a | grep ftp

Display the results:

Ftpd_anon_write-- > offftpd_connect_all_unreserved-- > offftpd_connect_db-- > offftpd_full_access-- > offftpd_use_cifs-- > offftpd_use_fusefs-- > offftpd_use_nfs-- > offftpd_use_passive_mode-- > offhttpd_can_connect_ftp-- > offhttpd_enable_ftp_server-- > offtftp_anon_write-- > offtftp_home_dir-- > off

Set the above two red states to on:

[root@localhost vsftpd] # setsebool-P allow_ftpd_full_access on [root@localhost vsftpd] # setsebool-P tftp_home_dir on

3.4 configure vsftpd.conf

Restrict system users from locking in the / home/ftpuser directory

If set to

Chroot_local_user=YESchroot_list_enable=YES (this line may not have, can also have) chroot_list_file=/etc/vsftpd.chroot_list

Then, all the users added to the file vsftpd.chroot_list are unlimited users.

That is, you can browse the parent directory of its home directory.

So, if you do not want a user to be able to browse the contents of the parent directory of his home directory, you can set it as above, and then in the

The user is not added to the file vsftpd.chroot_list (at this point, all users in the file can browse to a directory other than their home directory).

Or, the settings are as follows

Chroot_local_user=NOchroot_list_enable=YES (this line must be present, otherwise the file vsftpd.chroot_list will not work) chroot_list_file=/etc/vsftpd.chroot_list

Then add all users who do not want this permission to browse each directory above their home directory to the file vsftpd.chroot_list (at this point, users in the file are not allowed to browse directories outside their home directory)

You can (one user name per line).

[root@localhost vsftpd] # vim / etc/vsftpd/vsftpd.conf

There are two options here. I use the second one, and the configuration is as follows:

Chroot_local_user=NOchroot_list_enable=YES # (this line must be present, otherwise the file vsftpd.chroot_list will not work) chroot_list_file=/etc/vsftpd/chroot_list

Default chroot_list does not exist

[root@localhost vsftpd] # vim / etc/vsftpd/chroot_list

Then add ftpuser, which means that only ftpuser cannot access the parent directory, and restart vsftpd.

3.5 modify permissions

Modify the permission of / home/ftpuser to be unwritable

[root@localhost vsftpd] # chmod Amurw / home/ftpuser/taotao

This is because we changed the permissions of the / home/ftpuser/taotao file to be unwritable, so we created an images folder in this directory to upload the file. And assign permissions to ftpuser users

[root@localhost taotao] # mkdir images [root@localhost images] # chown ftpuser images

4. Enable PASV (passive mode)

Add at the bottom of / etc/vsftpd/vsftpd.conf

Pasv_enable=YESpasv_min_port=30000pasv_max_port=30999

And add after the userlist_enable=YES file

Userlist_deny=NOuserlist_file=/etc/vsftpd/user_list

Turn on the firewall:

[root@localhost taotao] # firewall-cmd-zone=public-add-port=30000-30999/tcp-permanent [root@localhost taotao] # firewall-cmd-reload

This allows you to upload files using the ftp server.

The above CentOS 7 installation of vsftpd server specific operating steps is the editor to share with you all the content, I hope to give you a reference, but also hope that you support more.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report