CentOS7 +vsftpd (一)之 匿名 ftp的搭建是一個基礎性的工作,CentOS7 +vsftpd 是一個比較容易實現的平臺,但在搭建中問題會不少,本系列將通過四篇隨筆與大家分享。 一、CentOS7 1、實驗環境為:VMware Workstation Pro +CentOS 7 64 ...
CentOS7 +vsftpd (一)之 匿名
ftp的搭建是一個基礎性的工作,CentOS7 +vsftpd 是一個比較容易實現的平臺,但在搭建中問題會不少,本系列將通過四篇隨筆與大家分享。
一、CentOS7
1、實驗環境為:VMware Workstation Pro +CentOS 7 64位最小化安裝(略)(網路採用橋接方式)。
2、安裝完後,網路設置(如果未能啟用網路,請採用以下步驟)
[root@localhost pub]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255 <======================未啟用網路設備,沒有這些IP,請執行 ifup ens33
inet6 fe80::ccbe:f76:f63f:8270 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:09:37:0a txqueuelen 1000 (Ethernet)
RX packets 4721 bytes 426895 (416.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3090 bytes 384658 (375.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost pub]# ifup ens33 <=======================ens33 你的網路設備名,
3、安裝工具 VIM
yum install -y vim
4、設置靜態IP地址
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 <=======================ens33 你的網路設備名 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=4c9cac13-3d1d-451a-88ba-91aaddfa09d5 DEVICE=ens33 ONBOOT=yes <=======================開機啟動 BOOTPROTO=static <=================靜態IP方式 IPADDR=192.168.1.21 <================IP NETMASK=255.255.255.0 <=================子網掩碼 DNS1=192.168.1.1 <=================DNS1 DNS2=114.114.114.114 <=============DNS2 GATEWAY=192.168.1.1 <=============網關
5、測試網路
[root@localhost pub]# ping baidu.com PING baidu.com (123.125.114.144) 56(84) bytes of data. 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=52 time=46.7 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=52 time=48.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=52 time=46.6 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=5 ttl=52 time=40.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=6 ttl=52 time=40.9 ms ^C --- baidu.com ping statistics --- 6 packets transmitted, 5 received, 16% packet loss, time 5023ms rtt min/avg/max/mdev = 40.880/44.798/48.869/3.288 ms
二、vsftp 安裝
1、伺服器上安裝,並測試
[root@localhost ~]# yum install -y vsftpd [root@localhost ~]# systemctl start vsftpd [root@localhost ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. [root@localhost ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-10-05 22:36:52 EDT; 50s ago Main PID: 1661 (vsftpd) CGroup: /system.slice/vsftpd.service └─1661 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf Oct 05 22:36:52 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon... Oct 05 22:36:52 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon. Hint: Some lines were ellipsized, use -l to show in full. [root@localhost ~]# yum install -y ftp [root@localhost ~]# ftp 192.168.1.21 Connected to 192.168.1.21 (192.168.1.21). 220 (vsFTPd 3.0.2) Name (192.168.1.21:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,1,21,244,190). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Aug 03 06:10 pub 226 Directory send OK. ftp> quit 221 Goodbye.
2、進階設置
通過第一步的安裝,說明vsftpd已在伺服器上運行,並能在伺服器上訪問,下麵的設置是為了能從網路上訪問a、防火牆
[root@localhost ~]# firewall-cmd --zone=public --add-service=ftp --permanent [root@localhost ~]# firewall-cmd --reload
b、匿名用戶許可權
[root@localhost ~]# cd /etc/vsftpd/ [root@localhost vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh [root@localhost vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F` [root@localhost vsftpd]# ls ftpusers vsftpd.conf vsftpd_conf_migrate.sh user_list vsftpd.conf_2017-10-05 [root@localhost vsftpd]# mkdir /www
[root@localhost vsftpd]# mkdir /www/ftp
[root@localhost vsftpd]# mkdir /www/ftp/pub
[root@localhost vsftpd]# mkdir /www/ftp/pub/upload
[root@localhost vsftpd]# chmod 777 /www/ftp/pub/upload <================匿名用戶口的上傳目錄
[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf <================修改這個配置文件 內容如下
[root@localhost pub]# grep -Ev '(^#\s.*|^#|^$)' /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_mkdir_write_enable=YES
anon_root=/www/ftp/pub
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
c、SElinux設置
550錯誤是vsftpd最為常見的錯誤,多是由SElinux設置、vsftpd.conf和FTP目錄許可權引起,這三者搞清楚,vsftpd設置起來就很容易,如出錯重點也是檢查這三處
[root@localhost ~]# getsebool -a | grep ftpd <====================最小化安裝Selinux 級別為 1 即 ===>Current mode: enforcing ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off
[root@localhost ~]# setsebool -P ftpd_full_access on <========================開啟ftpd全部存取許可權
#========================================如果以上仍然不行,可用 setenforce 0 臨時下調 Selinux 級別 0 相當於關閉Selinux =====可能確定故障點 ==
[root@localhost ~]# setenforce 1 <====================重新開啟Selinux
[root@localhost pub]# systemctl restart vsftpd
三、關鍵
1、防火牆
2、FTP目錄許可權
3、vsftpd.conf設置 參見 http://yuanbin.blog.51cto.com/363003/108262/
4、Selinux級別與開關
