Detailed explanation of FTP environment configuration solution (vsftpd)

1. Install vsftpd component

Installation command: [root@ink4t ~]# sudo apt-get install vsftpd

After installation, there is a /etc/vsftpd/vsftpd.conf file, which is the configuration file of vsftp.

2. Add an ftp user

This user is used to log in to the ftp server.

[root@ink4t ~]# useradd ftpuser

After such a user is created, you can use this to log in. Remember to use normal login instead of anonymous login. The default path after logging in is /home/ftpuser

3. Add a password to the ftp user

[root@ink4t ~]# passwd ftpuser

Enter the password twice to change it.

4. Open port 21 on the firewall

Because the default port of FTP is 21, and CentOS is not enabled by default, you need to modify the iptables file

[root@ink4t ~]# vi /etc/sysconfig/iptables

There is 22 -j ACCEPT on the line above. Start another line below and enter the same content, except replace 22 with 21, then :wq to save.

Also run, restart iptables

[root@ink4t ~]# service iptables restart

5. Modify the configuration file vsftpd.conf

Allow anonymous users to access, and limit the directory for anonymous users to /home/ftpuser

anonymous_enable=YES 
anon_root=/home/ftpuser

It is especially noted here that the /home/ftp directory cannot have w permissions. This is a read-only directory, otherwise an error will be reported. To modify permissions, you can use

sudo chmod aw /home/ftpuser

Local users can access and have write permissions

local_enable=YES 
write_enable=YES

After logging in, local users are restricted to their home directories. At the same time, the file /etc/vsftpd.chroot_list is used to specify users who are not restricted to directories (for example, our user1 is not restricted to directories, so user1 should be written in this file), and users are allowed to modify their home directories.

chroot_local_user=YES 
chroot_list_enable=YES 
chroot_list_file=/etc/vsftpd.chroot_list 
allow_writeable_chroot=YES

Enable the user list. Users not in the list are prohibited from logging in (so we need to write user1, user2, anonymous, ftp in etc/allowed_users, where the last two represent anonymous login)

user_list_enable=YES 
user_list_deny=NO 
userlist_file=/etc/allowed_users

This is an empirical item. It is said that configuring it can avoid some errors. It is introduced in the references.

seccomp_sandbox=NO

At this point, we also noticed that there are two files involved, one is /etc/vsftpd.chroot_list and the other is /etc/allowed_users. After saving, we need to create these two files manually.

sudo touch /etc/vsftpd.chroot_list 
sudo touch /etc/allowed_users

Then, the users in /etc/vsftpd.chroot_list are not restricted to directories. In this example, we need to write user1. /etc/allowed_users needs to write users who are allowed to access the server, here are user1, user2, and anonymous users anonymous, ftpuser. Note that only one user name is written per line.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.