RedHatEnterpriseLinuxServerRelease7.3上配置vsftpd服务器

0.vsftpd与ftp安装

yum install -y vsftpd ftp

1.vsftpd 服务启停相关命令

systemctl start vsftpd
systemctl stop vsftpd
systemctl restart vsftpd
systemctl status vsftpd

 2.配置文件/etc/vsftpd/vsftpd.conf相关配置选项

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# You may change the default value for timing out an idle session.
idle_session_timeout=600
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
allow_writeable_chroot=YES

pam_service_name=vsftpd
# Set to NO if you want to disallow the  PASV  method of obtaining a data
# connection.
#
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10000

max_clients=100
max_per_ip=50

　　a.如果allow_writeable_chroot为NO,ftp登录时出现以下错误。

500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed.
421 Service not available, remote server has closed connection

3. sestatus -b|grep ftp查看SELinux相关boolean变量，setsebool修改相关变量，修改结果如下示：

ftpd_anon_write                             off
ftpd_connect_all_unreserved                 off
ftpd_connect_db                             off
ftpd_full_access                            on
ftpd_use_cifs                               off
ftpd_use_fusefs                             off
ftpd_use_nfs                                off
ftpd_use_passive_mode                       off
httpd_can_connect_ftp                       off
httpd_enable_ftp_server                     off
tftp_anon_write                             off
tftp_home_dir                               off

　　a.如果ftpd_full_access为off，ftp登录时将出现以下错误。

500 OOPS: chroot
Login failed.
421 Service not available, remote server has closed connection

4.创建仅供ftp登录（不允许ssh）的用户ftpuser

　　a.查看nologin:

whereis nologin

　　b.创建用户ftpuser:

useradd -d /home/ftpuser -m -s /usr/sbin/nologin ftpuser

　　c.设置ftpuser密码：

passwd ftpuser

5. firewall-config GUI防火墙配置中开启ftp服务,或firewall-cmd 命令行开启ftp服务

a.firewall-config开启服务

b.firewall-cmd开启服务

//开启ftp服务
firewall-cmd --add-service=ftp
//列出服务列表
firewall-cmd --list-services

参考：

1.vsftpd 配置:chroot_local_user与chroot_list_enable详解

2.Install and Configure VSFTPD / SFTP on CentOS 7

3.关于ftp的选择：vsftpd 和proftpd

 4.Install and configure FTP server in Redhat/Centos Linux

5.FTP主动模式和被动模式的区别