YAOHAIXIAO.COM

HTML(5),CSS(3),JavaScript,DOM,Ajax,JSON,Front-end technologies & Yaohaixiao

热门标签:JavaScript Performance 前端开发 前端性能优化 原创

Rss

Home » Others » CentOS 架设 vsftpd 服务器的简明教程

CentOS 架设 vsftpd 服务器的简明教程

安装 vsftpd 服务

vsftpd 服务是 CentOS 系统中一个简单而使用的 FTP 服务器程序,CentOS 默认没有安装 vsftpd 服务,需要我们手动安装它,安装(打开 CentOS 的 控制台程序)命令如下:

sudo yum -y install vsftpd

系统回从网上下载 vsftpd 安装包,并安装到系统中,安装完毕后,我们就可以进入 vsftpd 的安装目录进行一些必要的配置了。好了,现在可以进入 vsftpd 的安装目录,输入一下命令:

cd /etc/vsftpd

如果没有进入该目录,则说明您安装 vsftpd 不成功。

配置 vsftpd 服务

vsftpd 服务的主要配置文件是 vsftpd.conf,用 vi 编辑器打开 vsftpd.conf 文件,命令如下:

sudo vi vsftpd.conf

这里先给出需要我们调整的参数:


    # 默认是 YES,允许匿名用户连接,我这里为安全设置为 NO
    anonymous_enable=NO 

    # 驱动这3项的注释
    chroot_local_user=YES  #这里表示不允许默认的系统帐号登陆FTP
    chroot_list_enable=YES  # 这里表示不允许 chroot_list 里的用户登陆
    chroot_list_file=/etc/vsftpd/chroot_list  #指定chroot_list 文件的路径

vsftpd.conf 文件中需要修改参数暂时只有这么多,如果你想做更复杂的操作,可以另行配置,不过作为 web 服务器的文件传输 FTP 服务,这么配置就已经够用(当然我是 linux 菜鸟,高手也请指正)。这里也给出完整的 vsftpd.conf 文件的代码:


    # Example config file /etc/vsftpd/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # The target log file can be vsftpd_log_file or xferlog_file.
    # This depends on setting xferlog_std_format parameter
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
    # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
    #xferlog_file=/var/log/xferlog
    #
    # Switches between logging into vsftpd_log_file and xferlog_file files.
    # NO writes to vsftpd_log_file, YES to xferlog_file
    xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome to blah Yaohaixiao's FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd/banned_emails
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    chroot_local_user=YES
    chroot_list_enable=YES
    # (default follows)
    chroot_list_file=/etc/vsftpd/chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    # When "listen" directive is enabled, vsftpd runs in standalone mode and
    # listens on IPv4 sockets. This directive cannot be used in conjunction
    # with the listen_ipv6 directive.
    listen=YES
    #
    # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
    # sockets, you must run two copies of vsftpd with two configuration files.
    # Make sure, that one of the listen options is commented !!
    #listen_ipv6=YES

    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES

到这里配置并没有结束,首先我们要新建 chroot_list 文件。前面说了,这个文件默认并不存在,说用 vi 创建一个空的 chroot_list 文件,命令如下:


    # vi 编辑器下,不需要输入任何内容,
    # 按 esc 键,":" 键输入:wq 保存一个空文件
    sudo vi chroot_list

创建 FTP 登陆帐号

chroot_list 文件已经有了,而我们大现在还没有创建可以登陆的 FTP 帐号,我们用 useradd 来创建一个吧:


    #-d /var/www/html 指定用户的主目录路径(根据需要更改)
    #-s /sbin/nologin 创建的新用户不能登陆 CentOS 系统(安全需要)
     # -g ftp 用户属于 ftp 用户组
     # webmaster 用户名
     sudo useradd -d /var/www/html -g ftp -s /sbin/nologin webmaster

     # 给用户添加登陆密码
     sudo passwd webmaster  #接着输入密码就是

好了 ,用户我们也创建了,现在可以启动 vsftpd 服务吗?暂时还不行,还需要设置 selinux 的一些权限,还有我们需要把 vsftpd 服务设置程开机就启动的服务。

设置 FTP 服务相关的 sebool 值

先来看看 selinux 关于 FTP 的一些参数,命令如下:

sudo getsebool -a | grep ftp

我们得到如下结果:


    allow_ftpd_anon_write --> off 
    allow_ftpd_full_access --> off        #需要修改的参数
    allow_ftpd_use_cifs --> off
    allow_ftpd_use_nfs --> off
    ftp_home_dir --> off                      #需要修改的参数
    ftpd_connect_db --> off
    ftpd_use_passive_mode --> off     #需要修改的参数
    httpd_enable_ftp_server --> off
    tftp_anon_write --> off

修改参数的方法都是一样的 ,我这里就给出一个,其余的只用更换相应的参数名称,命令如下:

# 输入完命令后,系统执行的速度有点慢,耐心等以一会
    sudo setsebool -P allow_ftpd_full_access=1

启动 vsftpd 服务

接下来就是启动 vsftpd 服务了,命令如下:

sudo service vsftpd start   # restart 为重启命令

最后要做的是希望 ftp 在 CentOS 系统开机时自动运行。我们使用 chkconfig 命令来搞定:

sudo chkconfig vsftpd on

我还忘了点什么,对了,要开打 CentOS 系统防火墙的 21 端口,只有这样你用 FTP 客户端软件才可以连接上我们架设好的 FTP 服务。

sudo iptables -A INPUT -p tcp --dport  21 -j ACCEPT

OK,现在你可以用 FTP 客户端软件来连接 CentOS 上的 FTP 服务器了。

声明:本文采用BY-NC-SA协议进行授权。转载请注明转自:CentOS 架设 vsftpd 服务器的简明教程

« »

3 条评论

  • 久不更新。。换服务器了? 卡的很呀。。。

    • 是啊,最近都不知在忙什么,很久没有更新了,现在开始会有更多的内容的。

  • 久不更新呀。。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(Spamcheck Enabled)