最近在阿里云ecs上安装了ftp服务,选择的ftp服务端程序是vsftpd.阿里云系统是centos7.4,专门在系统上建了一个用户账户用于ftp服务的登录.
安装vsftpd
vsftpd是linux系统使用比较多的一款ftp服务程序,使用以下命令安装
$ yum install vsftpd
输出
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/7): base/7/x86_64/group_gz | 156 kB 00:00
(2/7): epel/x86_64/group_gz | 266 kB 00:00
(3/7): epel/x86_64/updateinfo | 907 kB 00:00
(4/7): extras/7/x86_64/primary_db | 185 kB 00:00
(5/7): epel/x86_64/primary_db | 6.3 MB 00:00
(6/7): base/7/x86_64/primary_db | 5.7 MB 00:00
(7/7): updates/7/x86_64/primary_db | 6.9 MB 00:00
Determining fastest mirrors
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-22.el7 base 169 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 169 k
Installed size: 348 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-22.el7.x86_64.rpm | 169 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-22.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-22.el7
Complete!
vsftpd配置
开机自动启动
设置开机自动启动:
$ chkconfig vsftpd on
输出
Note: Forwarding request to 'systemctl enable vsftpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
检查vsftpd的开机启动情况:
$ chkconfig --list
发现没有,提示使用下面的命令查看
$ systemctl list-unit-files
发现有vsftpd.service,说明会开机自动启动
ftp账户设置
系统中添加一个用于ftp登录的本地账户,该账户的主目录为/home/ftpu,禁止登录系统权限:
$ useradd -d /home/ftpu -g ftp -s /sbin/nologin ftpu -p ftpu
该用户名为ftpu,密码为ftpu,用户组为ftp,并且该用户拥有/home/ftpu目录
可以使用命令修改密码:
$ passwd <username>
将username换成ftpu,输入新密码123即可
vsftpd.conf配置
编辑vsftpd.conf:
$ vim /etc/vsftpd/vsftpd.conf
添加
anonymous_enable=NO
local_enable=YES
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES
userlist配置
编辑userlist$ vim /etc/vsftpd/user_list,注释掉所有用户,添加一个ftpu账户
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
#bin
#daemon
#adm
#lp
#sync
#shutdown
#halt
#mail
#news
#uucp
#operator
#games
#nobody
ftpu
tcp_wrappers配置
首先添加允许的ip,$ vim /etc/hosts.allow,添加vsftpd:ALL;
然后添加禁止的ip,$ vi /etc/hosts.deny,添加vsftpd:禁止的IP地址
服务相关操作
启动ftp:
$ systemctl start vsftpd.service
查看启动状态:
$ systemctl status vsftpd.service
重启:
$ systemctl restart vsftpd.service
Bug解决
filezilla使用21端口连接出现错误:
Failed to retrieve directory listing
解决方法是vim /etc/vsftpd/vsftpd.conf
添加
pasv_enable=YES # default YES. When enabled, passive mode connects are allowed.
pasv_min_port=9900
pasv_max_port=9901
port_enable=YES # default NO. When enabled, active mode connects are allowed.
并且在阿里云的安全组里打开端口9900和9901.参考FTP连接错误:Failed to retrieve directory listing 解决办法和vsftpd Error: Failed to retrieve directory listing
网友评论