centos配置vsftpd服務2

ftp搭建

1、搭建前提
a、ssh服務已經開啓，b、防火牆關閉，c、連網
一、查看ssh和防火牆的狀態
service sshd status
service iptables status

二、開啓ssh
service sshd start

三、關閉防火牆
chkconfig iptables off

四、測試是否連網

2、安裝並開啓tftp和vsftpd
#yum install tftp
#yum install vsftpd
#chkconfig vsftpd on
#chkconfig tftp on

啓動vsftpd服務
service vsftpd start
查看vsftpd的啓動狀態
service vsftpd status

3、打開21和20端口
# /sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT
# /sbin/iptables -I INPUT -p tcp --dport 20 -j ACCEPT
# /etc/rc.d/init.d/iptables save

4、添加ftp用戶
*進入etc下的vsftpd下再添加
#cd /etc/vsftpd/
#useradd ftpuser
#passwd ftpuser

5、修改vsftpd.conf配置文件
#vi /etc/vsftpd/vsftpd.conf
一、把第一行的 anonymous_enable=YES ，改成NO
**ftpusers：位於/etc/vsftpd/目錄下。它指定了哪些用戶帳戶不能訪問FTP服務器， 例如root等。
**user_list：位於/etc/vsftpd目錄下。該文件裏的用戶帳戶在默認狀況下也不能訪問FTP服務器，僅當vsftpd .conf配置文件裏啓用userlist_enable=NO選項時才容許訪問。

6、重啓服務
service vsftpd restart

7、開啓SELinux
一、getsebool -a | grep ftp ：查看SELinux下是否開啓ftp的支持
把allow_ftpd_full_access --> off，
ftp_home_dir --> off 都改成on。

#setsebool ftp_home_dir 1
#setsebool allow_ftpd_full_access 1

（*若是出現getsebool: SELinux is disabled的錯誤，需從新開啓selinux
#vi etc/selinux/config
*SELinux=enable
*重啓linux，開啓selinux）

ftp登陸
一、ftp +ip地址
二、name：
三、password：
四、返回Login successful登陸成功

ftp目錄操做
一、ls ：列出當前文件夾下全部文件
二、cd ：和linux操做同樣切換位置

ftp文件下載
一、lcd ：指定下載到的位置 （eg：lcd c:\test\）
二、getfile ：下載文件 （eg：get index.html 而後瞎子啊到指定位置）
mgetfile ：下載多個文件 （eg：mget *.xls 下載以xls後綴的全部文件）

ftp文件上傳
一、put file ：上傳文件到指定的ftp上傳文件位置
mput file ：上傳多個文件

ftp關閉
一、bye 二、exit 三、quit

ftp搭建問題
500 OOPS: cannot change directory:/home/***
是路徑目錄錯誤，解決方法：
在配置文件中添加或更改默認訪問路徑文件
在vsftpd.conf最後添加 local_root=/home :登陸後就會默認訪問這個路徑下的文件夾

 

 

***ftp權限設置（/etc/vsftpd/vsftpd.conf下）***
一、在配置文件最後添加chroot_local_user=YES
或者把配置中#chroot_local_user=YES的‘#’去掉 把全部的本地用戶限制在給定的訪問路徑下的文件夾裏
若是隻限制一些用戶，則
chroot_local_user=NO
#chroot_list_enable=YES
#(default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
//去掉‘#’，chroot_local_user改成NO
:將要限制的用戶添加到此文件裏面

具體配置：

根據 /etc/vsftpd/vsftpd.conf默認配置給出設定功能

# Example config file /etc/vsftpd/vsftpd.conf

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

容許匿名用戶登陸

# Uncomment this to allow local users to log in.

local_enable=YES

容許系統用戶名登陸

# Uncomment this to enable any form of FTP write command.

write_enable=YES

容許使用任何能夠修改文件系統的FTP的指令

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

本地用戶新增檔案的權限

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

容許匿名用戶上傳文件

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

容許匿名用戶建立新目錄

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

容許爲目錄配置顯示信息,顯示每一個目錄下面的message_file文件的內容

# Activate logging of uploads/downloads.

xferlog_enable=YES

開啓日記功能

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

使用標準的20端口來鏈接ftp

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

全部匿名上傳的文件的所屬用戶將會被更改爲chown_username

#chown_username=whoever

匿名上傳文件所屬用戶名

# You may override where the log file goes if you like. The default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

日誌文件位置

# If you want, you can have your log file in standard ftpd xferlog format

xferlog_std_format=YES

使用標準格式

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

空閒鏈接超時

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

數據傳輸超時

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

當服務器運行於最底層時使用的用戶名

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

容許使用\"async ABOR\"命令,通常不用,容易出問題

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

管控是否可用ASCII 模式上傳。默認值爲NO

#ascii_download_enable=YES

管控是否可用ASCII 模式下載。默認值爲NO

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

login時顯示歡迎信息.若是設置了banner_file則此設置無效

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

若是匿名用戶須要密碼,那麼使用banned_email_file裏面的電子郵件地址的用戶不能登陸

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

禁止使用匿名用戶登錄時做爲密碼的電子郵件地址

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

若是啓動這項功能，則全部列在chroot_list_file中的使用者不能更改根目錄

# (default follows)

#chroot_list_file=/etc/vsftpd/chroot_list

定義不能更改用戶主目錄的文件

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

是否能使用ls -R命令以防止浪費大量的服務器資源

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

listen=YES

綁定到listen_port指定的端口,既然都綁定了也就是每時都開着的,就是那個什麼

standalone模式

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd whith two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

pam_service_name=vsftpd

定義PAM 所使用的名稱，預設爲vsftpd

userlist_enable=YES

若啓用此選項,userlist_deny選項才被啓動

tcp_wrappers=YES

開啓tcp_wrappers支持

anonymous_enable=YES

local_enable=YES

write_enable=YES

local_umask=022

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

#chown_uploads=YES

#chown_username=whoever

#xferlog_file=/var/log/vsftpd.log

xferlog_std_format=YES

#idle_session_timeout=600

#data_connection_timeout=120

#nopriv_user=ftpsecure

#async_abor_enable=YES

#ascii_upload_enable=YES

#ascii_download_enable=YES

#ftpd_banner=Welcome to blah FTP service.

#deny_email_enable=YES

#banned_email_file=/etc/vsftpd/banned_emails

#chroot_list_enable=YES

#chroot_list_file=/etc/vsftpd/chroot_list

#ls_recurse_enable=YES

listen=YES

#listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES