CentOS7安装配置Vsftpd服务器(yum方式安装)

最新推荐文章于 2024-05-04 23:38:00 发布
最新推荐文章于 2024-05-04 23:38:00 发布
阅读量4k 收藏 23
点赞数 3
分类专栏: Linux 文章标签: 服务器 linux 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_51004248/article/details/126333999
版权

目录

Vsftpd服务器安装配置

Vsftpd匿名用户配置

Vsftpd系统用户配置

 Vsftpd虚拟用户配置

Vsftpd服务器安装配置

Vsftpd服务器端安装有两种方法:一是基于YUM方式安装;二是基于源码编译安装,最终实现效果完全一样,本文采用YUM安装Vsftpd,具体步骤如下:

1)在shell命令行执行如下命令(安装前要保证主机可以ping通linux)

yum install vsftpd* -y

2)Vsftpd.conf配置文件详解:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# 开启匿名用户访问
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
# 启动本地系统用户访问
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
# 本地系统用户写入权限
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# 本地用户创建文件及目录默认权限掩码
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# 打印目录显示信息,通常用于用户第一次访问目录时,信息提示
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
# 启用上传/下载日志记录
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# 使用20端口进行数据传输
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
# 日志文件将根据xferlog的标准格式写入
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
# vsftpd以独立模式运行并侦听IPv4套接字。如果为NO,则Vsftpd不以独立的服务启动,通过Xinetd服务。建议改为YES
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
# 不启动IPv6监听。确保其中一个侦听选项已被注释!!如果您想要这样做(可能是因为您想要监听特定地址),那么您必须使用两个配置文件运行两个vsftpd副本。
listen_ipv6=NO

# 登录FTP服务器,依据/etc/pam.d/vsftpd中的内容进行认证
pam_service_name=vsftpd
# vsftpd.user_list和ftpusers配置文件里用户禁止访问FTP
userlist_enable=YES
# 设置Vsftpd与tcp wrapper结合进行主机的访问控制,Vsftpd服务器检查/etc/hosts.allow和/etc/hosts.deny中的设置来决定请求连接的主机,是否允许访问该FTP服务器
tcp_wrappers=YES

3)Vsftpd安装后查看配置文件路径、启动Vsftpd服务及查看进程是否启动

rpm -ql vsftpd | more
systemctl restart vsftpd.service
ps -ef | grep vsftpd

 4)启动Vsftpd服务后,通过Windows客户端资源管理器访问Vsftpd服务器端

ftp://IP地址/

FTP默认为主动模式,设置为被动模式的方法如下:

pasv_enable=YES
pasv_min_port=60000
pasv_max_port=60100

Vsftpd匿名用户配置

        Vsftpd 默认以匿名用户访问,匿名用户默认访问的 FTP 服务器发布端路径为 /var/ftp/pub ,匿名用户只有查看权限,无法创建、删除、修改。如需关闭 FTP 匿名用户访问,需修改配置文件 /etc/vsftpd/vsftpd.conf ,将 anonymous_enable=YES 修改为 anonymous_enable=NO 下,重启Vsftpd服务即可。

        如果允许匿名用户能够上传、下载、删除文件,需在 /etc/vsftpd/vsftpd.conf 配置文件中加入以下代码,详解如下:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# 开启匿名用户访问
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
# 启动本地系统用户访问
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
# 本地系统用户写入权限
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# 本地用户创建文件及目录默认权限掩码
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#允许匿名用户上传文件
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#允许匿名用户创建文件
anon_mkdir_write_enable=YES
#
#允许匿名用户其他写入权限
anon_other_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# 打印目录显示信息,通常用于用户第一次访问目录时,信息提示
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
# 启用上传/下载日志记录
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# 使用20端口进行数据传输
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
# 日志文件将根据xferlog的标准格式写入
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
# vsftpd以独立模式运行并侦听IPv4套接字。如果为NO,则Vsftpd不以独立的服务启动,通过Xinetd服务。建议改为YES
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
# 不启动IPv6监听。确保其中一个侦听选项已被注释!!如果您想要这样做(可能是因为您想要监听特定地址),那么您必须使用两个配置文件运行两个vsftpd副本。
listen_ipv6=NO

# 登录FTP服务器,依据/etc/pam.d/vsftpd中的内容进行认证
pam_service_name=vsftpd
# vsftpd.user_list和ftpusers配置文件里用户禁止访问FTP
userlist_enable=YES
# 设置Vsftpd与tcp wrapper结合进行主机的访问控制,Vsftpd服务器检查/etc/hosts.allow和/etc/hosts.deny中的设置来决定请求连接的主机,是否允许访问该FTP服务器
tcp_wrappers=YES

        由于默认Vsftpd匿名用户有两种:anonymous、ftp,所以匿名用户如果需要上传文件、删除及修改等权限,需要 Vsftpd 用户对 /etc/ftp/pub 目录有写入权限,使用 chown 和 chmod 任意一种命令均可设置权限,具体设置命令如下:

cd /var/ftp
chown -R ftp pub/
chmod 777 pub/

         做到这里,执行 ls 命令时,出现425错误,需要关闭 Windows 的防火墙。尝试去创建文件,但是都提示 550 错误。查阅发现是SELinux(Security-Enhanced Linux----是美国国家安全局对于强制访问控制的实现, 是Linux 上最杰出的新安全子系统。)安装机制搞的鬼。只要disable SELinux就可以了。

vim /etc/selinux/config

        不想重启就执行以下命令: 

setenforce 0

        如上 Vsftpd.conf 配置完毕,同时权限设置完毕,重启 Vsftpd 服务即可,通过 Windows 客户端访问,能够上传文件、删除文件、创建目录等操作。 

systemctl restart vsftpd.service

        使用 cmd 打开,用 ftp 用户登录,没有密码,直接回车即可。

        使用 cmd put上传文件时,如果出现 553 错误,则 vim /etc/vsftpd/vsftpd.conf ,将 ocal_umask=022 改为 ocal_umask=002。因为当你设置为775时, 文件夹是被设置为7+(7-2)+(5-2)=753,你需要将locla_umask设置为002, 然后再重新指定文件夹的权限为775才可以解决这个问题。修改完之后需要重新启动 Vsftpd 服务。

 

         可以删除文件,但是不能删除目录!

Vsftpd系统用户配置

         Vsftpd匿名用户设置完毕,任何人都可以查看 FTP 服务端的文件、目录,甚至可以修改、删除文件和目录,如何存放私密文件在 FTP 服务器端,并保证文件或目录专属于拥有者呢?Vsftpd系统用户可以实现该需求,解决上诉问题。

        实现 Vsftpd 系统用户方式验证,只需在 Linux 系统中创建多个用户即可,创建用户使用 useradd 指令,同时给用户设置密码,即可通过用户和密码登录 FTP,进行文件上传、下载、删除等操作。Vsftpd 系统用户实现方法步骤如下:

1)Linux 系统中创建系统用户 aaa、bbb,分别设置密码为123456。

使用 echo 方式来重置Linux 系统用户密码,--stdin 这个选项用于从标准输入管道读入新的密码。这种方式虽然简单,但是通过history命令可以查到用户的密码,所以不安全。

useradd aaa
useradd bbb
echo 123456 | passwd --stdin aaa
echo 123456 | passwd --stdin bbb

 2)修改 vsftpd.conf 配置文件如下:(关闭了匿名用户的所有权限)

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# 关闭匿名用户访问
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
# 启动本地系统用户访问
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
# 本地系统用户写入权限
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# 本地用户创建文件及目录默认权限掩码
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# 打印目录显示信息,通常用于用户第一次访问目录时,信息提示
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
# 启用上传/下载日志记录
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# 使用20端口进行数据传输
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
# 日志文件将根据xferlog的标准格式写入
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
# vsftpd以独立模式运行并侦听IPv4套接字。如果为NO,则Vsftpd不以独立的服务启动,通过Xinetd服务。建议改为YES
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
# 不启动IPv6监听。确保其中一个侦听选项已被注释!!如果您想要这样做(可能是因为您想要监听特定地址),那么您必须使用两个配置文件运行两个vsftpd副本。
listen_ipv6=NO

# 登录FTP服务器,依据/etc/pam.d/vsftpd中的内容进行认证
pam_service_name=vsftpd
# vsftpd.user_list和ftpusers配置文件里用户禁止访问FTP
userlist_enable=YES
# 设置Vsftpd与tcp wrapper结合进行主机的访问控制,Vsftpd服务器检查/etc/hosts.allow和/etc/hosts.deny中的设置来决定请求连接的主机,是否允许访问该FTP服务器
tcp_wrappers=YES

 3)重启 Vsftpd 服务,通过 Windows 资源客户端验证,使用 aaa、bbb 用户登录 FTP 服务器,即可上传文件、删除文件、下载文件,aaa、bbb系统用户上传文件的家目录在 /home/aaa、/home/bbb下。

systemctl restart vsftpd.service

 Vsftpd虚拟用户配置

        Vsftpd 基于系统用户访问 FTP 服务器,系统用户越多越不利于管理,而且不利于系统安全,为了能更安全使用 Vsftpd,可以使用 Vsftpd 虚拟用户方式。

        Vsftpd 虚拟用户原理为虚拟用户没有实际的真实系统用户,而是通过映射到其中一个真实用户以及设置相应的权限来实现访问验证,虚拟用户不能登录 Linux 系统,从而让系统更加的安全。

        Vsftpd 虚拟用户企业案例配置步骤如下:

        1)安装 Vsftpd 虚拟用户需要用到的软件以及认证模块。

yum install pam* libdb-utils libdb* --skip-broken -y

        2)创建虚拟用户临时文件 /etc/vsftpd/ftpusers.txt,新建虚拟用户和密码,其中test1、test2为虚拟用户名,123456为密码,如果有多个用户,依此格式填写即可。

test1
123456
test2
123456

        3)生成 Vsftpd 虚拟用户数据库认证文件,设置权限为700。

保存虚拟帐号和密码的文本文件无法被系统帐号直接调用。我们需要使用db_load 命令生成db

数据库文件

db_load -T -t hash -f /etc/vsftpd/ftpusers.txt /etc/vsftpd/vsftpd_login.db
chmod 700 /etc/vsftpd/vsftpd_login.db

选项-T允许应用程序能够将文本文件转译载入进数据库。

-t hash使用hash码加密

-f 指定包含用户名和密码文本文件。此文件格式要示:奇数行用户名、偶数行密码

        4)配置 PAM 认证文件,/etc/pam.d/vsftpd 行首加入如下两行代码,其他注释掉:

auth       required pam_userdb.so   db=/etc/vsftpd/vsftpd_login
account    required pam_userdb.so   db=/etc/vsftpd/vsftpd_login

        5)Vsftpd 虚拟用户需要映射到一个系统用户,该系统用户不需要密码,也不需要登录,主要用于虚拟用户映射使用,创建用户命令如下:

useradd -s /sbin/nologin ftpuser

         👉这里我还修改了 /etc/shells,因为原本的 /etc/shells 没有 /sbin/nologin

        6)完整的 vsftpd.conf 配置文件如下:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
#anon_other_write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

#虚拟用户启动pam认证
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
#启用虚拟用户
guest_enable=YES
#映射虚拟用户至系统用户ftpuser
guest_username=ftpuser
#设置虚拟用户配置文件所在的目录
user_config_dir=/etc/vsftpd/vsftpd_user_conf
#虚拟用户使用本地用户相同的权限
virtual_use_local_privs=YES

        7)至此,所有虚拟用户共同使用 /home/ftpuser 主目录实现文件上传与下载,可以在 /etc/vsftpd/vsftpd_user_conf 目录创建虚拟用户各自的配置文件,创建虚拟用户配置文件主目录,代码如下:

mkdir -p /etc/vsftpd/vsftpd_user_conf

        8)以下分别为虚拟用户 test1、test2 创建配置文件。

vim /etc/vsftpd/vsftpd_user_conf/test1
#test1虚拟用户配置文件路径
local_root=/home/ftpuser/test1
#允许登陆用户有写权限
write_enable=YES
#允许匿名用户下载,然后读取文件
anon_world_readable_only=YES
#允许匿名用户上传文件权限,只有在write_enable=YES时该参数才生效
anon_upload_enable=YES
#允许匿名用户创建目录,只有在write_enable=YES时该参数才生效
anon_mkdir_write_enable=YES
#允许匿名用户其他权限,例如删除、重命名等。
anon_other_write_enable=YES

        

vim /etc/vsftpd/vsftpd_user_conf/test2
#test1虚拟用户配置文件路径
local_root=/home/ftpuser/test2
#允许登陆用户有写权限
write_enable=YES
#允许匿名用户下载,然后读取文件
anon_world_readable_only=YES
#允许匿名用户上传文件权限,只有在write_enable=YES时该参数才生效
anon_upload_enable=YES
#允许匿名用户创建目录,只有在write_enable=YES时该参数才生效
anon_mkdir_write_enable=YES
#允许匿名用户其他权限,例如删除、重命名等。
anon_other_write_enable=YES

        9)创建虚拟用户各自虚拟目录,代码如下:

mkdir -p /home/ftpuser/{test1,test2}
chown -R ftpuser:ftpuser /home/ftpuser/

        10)重新启动 Vsftpd 服务,通过 Windows 客户端资源管理器登录 Vsftpd 服务端

systemctl restart vsftpd.service

         没有安装 lftp 可以通过如下命令安装

yum install lftp -y

加啊啊啊啊零
关注
  • 3
    点赞
  • 23
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
linux linux安装vsftp
mqingo的博客
01-07 4033
1.首先检查当前环境下是否已经安装对应ftp软件 rpm -qa|grep vsftp 如果已经安装可以可以出现ftp对应版本信息,未安装则无回显 2.安装VSFTP软件,可以使用yum方式rpm包方式安装(对应资源可在系统光盘package包下) yum install vsftpd -y   3.创建对应ftp用户与对应目录 groupadd ftpuser useradd...
Centos7.9安装配置vsftpd
09-28
CentOS 7.9 安装配置 vsftpd 在本文中,我们将详细介绍如何在 CentOS 7.9 上安装配置 vsftpd,以实现匿名用户的上传和下载操作。 一、关闭防火墙 在配置 vsftpd 之前,需要关闭防火墙,以免防火墙的限制导致-...
Centos7 安装配置 FTP 服务器vsftpd
on the way . . .
03-10 3528
目录Background1、安装2、修改配置 `/etc/vsftpd/vsftpd.conf`3、配置虚拟用户文件 `/etc/vsftpd/virtusers`4、生成用户数据文件5、修改配置文件 `/etc/pam.d/vsftpd`6、新建系统用户`vsftpd`,配置用户目录7、新建虚拟用户 `wlf` 配置文件8、配置用户 `wlf` 根目录9、重启`vsftpd`服务器10、使用ftp工具连接测试11、增添用户等自动化脚本 Background 安装记录,方便以后自己使用。 1、安装 #安
centos7安装vsftpd(FTP服务)
最新发布
2201_75294326的博客
05-04 852
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。深知大多数初中级Android工程师,想要提升技能,往往是自己摸索成长,自己不成体系的自学效果低效漫长且无助。因此收集整理了一份《2024年Web前端开发全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友,同时减轻大家的负担。既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上Android开发知识点!
CentOS7服务器环境下vsftpd安装配置方法
很酷的站长的博客
12-18 1359
坚信vsftp安装后不对/etc/vsftpd/vsftpd.conf做任何修改就可以通过新建的Linux用户(本地用户)访问下载和上传文件。本文实例讲述了CentOS7服务器环境下vsftpd安装配置方法。解决办法:/etc/pam.d/下面的vsftpd里面的/lib 修改为/lib64。添加30000端口为被动模式用,如果要开户主动模式则需要添加20端口。1、想当然给 ftp用户 /var/ftp/目录 权限出现下面问题。添加test1本地帐户,下面是用业查询本地帐号,及黑名单。
yum install vsftpd
weixin_47128888的博客
09-10 1506
背景: CentOs7 yum仓库配置均为默认(是国外源) 尝试部署独立服务vsftp的过程中,用yum命令(yum install vsftpd安装vsftpd,遇到 【errno256,no more mirrors to try】 【ernno14,could not resolve host】 思路: 上网搜索解决方法 参考网址:http://www.mamicode.com/info-detail-1425423.html http://lisea.blog.51cto.com/5491873
网络文件共享服务及YUM仓库服务器搭建
x74188的博客
08-08 352
cachedir=/var/cache/yum/$basearch/$releasever //yum下载的RPM包的缓存目录 $basearch代表硬件架构 $releasever系统版本比如7。[root@heitui yum.repos.d]#mv *.repo bak/ #将所有源移动到新文件夹中,减少对本地源的影响。[root@heitui ~]#cd /etc/yum.repos.d/ #切换到仓库文件夹中。
FTP服务器安装配置
云计算
06-27 4787
FTP的安装配置 安装前准备 vsftpdlinux下的一款小巧轻快,安全易用的FTP服务器软件,是一款在各个Linux发行版中最受推崇的FTP服务器软件。 1.安装vsftpd,直接yum 安装就可以了 yum install -y vsftpd 出现下图表示安装成功。 2.相关配置文件: cd /etc/vsftpd /etc/vsftpd/vsftpd.conf //主配置文件,核心配置文件 /etc/vsftpd/ftpusers //黑名单,这个里
debian安装ftp服务器
程序狗的成长之路
11-23 5902
1: 安装vsftpd #aptitude install vsftpd 2:配置 vsftpd #vim /etc/vsftpd.conf [cpp] view plain copy # 服务器以standalong模式运行,这样可以进行下面的控制  listen=YES  # 接受匿名用户  anonymous_enable=YES  # 匿名用户l
Centos7安装配置FTP服务器(vsftpd)
01-09
1. 安装vsftpd最新版 [lidengyin@ldy ~]$ sudo yum -y install vsftpd 2. 在根目录下新建一个文件夹ftpfile [lidengyin@ldy /]$ sudo mkdir ftpfile 4. 添加vsftpd虚拟用户,使用上面的ftpfile作为根目录,无登录...
阿里云ECS服务器Linux CentOS7安装配置vsftpd
01-20
阿里云ECS服务器Linux CentOS7安装配置vsftpd 1. 查看是否安装vsftp rpm –qa|grep vsftpd 2. 安装vsftp yum -y install vsftpd 3. 配置vsftpd服务 vim /etc/vsftpd/vsftpd.conf 按 i 键进入编辑模式 vsftpd.conf ...
CentOS8.0 安装配置ftp服务器的实现方法
09-14
本文将详细介绍如何在CentOS 8.0上安装配置FTP服务器。 首先,我们需要安装FTP服务器软件。在CentOS 8.0中,最常用的FTP服务器软件是vsftpd(Very Secure FTP Daemon)。可以通过以下命令使用YUM包管理器进行安装...
CentOS 7.3 x64系统vsftpd安装配置
chansg1989的专栏
07-23 641
1. 安装vsftpd服务 1)安装前检查系统版本 [root@192168088101_vsftp_server vsftpd]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) 2)vsftpd软件包的安装方式a. 通过yum方式安装ftp服务yum install vsftpd -y b. 通过rpm方式安装下载链接:...
常用CentOS vsftpd安装设置讲解
冷月宫主的专栏
10-08 648
CentOS vsftpd还是比较常用的,于是我研究了一下CentOS vsftpd,在这里拿出来和大家分享一下,希望对大家有用。这里讲解介绍centos vsftpd的设置。CentOS Linux与RHEL产品有着严格的版本对应关系,例如使用RHEL 4源代码重新编译发布的是
CentOS7安装配置vsftpd
david's Blog
11-30 5380
本文介绍了在CentOS7安装FTP服务器vsFTPd安装配置
Centos7 vsftpd安装配置以及使用 阿里云
悟能的师兄的专栏
01-16 8291
一、vsftpd简介 FTP,File transfer protocol的缩写,中文叫文本传输协议,是用于在网络上进行文件传输的一套标准协议,属于网络传输协议的应用层。注意,它是协议,不是软件,今天搭建的vsftpd是基于FTP开发的一套程序,也是一款在Linux发行版中最受推崇的FTP服务器程序,特点是小巧轻快,安全易用。 二、安装vsftpd 1:安装vsftpd [root@iZb...
centos7安装配置vsftp
dwSun的博客
03-15 1127
centos7安装配置vsftp #blog 安装 ftp yum -y install vsftpd 修改防火墙开放 ftp 端口 firewall-cmd --add-service=ftp --permanent # 开放 ftp 端口 systemctl restart firewalld # 重启防火墙 配置 selinux 允许 ftp 访问 home 和外网访问 setsebool -P allow_ftpd_full_access on setsebool -P tftp_home_di
终于搞定阿里云ftp的问题
热门推荐
iRudder的专栏
11-09 3万+
感谢原文作者!!! 1--卸载 查看当前服务器中的vsftpd rpm -qa|grep vsftpd  例如结果为:vsftpd-2.2.2-13.el6_6.1.x86_64 执行卸载 rpm -e vsftpd-2.2.2-13.el6_6.1.x86_64 返回:卸载时自动备份vsftp的用户列表文件 warning: /etc/vsftpd/vsftpd.conf
centos7配置vsftpd
08-29
要在CentOS 7上配置vsftpd,您可以按照以下步骤进行操作: 1. 首先,检查您的系统是否已安装vsftpd。您可以使用以下命令来确认: ``` rpm -qa | grep vsftpd ``` 如果显示类似vsftpd-3.0.2-10.el7.x86_64的输出,则表示已经安装成功。 2. 如果未安装vsftpd,可以使用yum命令进行安装: ``` yum install -y vsftpd ``` 3. 安装完成后,您可以进行一些配置。您可以通过编辑配置文件/etc/vsftpd/vsftpd.conf来修改vsftpd的设置: ``` vi /etc/vsftpd/vsftpd.conf ``` 在此文件中,您可以配置各种选项,如允许匿名访问、设置FTP根目录、启用SSL等。根据您的需求进行相应的配置。 4. 确保以下两个参数设置为"on",以使vsftpd具有访问FTP根目录和文件传输等权限: ``` ftp_home_dir=on allow_ftpd_full_access=on ``` 您可以使用以下命令设置这两个参数: ``` setsebool -P tftp_home_dir 1 setsebool -P allow_ftpd_full_access 1 ``` 5. 配置完成后,可以启动vsftpd服务并设置开机自启动: ``` systemctl start vsftpd systemctl enable vsftpd ``` 现在,您已经成功地在CentOS 7上配置vsftpd。您可以使用FTP客户端进行连接和访问。请确保您的防火墙已正确配置,以允许FTP流量通过。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* [CentOS 7 安装FTP服务器vsftpd)](https://blog.csdn.net/kxwinxp/article/details/78595044)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] - *2* *3* [CentOS7 搭建vsftpd详细教程](https://blog.csdn.net/m0_37797991/article/details/73433969)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值