一 检查系统是否安装vsftpd
rpm -qa|grep vsftpd这里是安装好了,才会出现版本信息,没有安装不会出现
如果想删除卸载vsftpd使用 rpm -qa|grep vsftpd 查询出来版本好,通过 rpm- e vsftpd-3.0.2-29.el7_9.x86_64 进行卸载,卸载前需要先停止服务。
二 安装vsftpd
yum install -y vsftpd 设置服务为开机自启动
systemctl enable vsftpd.service #开机自启systemctl start vsftpd.service #启动服务systemctl stop vsftpd.service #停止服务systemctl restart vsftpd.service #重启服务三 新建FTP目录并授权
useradd -d /data/ftp/ -s /sbin/nologin ftproot #ftproot用户名chown -R ftproot /data/ftp #设置账户权限chmod 755 /data/ftp #设置文件权限为FTP用户设置密码 passwd 用户名 后面输入密码和确认密码就OK
四 进入 /etc/vsftpd/目录并修改vsftpd.conf配置文件信息
cd /etc/vsftpd修改:anonymous_enable=NO yes改为NOchroot_local_user=YES #去掉前面的注释#chroot_list_enable=YES#chroot_list_file=/etc/vsftpd/chroot_list#不受限制的用户列表,用不用都OKallow_writeable_chroot=YES #加上这行解决了无法登陆的问题如下是配置文件所有信息可直接复制替换,配置文件如下:# Example config file /etc/vsftpd/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.## Allow anonymous FTP? (Beware - allowed by default if you comment this out).allow_writeable_chroot=YES# 是否开启匿名用户,匿名都不安全,默认NOanonymous_enable=NO## Uncomment this to allow local users to log in.# When SELinux is enforcing check for SE bool ftp_home_dirlocal_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## Activate logging of uploads/downloads.xferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/xferlog## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.xferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains# the behaviour when these options are disabled.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd/banned_emails## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)chroot_local_user=YESchroot_list_enable=YES# (default follows)chroot_list_file=/etc/vsftpd/chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## When "listen" directive is enabled, vsftpd runs in standalone mode and# listens on IPv4 sockets. This directive cannot be used in conjunction# with the listen_ipv6 directive.listen=NO## This directive enables listening on IPv6 sockets. By default, listening# on the IPv6 "any" address (::) will accept connections from both IPv6# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6# sockets. If you want that (perhaps because you want to listen on specific# addresses) then you must run two copies of vsftpd with two configuration# files.# Make sure, that one of the listen options is commented !!listen_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YES五 启动或重启VSFTPD
参照上面有启动及其它命令
六 进行连接测试
- 可以使用文件管理导航栏输入: ftp://ip地址
- 会出现让你输入账户密码
- 输入正确用户密码会进入到指定的文件目录下
七 可能出现无法连接成功的可能,解决方法如下:
- 可能是服务器防火墙没有关闭,关闭防火墙,命令如下:
#查看防火墙状态:firewall-cmd --state#停止防火墙:systemctl stop firewalld.service#禁止防火墙:开机启动:systemctl disable firewalld.service- 关闭selinux:
进入到:/etc/selinux/config将SELINUX=enforcing改为SELINUX=disabled- 如果使用FileZilla连接工具出现以下情况:
查看 /etc/vsftpd/vsftpd.conf 里面 pam_service_name =vsftpd
然后检查 /etc/pam.d/vsftpd,里面有auth required pam_shells.so,问题就处在这里了。
修改这行:
auth required pam_shells.so –> auth required pam_nologin.so
然后重启vsftpd即可。
来源地址:https://blog.csdn.net/weixin_55518591/article/details/129124995
