Install vsftpd
yum install vsftpd When "Complete!" appears, the installation is completed.
Configure Vsftpd
After installation, we need to configure it before it can be used normally.
Edit vsftpd's configuration file /etc/vsftpd/
Find "anonymous_enable=YES" in the configuration file, change "YES" to "No", and disable anonymous login.
Read the effective configuration: cat /etc/vsftpd/ |grep ^[^#]
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YESStart the vsftpd service. service vsftpd start
Add automatic startup, chkconfig vsftpd on
Not sure if the startup item has been added, you can run chkconfig -list to view it
Add a user
Set up an FTP user account. After the setup is successful, you can log in to the FTP server through this account.
(1) Set the account of the FTP user, for example, the account is "ftpuser1", the directory is /home/ftpuser1, and the settings do not allow login through ssh.
useradd -d /home/ftpuser1 -s /sbin/nologin ftpuser1(2) Set the password corresponding to the account, for example, the password is "ftpuser1".
passwd ftpuser1Modify the pam configuration
Modify the pam configuration of vsftpd so that users can connect to the cloud server through the FTP user account and password they set themselves.
(1) Modify the pam.
vi /etc//vsftpdThe content is modified to:
#%PAM-1.0
auth required /lib64/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib64/security/pam_unix.so shadow nullok
auth required /lib64/security/pam_shells.so
account required /lib64/security/pam_unix.so
session required /lib64/security/pam_unix.so(2) Confirm whether the modified file is correct.
[root@VM_250_202_tlinux ~]# cat /etc//vsftpd #%PAM-1.0
auth required /lib64/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib64/security/pam_unix.so shadow nullok
auth required /lib64/security/pam_shells.so
account required /lib64/security/pam_unix.so
session required /lib64/security/pam_unix.so(3) Restart the vsftpd service to make the modification take effect.
service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]Configure chroot in vsftpd server
In the default settings of the vsftpd server, local users can switch to directories other than the home directory for browsing and accessing, which is not very safe for the server, because any user can browse other users' private information at any time. The following describes how to use the chroot option to prevent this from happening.
Options related to this function mainly include:
chroot_local_user
chroot_list_enable
chroot_list_file
You can set chroot in the following two ways to prevent the above unsafe situations:
(1) Set all local users to execute chroot. As long as the chroot_local_user value in /etc/vsftpd/ file is set to YES, that is, chroot_local_user=YES.
(2) Set the specified user to execute chroot, and set it according to the following method:
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_listAfter setting, only the user specified in the /etc/vsftpd.chroot_list file can execute the chroot command.
In the process of using the FTP service, the service can be made on a non-standard port (not port 21). However, to complete this work, the vsftpd server must be run in an independent startup mode, and the vsftpd main configuration file /etc/vsftpd/ must be configured, and the listen_port=10003 or other port number option is added to the file, and then the vsftpd daemon must be restarted:
service vsftpd restart