centos 搭建FTP服务器

1232121

近期准备把windows 上的ftp停用了，既然一门心思学CENTOS 正好也有这个需求，那就边学习边搭建一个FTP服务好了，正好实践一下。

1	rpm -qa |grep vsftp      #查看本机是否安装了ftp服务

如果没有安装使用命令进行安装。

1	yum install -y vsftpd

安装完成使用将ftp服务启动，并将其设置为开机启动：

然后进行ftp配置文件修改，文件位于/etc/vsftpd/vsftpd.conf

1 2	chkconfig vsftpd on service vsftpd start

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134

# Example config file /etc/vsftpd/vsftpd.conf   2 #   3 # The default compiled in settings are fairly paranoid. This sample file   4 # loosens things up a bit, to make the ftp daemon more usable.   5 # Please see vsftpd.conf.5 for all compiled in defaults.   6 #   7 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.   8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's   9 # capabilities. 10 # 11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out). 12 anonymous_enable=YES 13 # 14 # Uncomment this to allow local users to log in. 15 local_enable=YES 16 # 17 # Uncomment this to enable any form of FTP write command. 18 write_enable=YES 19 # 20 # Default umask for local users is 077. You may wish to change this to 022, 21 # if your users expect that (022 is used by most other ftpd's) 22 local_umask=022 23 # 24 # Uncomment this to allow the anonymous FTP user to upload files. This only 25 # has an effect if the above global write enable is activated. Also, you will 26 # obviously need to create a directory writable by the FTP user. 27 # 允许匿名用户进行上传操作 28 anon_upload_enable=YES 29 # 30 # Uncomment this if you want the anonymous FTP user to be able to create 31 # new directories. 32 # 可以通过匿名用户进行文件夹的创建操作 33 #anon_mkdir_write_enable=YES 34   31 # new directories. 32 # 可以通过匿名用户进行文件夹的创建操作 33 #anon_mkdir_write_enable=YES 34 35 #可以通过匿名用户进行删除文件操作 36 #anon_other_write_enable=YES 37 # 38 # Activate directory messages - messages given to remote users when they 39 # go into a certain directory. 40 dirmessage_enable=YES 41 # 42 # The name of log file when xferlog_enable=YES and xferlog_std_format=YES 43 # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log 44 xferlog_file=/var/log/vsftpd.log 45 # 46 # The target log file can be vsftpd_log_file or xferlog_file. 47 # This depends on setting xferlog_std_format parameter 48 xferlog_enable=YES 49 # 50 # Switches between logging into vsftpd_log_file and xferlog_file files. 51 # NO writes to vsftpd_log_file, YES to xferlog_file 52 xferlog_std_format=YES 53 # 54 # Make sure PORT transfer connections originate from port 20 (ftp-data). 55 connect_from_port_20=YES 56 # 57 # If you want, you can arrange for uploaded anonymous files to be owned by 58 # a different user. Note! Using "root" for uploaded files is not 59 # recommended! 60 #chown_uploads=YES 61 #chown_username=whoever 62 # 63 # You may change the default value for timing out an idle session. 64 #idle_session_timeout=600 65 # 66 # You may change the default value for timing out a data connection. 67 #data_connection_timeout=120 68 # 69 # It is recommended that you define on your system a unique user which the 70 # ftp server can use as a totally isolated and unprivileged user. 71 #nopriv_user=ftpsecure 72 # 73 # Enable this and the server will recognise asynchronous ABOR requests. Not 74 # recommended for security (the code is non-trivial). Not enabling it, 75 # however, may confuse older FTP clients. 76 #async_abor_enable=YES 77 # 78 # By default the server will pretend to allow ASCII mode but in fact ignore 79 # the request. Turn on the below options to have the server actually do ASCII 80 # mangling on files when in ASCII mode. 81 # Beware that on some FTP servers, ASCII support allows a denial of service 82 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd 83 # predicted this attack and has always been safe, reporting the size of the 84 # raw file. 85 # ASCII mangling is a horrible feature of the protocol. 86 #ascii_upload_enable=YES 87 #ascii_download_enable=YES 88 # 89 # You may fully customise the login banner string: 90 #ftpd_banner=Welcome to blah FTP service. 91 # 92 # You may specify a file of disallowed anonymous e-mail addresses. Apparently 93 # useful for combatting certain DoS attacks. 94 #deny_email_enable=YES 95 # (default follows) 96 #banned_email_file=/etc/vsftpd/banned_emails 97 # 98 # You may specify an explicit list of local users to chroot() to their home 99 # directory. If chroot_local_user is YES, then this list becomes a list of 100 # users to NOT chroot(). 101 chroot_local_user=YES 102 #chroot_list_enable=YES 103 # (default follows) 104 #chroot_list_file=/etc/vsftpd/chroot_list 105 # 106 # You may activate the "-R" option to the builtin ls. This is disabled by 107 # default to avoid remote users being able to cause excessive I/O on large 108 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume 109 # the presence of the "-R" option, so there is a strong case for enabling it. 110 #ls_recurse_enable=YES 111 # 112 # When "listen" directive is enabled, vsftpd runs in standalone mode and 113 # listens on IPv4 sockets. This directive cannot be used in conjunction 114 # with the listen_ipv6 directive. 115 listen=YES 116 # 117 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 118 # sockets, you must run two copies of vsftpd with two configuration files. 119 # Make sure, that one of the listen options is commented !! 120 #listen_ipv6=YES 121   122 pam_service_name=vsftpd 123 userlist_enable=YES 124 userlist_deny=NO 125 #userlist_enable 与userlist_deny同时使用方可生效,deny为YES时userlist文件中的用户无法登录ftp,相反则仅允许文件中的用户登录ftp 126 tcp_wrappers=YES 127 #max_clients=300 128 #设置同时访问FTP的最大客户端数量 129 #max_per_ip=10 130 #设置单个IP地址同时连接FTP服务的最大数

设置完毕后重启vsftpd服务

1	service vsftpd restart

创建ftp登录用户：

1 2	useradd -d /ftp/ftpuser/ -s /sbin/nologin ftpuser #创建用户，设置起家目录为/ftp/ftpuser，默认shell为/sbin/nologin (因为默认该用户是不允许登录linux系统的) echo "passwd" |passwd --stdin ftpuser #设置ftpuser用户密码为passwd

在 配置文件124行使用了userlist_deny=NO选项，则无论匿名用户anonymous是否启用都是无法登录的，这时候如果需要登录则需要配置/etc/vsftpd/目录下的user_list文件，将需要登录ftp服务器的用户加入其中即可。

将之前添加的ftpuser用户添加到user_list文件中即可登录。

一个较为简单的ftp服务器就搭建完毕了，查阅网上一些资料说ftp验证过程都是明文的安全性会差一些，过后再慢慢加吧，先满足需求后续修改吧（主要是还没搞明白加密o(╯□╰)o）。