Centos 7 minimal 配置 vsftpd文件服务器

Centos 7 minimal 配置 vsftpd文件服务器

vsftp 官方网站：http://vsftpd.beasts.org/

一、检测linux主机上是否已经安装了vsftpd服务器
rpm -qa | grep vsftpd
如果执行此命令没有任何提示，那么代表没有安装此服务器
二、安装vdftpd服务器

安装完毕后执行第一步检测命令后的提示结果，表明已经安装成功
通过ss -lt可以查看监听的端口（centos7没有自带netstat，而是新指令ss）

可以看到ftp已经处于监听状态
三、登录用户名密码配置
useradd -d /usr/vsftpd/ -s /sbin/nologin 用户名 //这里设置不能登录系统的ftp用户，将其存在/usr/vsftpd目录下（这里的‘用户名’是按照自己需要设置的ftp用户进行相应设置）
这里/usr/vsftp是当前账户的文件服务器的跟目录，可以根据自己的需求进行设置

passwd 用户名 //修改当前ftp用户名的登录密码

（用户创建完成）
四、配置ftp配置文件
vsftpd.conf 文件一般在 /etc/vsftpd/文件夹下，可以通过find命令进行文件查找
利用vim对此配置文件进行修改 //vim /etc/vsftpd/vsftpd.conf
（Ubuntu的此配置文件在 /etc/文件夹下）

# Example config file /etc/vsftpd/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.## Allow anonymous FTP? (Beware - allowed by default if you comment this out).**anonymous_enable=no**## Uncomment this to allow local users to log in.# When SELinux is enforcing check for SE bool ftp_home_dir**local_enable=YES**## Uncomment this to enable any form of FTP write command.**write_enable=YES**## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.**dirmessage_enable=YES**## Activate logging of uploads/downloads.**xferlog_enable=YES**## Make sure PORT transfer connections originate from port 20 (ftp-data).**connect_from_port_20=YES**## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/xferlog## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.**xferlog_std_format=YES**## You may change the default value for timing out an idle session.**idle_session_timeout=600**## You may change the default value for timing out a data connection.data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.ascii_upload_enable=YESascii_download_enable=YES## You may fully customise the login banner string:ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd/banned_emails## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)#chroot_local_user=YES#chroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd/chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.**ls_recurse_enable=YES**## When "listen" directive is enabled, vsftpd runs in standalone mode and# listens on IPv4 sockets. This directive cannot be used in conjunction# with the listen_ipv6 directive.**listen=NO**## This directive enables listening on IPv6 sockets. By default, listening# on the IPv6 "any" address (::) will accept connections from both IPv6# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6# sockets. If you want that (perhaps because you want to listen on specific# addresses) then you must run two copies of vsftpd with two configuration# files.# Make sure, that one of the listen options is commented !!**listen_ipv6=YES****pam_service_name=vsftpduserlist_enable=YESuserlist_deny=NOuserlist_file=/etc/vsftpd/user_list#local_root=/var/vsftp/tcp_wrappers=YES**

配置文件使用英文进行提示配置的，所以英文还是很重要哒

关闭防火墙：service firewalld stop

已经可以正常访问了

虽然已经可以正常访问，但是可能还是无法上传文件，那么需要修改/etc/selinux/ 下config文件：SELINUX=disabled

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:#     enforcing - SELinux security policy is enforced.#     permissive - SELinux prints warnings instead of enforcing.#     disabled - No SELinux policy is loaded.#SELINUX=enforcingSELINUX=disabled# SELINUXTYPE= can take one of three two values:#     targeted - Targeted processes are protected,#     minimum - Modification of targeted policy. Only selected processes are protected. #     mls - Multi Level Security protection.SELINUXTYPE=targeted

开启防火墙后就无法访问了（service firewalld start）

五、防火墙配置
在centos7下面，用service iptables start/stop/restart是不能用的，可能是被丢弃了吧，而是转为 service firewalld start/stop/restart
其中 firewalld;iptables-config等配置文件都在/etc/sysconfig/文件夹下

虽然用户名密码都已经配置好了，但是由于防火墙的缘故，还是不能正常登陆到文件服务器

firewall-cmd –zone=public –add-port=21/tcp –permanent（不加permanent的话，重启防火墙此规则会失效）
firewall-cmd –reload

尽情上下载文件吧~~~