通用安装和配置
1.下载安装包并安装
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/vsftpd-3.0.2-25.el7.x86_64.rpm
rpm -ivh vsftpd-3.0.2-25.el7.x86_64.rpm
2.创建ftp宿主用户
useradd ftpuser -s /sbin/nologin
echo "96@wB&RjaAql" | passwd --stdin ftpuser
3.备份配置文件
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak`date "+%Y%m%d"`
echo '' > /etc/vsftpd/vsftpd.conf
4.设置登陆标语
echo "dirmessage_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "ftpd_banner=Welcome to login FTP service." >> /etc/vsftpd/vsftpd.conf
5.禁止匿名用户登陆
echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "anon_upload_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "anon_mkdir_write_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "anon_other_write_enable=NO" >> /etc/vsftpd/vsftpd.conf
6.启用日志记录
echo "xferlog_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "xferlog_std_format=YES" >> /etc/vsftpd/vsftpd.conf
echo "xferlog_file=/var/log/vsftpd.log" >> /etc/vsftpd/vsftpd.conf
7.启用异步传输
echo "async_abor_enable=YES" >> /etc/vsftpd/vsftpd.conf
8.启用文本(ASCII)传输模式
echo "ascii_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "ascii_download_enable=YES" >> /etc/vsftpd/vsftpd.conf
9.启用被动连接模式
echo "connect_from_port_20=NO" >> /etc/vsftpd/vsftpd.conf
echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "pasv_min_port=55000" >> /etc/vsftpd/vsftpd.conf
echo "pasv_max_port=56000" >> /etc/vsftpd/vsftpd.conf
10.开启上传下载删除等操作权限
echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "cmds_allowed=FEAT,REST,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RMD,RNFR,RNTO,RETR,DELE,SIZE,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST,STOR" >> /etc/vsftpd/vsftpd.conf
11.设置文件的默认权限(目录为755,文件为644)
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf
12.启用白名单(使用user_list文件,避免用ftpusers文件)
echo "userlist_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "userlist_deny=NO" >> /etc/vsftpd/vsftpd.conf
13.启用pam认证
echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf
14.解决pam文件中shell不存在问题
详情请参考:https://blog.csdn.net/woshijipinglong/article/details/92636979
sed -i 's/pam_shells.so/pam_nologin.so/g' /etc/pam.d/vsftpd
15.关闭selinux和防火墙
setenforce 0
sed -i "/SELINUX=enforcing/cSELINUX=disabled" /etc/selinux/config
systemctl disable firewalld && systemctl stop firewalld && systemctl status firewalld
16.清空白名单
echo '' > /etc/vsftpd/user_list
配置FTP采用本地用户登陆
17.开启本地用户登陆
echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf
18.锁定用户活动范围为家目录
echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
echo "chroot_list_enable=NO" >> /etc/vsftpd/vsftpd.conf
19.将本地用户添加到白名单中
echo "ftpuser" >> /etc/vsftpd/user_list
20.启动ftp服务
systemctl enable vsftpd && systemctl restart vsftpd &&systemctl status vsftpd
验证
1.安装ftp客户端
yum -y install ftp
2.登陆
ftp
open 127.0.0.1 21
ftpuser
96@wB&RjaAql
put test
get test
delete test
ls