一、安装vsftpd

1.1 检查系统是否已经安装过vsftpd了

 [root@localhost /]# rpm -aq vsftpd

如果返回结果显示:

 vsftpd-3.0.-.el7.x86_64
#此处是查找vsftpd的返回结果

如果提示已安装,但是你之前配置错了,不知道怎么搞,那么进行1.2步骤

1.2 卸载系统目前的vsftpd

停止vsftpd运行:

 [root@localhost /]# /sbin/service vsftpd stop

卸载vsftpd

 [root@localhost /]# rpm -e vsftpd-3.0.-.el7.x86_64

此时系统会返回以下信息

 warning: /etc/vsftpd/vsftpd.conf saved as /etc/vsftpd/vsftpd.conf.rpmsave

接下来直接把上步(系统返回的提示信息)没卸载干净的东西删除

 rm -rf /etc/vsftpd/vsftpd.conf.rpmsave

1.3 验证vsftpd是否卸载干净

 [root@localhost /]# /sbin/service vsftpd stop

 Redirecting to /bin/systemctl stop  vsftpd.service

 Failed to stop vsftpd.service: Unit vsftpd.service not loaded. #找不到vsftpd

 [root@localhost /]# /sbin/service vsftpd start

 Redirecting to /bin/systemctl start  vsftpd.service

 Failed to start vsftpd.service: Unit not found. #找不到vsftpd

1.4 安装vsftpd

 [root@localhost /]# yum -y install vsftpd

1.5 启动vsftpd

 [root@localhost home]# systemctl start vsftpd.service

或者

 [root@localhost home]# service vsftpd restart

1.6 开放端口

 [root@localhost /]# firewall-cmd --zone=public --add-port=/tcp --permanent

 [root@localhost /]# firewall-cmd --reload

注意ftp是21端口,sftp是22端口,也可以自己配置,但是到这一步,我们只需要了解就行,我们接着配置吧

二、分配用户

2.1 在你的linux上新建一个用户,只用来ftp不用来登录服务器

 useradd Marry -s /sbin/nologin -d /var/ftp

上面的意思是,新建一个不用来登录服务器的用户,Marry,并设置他的ftp空间为/var/ftp 目录下。

接下来配置用户Marry的密码:

 passwd Marry  #给Marry用户设置密码

接下来按照提示输入你的密码就好

回过头来,说明下上面两个命令的意思

 /* useradd 使用到3个参数:用户名,-s,-d,三个参数位置可以变动

    Marry是用户名 

   -d 后面跟的是我们要给予Marry的家目录

 */

2.2 设置上面新建用户对文件夹的操作权限

修改/var/ftp的权限为不可写

 [root@localhost vsftpd]# chmod a-w /var/ftp/

这是因为我们在上面将/home/ftpuser/taotao文件的权限改为不可写了,那么我们在这个目录下创建一个images文件夹,用来上传文件。并将权限赋值给 ftpuser 用户

三、vsftpd配置

3.1 限制系统用户锁定在/home/ftpuser目录

如果设置为

chroot_local_user=YES

chroot_list_enable=YES(这行可以没有, 也可以有)

chroot_list_file=/etc/vsftpd.chroot_list

那么, 凡是加在文件vsftpd.chroot_list中的用户都是不受限止的用户

即, 可以浏览其主目录的上级目录.

所以, 如果不希望某用户能够浏览其主目录上级目录中的内容,可以如上设置, 然后在

文件vsftpd.chroot_list中不添加该用户即可(此时, 在该文件中的用户都是可以浏览其主目录之外的目录的).

或者, 设置如下

chroot_local_user=NO

chroot_list_enable=YES(这行必须要有, 否则文件vsftpd.chroot_list不会起作用)

chroot_list_file=/etc/vsftpd.chroot_list

然后把所有不希望有这种浏览其主目录之上的各目录权限的用户添加到文件vsftpd.chroot_list(此时, 在该文件中的用户都是不可以浏览其主目录之外的目录的)

中即可(一行一个用户名).

[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf

这里有两种方案,我采用第二种,配置如下:

chroot_local_user=NO

chroot_list_enable=YES #(这行必须要有, 否则文件vsftpd.chroot_list不会起作用)

chroot_list_file=/etc/vsftpd/chroot_list

默认chroot_list是不存在的

[root@localhost vsftpd]# vim /etc/vsftpd/chroot_list

然后加入 ftpuser ,表示只有ftpuser不能访问上级目录,重启vsftpd。



3.2 开启PASV(被动模式)


在 /etc/vsftpd/vsftpd.conf 的最下面加入




 pasv_enable=YES

 pasv_min_port=

 pasv_max_port=




(提示:如果你处于被动模式,发现登陆上了但是,无法上下载数据,并且提示,无法显示,可能是你防火墙的端口没开,还有你的端口


pasv_min_port是最小的端口,


pasv_max_port是最大的端口,不要写错了,还有,端口开了,要重启防火墙才能生效




并且在userlist_enable=YES文件后面添加 




 userlist_deny=NO

 userlist_file=/etc/vsftpd/user_list




开启防火墙:




[root@localhost taotao]# firewall-cmd --zone=public --add-port=-/tcp --permanent

[root@localhost taotao]# firewall-cmd --reload




3.3 添加用户到


添加用户到chroot_list,等几个文件中


四、最终的vsftpd.conf 文件的配置内容如下:


sz /etc/vsftpd/vsftpd.conf




 # Example config file /etc/vsftpd/vsftpd.conf

 #

 # The default compiled in settings are fairly paranoid. This sample file

 # loosens things up a bit, to make the ftp daemon more usable.

 # Please see vsftpd.conf. for all compiled in defaults.

 #

 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.

 # Please read the vsftpd.conf. manual page to get a full idea of vsftpd's

 # capabilities.

 #

 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).

 anonymous_enable=YES

 #

 # Uncomment this to allow local users to log in.

 # When SELinux is enforcing check for SE bool ftp_home_dir

 local_enable=YES

 #

 # Uncomment this to enable any form of FTP write command.

 write_enable=YES

 #

 # Default umask for local users is . You may wish to change this to ,

 # if your users expect that ( is used by most other ftpd's)

 local_umask=

 #

 # Uncomment this to allow the anonymous FTP user to upload files. This only

 # has an effect if the above global write enable is activated. Also, you will

 # obviously need to create a directory writable by the FTP user.

 # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access

 #anon_upload_enable=YES

 #

 # Uncomment this if you want the anonymous FTP user to be able to create

 # new directories.

 #anon_mkdir_write_enable=YES

 #

 # Activate directory messages - messages given to remote users when they

 # go into a certain directory.

 dirmessage_enable=YES

 #

 # Activate logging of uploads/downloads.

 xferlog_enable=YES

 #

 # Make sure PORT transfer connections originate from port  (ftp-data).

 connect_from_port_20=YES

 #

 # If you want, you can arrange for uploaded anonymous files to be owned by

 # a different user. Note! Using "root" for uploaded files is not

 # recommended!

 #chown_uploads=YES

 #chown_username=whoever

 #

 # You may override where the log file goes if you like. The default is shown

 # below.

 #xferlog_file=/var/log/xferlog

 #

 # If you want, you can have your log file in standard ftpd xferlog format.

 # Note that the default log file location is /var/log/xferlog in this case.

 xferlog_std_format=YES

 #

 # You may change the default value for timing out an idle session.

 #idle_session_timeout=

 #

 # You may change the default value for timing out a data connection.

 data_connection_timeout=

 #

 # It is recommended that you define on your system a unique user which the

 # ftp server can use as a totally isolated and unprivileged user.

 #nopriv_user=ftpsecure

 #

 # Enable this and the server will recognise asynchronous ABOR requests. Not

 # recommended for security (the code is non-trivial). Not enabling it,

 # however, may confuse older FTP clients.

 #async_abor_enable=YES

 #

 # By default the server will pretend to allow ASCII mode but in fact ignore

 # the request. Turn on the below options to have the server actually do ASCII

 # mangling on files when in ASCII mode. The vsftpd.conf() man page explains

 # the behaviour when these options are disabled.

 # Beware that on some FTP servers, ASCII support allows a denial of service

 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

 # predicted this attack and has always been safe, reporting the size of the

 # raw file.

 # ASCII mangling is a horrible feature of the protocol.

 ascii_upload_enable=YES

 ascii_download_enable=YES

 #

 # You may fully customise the login banner string:

 ftpd_banner=Welcome to blah FTP service.

 #

 # You may specify a file of disallowed anonymous e-mail addresses. Apparently

 # useful for combatting certain DoS attacks.

 #deny_email_enable=YES

 # (default follows)

 #banned_email_file=/etc/vsftpd/banned_emails

 #

 # You may specify an explicit list of local users to chroot() to their home

 # directory. If chroot_local_user is YES, then this list becomes a list of

 # users to NOT chroot().

 # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that

 # the user does not have write access to the top level directory within the

 # chroot)

 chroot_local_user=YES

 chroot_list_enable=YES

 # (default follows)

 chroot_list_file=/etc/vsftpd/chroot_list

 #

 # You may activate the "-R" option to the builtin ls. This is disabled by

 # default to avoid remote users being able to cause excessive I/O on large

 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

 # the presence of the "-R" option, so there is a strong case for enabling it.

 ls_recurse_enable=YES

 #

 # When "listen" directive is enabled, vsftpd runs in standalone mode and

 # listens on IPv4 sockets. This directive cannot be used in conjunction

 # with the listen_ipv6 directive.

 listen=YES

 #

 # This directive enables listening on IPv6 sockets. By default, listening

 # on the IPv6 "any" address (::) will accept connections from both IPv6

 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6

 # sockets. If you want that (perhaps because you want to listen on specific

 # addresses) then you must run two copies of vsftpd with two configuration

 # files.

 # Make sure, that one of the listen options is commented !!

 #listen_ipv6=YES

 pam_service_name=vsftpd

 userlist_enable=YES

 userlist_deny=NO

 local_root=/var/public_home

 tcp_wrappers=YES

 use_localtime=YES

 allow_writeable_chroot=YES

 pasv_enable=YES

 pasv_min_port=

 pasv_max_port=




sz /etc/vsftpd/chroot_list




 Bob

 porter




sz /etc/vsftpd/user_list




 # vsftpd userlist

 # If userlist_deny=NO, only allow users in this file

 # If userlist_deny=YES (default), never allow users in this file, and

 # do not even prompt for a password.

 # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers

 # for users that are denied.

 Bob

 porter

 root

 bin

 daemon

 adm

 lp

 sync

 shutdown

 halt

 mail

 news

 uucp

 operator

 games

 nobody




sz /etc/vsftpd/ftpusers




 # Users that are not allowed to login via ftp

 root

 bin

 daemon

 adm

 lp

 sync

 shutdown

 halt

 mail

 news

 uucp

 operator

 games

 nobody




之一FTP上传,第一次可以用“”“FlashFXP 5”,这个挺好用的


参考链接:


系统的配置(整个,包括新建用户,权限,vsftp安装)


详细的vsftpd配置详解(vsftp.conf)


简单的配置(权限)
												


											
centos 中的vsftpd 配置的更多相关文章
	

    
								
  1. centos中apache-tomcat的配置
		
    在centos中配置Apache-toncat需要先安装jdk,前面文章已经写了怎么配置jdk,这里略过. 首先到官网下载好Apache-tomcat安装包,我这里下载的是apache-tomcat- ...
    
		
    2. 
						
  2. 1,Linux(CentOS)中的基本配置
		
    1,hostname(主机名) 查看主机名:hostname 临时修改主机名:hostname hadoop1 永久修改主机名:vi etc/sysconfig/network :  [NETWORK ...
    
		
    3. 
						
  3. centOS 6.4  vsftpd 配置
		
    ###########配置流程########### 1 新建一个ftp用户,为了跟vsftp的虚拟用户对应 #useradd  -d /home/vftpuser   -s /sbin/nologi ...
    
		
    4. 
						
  4. centos中docker mongodb 配置
		
    安装docker,对于Centos7,如下: $ sudo yum update$ sudo yum -y install docker$ sudo systemctl start docker 首先 ...
    
		
    5. 
						
  5. Centos中的Docker 配置:将loop-lvm改为derict-lvm
		
    重新装了个虚拟机,回顾一下最近三天的工作: Centos 查看版本 cat /etc/redhat-release yum -y upgrade 升级所有包,不改变软件设置和系统设置,系统版本升级,内 ...
    
		
    6. 
						
  6. centos中网卡的配置
		
    配置临时IP: ip a a 192.168.59.100/24 dev ens32 ifconfig ens32 192.168.59.100 up 在Linux最小安装之后,一般需要手动配置网络地 ...
    
		
    7. 
						
  7. Centos 中 vim 的配置
		
    工欲善其事,必先利其器,我们要用好 vim 就先来把它配置的顺手一点,这样可以大大提高我们的工作学习效率 1.跳转指令 Ctags1 从下面地址下载ctags,将其中的ctags.exe复制到vim目 ...
    
		
    8. 
						
  8. Centos中安装和配置vsftp简明教程
		
    一.vsftp安装篇 # 安装vsftpd yum -y install vsftpd # 启动 service vsftpd start # 开启启动 chkconfig vsftpd on 二.v ...
    
		
    9. 
						
  9. 在CentOS中安装与配置SVN的方法
		
    安装说明系统环境:CentOS-6.4安装方式:yum install (源码安装容易产生版本兼容的问题)安装软件:系统自动下载SVN软件 1.检查已安装版本 #检查是否安装了低版本的SVN[root ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. c# Invoke的新用法
			
    在C# 3.0及以后的版本中有了Lamda表达式,像上面这种匿名委托有了更简洁的写法..NET Framework 3.5及以后版本更能用Action封装方法.例如以下写法可以看上去非常简洁: voi ...
    
			
    2. 
						
  2. 利用cglib给javabean动态添加属性,不用在建VO
			
    有的时候 比如你用的是hibernate或者Spring jdbc 来做dao层进行数据库相关的操作的时候,若果是单表的操作的时候 还比较简单 hibernate可直接返回(get,load)你的需要 ...
    
			
    3. 
						
  3. SQL Server判断对象是否存在
			
    1 判断数据库是否存在 if exists (select * from sys.databases where name = ’数据库名’) drop database [数据库名] if exis ...
    
			
    4. 
						
  4. 【Leetcode_easy】1033. Moving Stones Until Consecutive
			
    problem 1033. Moving Stones Until Consecutive 参考 1. Leetcode_easy_1033. Moving Stones Until Consecut ...
    
			
    5. 
						
  5. 【linux学习笔记五】帮助命令
			
    man //查看ls作用 man ls man -f命令 相当于 whatis命令 --help ls --help help help shell help cd info详细命令帮助
    
			
    6. 
						
  6. 【GStreamer开发】GStreamer基础教程02——GStreamer概念
			
    上一个教程演示了如何自动生成一个pipeline.这次我们打算用一个个element来手动搭建一个pipeline.我们这个教程会演示: 1. 什么是GStreamer的element以及如何建立一个 ...
    
			
    7. 
						
  7. c++  在Ubuntu系统中使用access函数
			
    include<iostream> #include<stdlib.h> #include<stdio.h> #include<unistd.h> us ...
    
			
    8. 
						
  8. Java基础笔试练习(二)
			
    1. HashMap的数据结构是怎样的? A.数组 B.链表 C.数组+链表 D.二叉树 答案: C 解析: JDK8以后,HashMap的数据结构是数组+链表+红黑树 2. 在 JAVA 编程中,J ...
    
			
    9. 
						
  9. 剑指offer13:数组[奇数,偶数],奇数偶数相对位置不变。
			
    1. 题目描述 输入一个整数数组,实现一个函数来调整该数组中数字的顺序,使得所有的奇数位于数组的前半部分,所有的偶数位于数组的后半部分,并保证奇数和奇数,偶数和偶数之间的相对位置不变. 2. 思路和方 ...
    
			
    10. 
						
  10. 字典的学习1——参考Python编程从入门到实践
			
    字典:从汉语词意的角度理解,字典就是一个工具书,可以查找某个字.词.成语等的详细解释,字与解释相对应,而Python中字典则是一些列键和值相对应. Python中,字典放在花括号{键:值}中,eg:  ...
    
			
    11.