Build FTP server under CentOS

vsftpd is a well-known FTP server under Linux. Of course, this is the first choice when building an FTP server.

This article introduces the process of installing vsftpd and configuring virtual users to log in to FTP under CentOS 6.4.

Text:

One: Install vsftpd

Check whether vsftpd has been installed

rpm -qa | grep vsftpd
#如果没有，就安装，并设置开机启动
yum -y install vsftpd
chkconfig vsftpd on

Two: Configuration based on virtual users

So-called A virtual user is one who does not use a real account, but only for the purpose of mapping to a real account and setting permissions. Virtual users cannot log in to the CentOS system.

Modify the configuration file

Open /etc/vsftpd/vsftpd.conf and make the following configuration

anonymous_enable=NO #设定不允许匿名访问
local_enable=YES #设定本地用户可以访问。注：如使用虚拟宿主用户，在该项目设定为NO的情况下所有虚拟用户将无法访问
chroot_list_enable=YES #使用户不能离开主目录
ascii_upload_enable=YES
ascii_download_enable=YES #设定支持ASCII模式的上传和下载功能
pam_service_name=vsftpd #PAM认证文件名。PAM将根据/etc/pam.d/vsftpd进行认证
以下这些是关于vsftpd虚拟用户支持的重要配置项，默认vsftpd.conf中不包含这些设定项目，需要自己手动添加
guest_enable=YES #设定启用虚拟用户功能
guest_username=ftp #指定虚拟用户的宿主用户，CentOS中已经有内置的ftp用户了
user_config_dir=/etc/vsftpd/vuser_conf #设定虚拟用户个人vsftp的CentOS FTP服务文件存放路径。存放虚拟用户个性的CentOS FTP服务文件(配置文件名=虚拟用户名
进行认证
chroot_list_file=/etc/vsftpd/vuser_passwd.txt

First, install the Berkeley DB tool. Many people cannot find the problem of db_load This package is just not installed.

yum install db4 db4-utils

Then, create the user password text /etc/vsftpd/vuser_passwd.txt. Note that the odd lines are the user name and the even lines are the password.

test
123456

Then, generate the db file for virtual user authentication

db_load -T -t hash -f /etc/vsftpd/vuser_passwd.txt /etc/vsftpd/vuser_passwd.db

Then, edit the authentication file /etc/pam.d/vsftpd, comment out all the original statements, and add the following two sentences:

auth required pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required pam_userdb.so db=/etc/vsftpd/vuser_passwd

Finally, create the virtual user configuration file

mkdir /etc/vsftpd/vuser_conf/
vi /etc/vsftpd/vuser_conf/test  #文件名等于vuser_passwd.txt里面的账户名，否则下面设置无效
内容如下
local_root=/ftp/www  #虚拟用户根目录,根据实际情况修改
write_enable=YES
anon_umask=022 #掩码
anon_world_readable_only=NO 
anon_upload_enable=YES 
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Set Selinux (if your selinux is turned on)

setsebool -P ftp_home_dir=1   #设置ftp可以使用home目录
sersebool -P allow_ftpd_full_access=1   #设置ftp用户可以有所有权限

Set FTP root directory permissions

mkdir /ftp/www   #创建目录
chmod R 755 /ftp
chmod R 777 /ftp/www

The latest vsftpd requires no write permissions on the home directory, so ftp is 755, then set 777 permissions on the subdirectories under the main directory

Set up the firewall

Open /etc/sysconfig/iptables

In "-A INPUT –m state --state NEW –m tcp –p –dport 22 –j ACCEPT”, add:

-A INPUT m state --state NEW m tcp p dport 21 j ACCEPT

Then save and close the file, run the following command in the terminal to refresh the firewall configuration:

service iptables restart

OK, run "service vsftpd start" and you can access your FTP server.

Configure PASV mode

vsftpd does not enable PASV mode by default. Now FTP can only be connected through PORT mode. To enable PASV by default, you need to open /etc/ through the following configuration

vsftpd/vsftpd.conf, add

pasv_enable=YES   #开启PASV模式
pasv_min_port=40000   #最小端口号
pasv_max_port=40080   #最大端口号
pasv_promiscuous=YES

at the end and open ports 40000 to 40080 in the firewall configuration

-A INPUT m state --state NEW m tcp p dport 40000:40080 j ACCEPT

Restart iptabls and vsftpd

service iptables restart
service vsftpd restart

Now you can use PASV mode to connect to you FTP server~

Common errors:

Question 1:

But after I followed the configuration steps, I found that it was

530 every time Login incorrect

After searching around, I found that I created vsftpd.vu for verification in the root directory of etc, instead of /etc/pam.d/vsftpd.vu

Question 2 ：

I modified the above problem, but still can’t log in, prompting me:

500 OOPS:bad bool value in config file for:anon_world_readable_only

I googled and found someone It is said that there cannot be spaces at the end of the configuration file. When I open my own configuration file, I see that there are several spaces at the end of the entire file, not just at the end of the anon_world_readable_only line. Alas, be careful when copying and pasting configurations from web pages.

Question 3:

500 OOPS: vsftpd: cannot locate user specified in 'guest_username': aaA

This question is very strange. In the end, it was found that it was a problem with the final case. It should be 'aaa'

So pay attention to the details, it is very simple to install the above steps

The above is the detailed content of Build FTP server under CentOS. For more information, please follow other related articles on the PHP Chinese website!