{"id":2767,"date":"2017-10-11T13:17:57","date_gmt":"2017-10-11T05:17:57","guid":{"rendered":"http:\/\/cn.hostease.com\/xueyuan\/?p=2767"},"modified":"2017-10-11T13:17:57","modified_gmt":"2017-10-11T05:17:57","slug":"centos-7-x-vsftpd%e7%9a%84%e5%ae%89%e8%a3%85%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/cn.hostease.com\/xueyuan\/hemanual\/centos-7-x-vsftpd%e7%9a%84%e5%ae%89%e8%a3%85%e9%85%8d%e7%bd%ae\/","title":{"rendered":"CentOS 7.x vsftpd\u7684\u5b89\u88c5\u914d\u7f6e"},"content":{"rendered":"

vsftpd\u5b89\u88c5<\/h3>\n

yum\u5b89\u88c5vsftpd<\/p>\n

yum -y install<\/span> vsftpd<\/code><\/pre>\n
\u68c0\u67e5\u662f\u5426\u5b89\u88c5<\/p>\n
 rpm -qa|grep vsftpd<\/span><\/code><\/pre>\n
\u521b\u5efaftp\u7528\u6237\u7684\u76ee\u5f55<\/p>\n
mkdir<\/span> \/ftphome<\/code><\/pre>\n
\u521b\u5efa\u865a\u62df\u7528\u6237\u53ef\u4ee5\u4f7f\u7528ftp\u4e0d\u80fd\u767b\u9646\u7cfb\u7edf<\/p>\n
usadd ftpuser -d<\/span> \/ftpfile -s<\/span> \/sbin\/nolog\r\npasswd ftpuser\r\n\/\/\u8f93\u5165\u5bc6\u7801<\/span><\/code><\/pre>\n
\u4fee\u6539ftphome\u6743\u9650\u5e76\u6dfb\u52a0\u7528\u6237\u914d\u7f6e\u6587\u4ef6\u6700\u540e\u9700\u8981\u5c06\u914d\u6587\u4ef6\u5f15\u7528\u5230ftp\u914d\u7f6e\u4e2d<\/p>\n
chown -R<\/span> ftpuser.ftpuser \/ftphome\r\nvim chroot_list :wq<\/span>\u4fdd\u5b58\u9000\u51fa<\/code><\/pre>\n
\u4fee\u6539selinux<\/p>\n
vim \/etc\/selinux\/config \u4fee\u6539 SELINUX<\/span>=disable <\/span><\/code><\/pre>\n
\u914d\u7f6evsftpd.conf<\/p>\n
vim \/etc\/vsftpd\/vsftpd.conf<\/span> <\/code><\/pre>\n
local_root<\/span>=\/ftphome \r\n#chroot_local_user=YES <\/span>\r\nanon_root<\/span>=\/ftphome\r\nuse_localtime<\/span>=YES\r\n\r\n#\u533f\u540d<\/span>\r\n#anonymous_enable=YES<\/span>\r\nanonymous_enable<\/span>=NO\r\nlocal_enable<\/span>=YES\r\n# Uncomment this to enable any form of FTP write command.<\/span>\r\nwrite_enable<\/span>=YES\r\n# Default umask for local users is 077. You may wish to change this to 022,<\/span>\r\n# if your users expect that (022 is used by most other ftpd's)<\/span>\r\nlocal_umask<\/span>=022\r\n#anon_upload_enable=YES<\/span>\r\n#anon_mkdir_write_enable=YES<\/span>\r\ndirmessage_enable<\/span>=YES\r\nxferlog_enable<\/span>=YES\r\nconnect_from_port_20<\/span>=YES\r\n#chown_uploads=YES<\/span>\r\n#chown_username=whoever<\/span>\r\nxferlog_std_format<\/span>=YES\r\n#xferlog_file=\/var\/log\/xferlog<\/span>\r\nxferlog_std_format<\/span>=YES\r\n#ascii_upload_enable=YES<\/span>\r\n#ascii_download_enable=YES<\/span>\r\nftpd_banner<\/span>=Welcome to FTP Server\r\nchroot_local_user<\/span>=NO\r\nchroot_list_enable<\/span>=YES\r\nchroot_list_file<\/span>=\/etc\/vsftpd\/chroot_list\r\nlisten<\/span>=YES\r\n#listen_ipv6=YES<\/span>\r\npam_service_name<\/span>=vsftpd\r\nuserlist_enable<\/span>=YES\r\ntcp_wrappers<\/span>=YES\r\n#pasv_enable=YES<\/span>\r\npasv_min_port<\/span>=61001\r\npasv_max_port<\/span>=62000\r\nallow_writeable_chroot<\/span>=YES<\/code><\/pre>\n
\u6dfb\u52a0ftp\u5f00\u673a\u81ea\u542f<\/p>\n
systemctl enable vsftpd.service<\/span><\/code><\/pre>\n
\u5b89\u88c5ftp\u5ba2\u6237\u7aef\u68c0\u9a8c<\/p>\n
yum -y install ftp<\/span><\/code><\/pre>\n
\u914d\u7f6efirewall\u9632\u706b\u5899<\/h3>\n
firewall\u5e38\u7528\u547d\u4ee4<\/p>\n
1<\/span>\u3001\u91cd\u542f\u3001\u5173\u95ed\u3001\u5f00\u542ffirewalld.<\/span>service\u670d\u52a1\r\nservice firewalld restart \u91cd\u542f\r\nservice firewalld start \u5f00\u542f\r\nservice firewalld stop \u5173\u95ed\r\n2<\/span>\u3001\u67e5\u770bfirewall\u670d\u52a1\u72b6\u6001\r\nsystemctl status firewall\r\n3<\/span>\u3001\u67e5\u770bfirewall\u7684\u72b6\u6001\r\nfirewall-cmd<\/span> --<\/span>state\r\n4<\/span>\u3001\u67e5\u770b\u9632\u706b\u5899\u89c4\u5219\r\nfirewall-cmd<\/span> --<\/span>list<\/span>-all<\/span> <\/code><\/pre>\n
\u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\uff08\u4e24\u79cd\u65b9\u5f0f\uff09\u00a0 \u4ee4\u540d\u65b9\u5f0f<\/p>\n
 vim \/etc\/firewalld\/zones\/public<\/span>.<\/span>xml<\/span><\/code><\/pre>\n
 <rule<\/span> family<\/span>=\"ipv4\"<\/span>><\/span>\r\n    <port<\/span> protocol<\/span>=\"tcp\"<\/span> port<\/span>=\"61001-62000\"<\/span>\/><\/span>\r\n    <accept<\/span>\/><\/span>\r\n  <\/rule<\/span>><\/span>\r\n  <rule<\/span> family<\/span>=\"ipv4\"<\/span>><\/span>\r\n    <port<\/span> protocol<\/span>=\"tcp\"<\/span> port<\/span>=\"21\"<\/span>\/><\/span>\r\n    <accept<\/span>\/><\/span>\r\n  <\/rule<\/span>><\/span>\r\n  <rule<\/span> family<\/span>=\"ipv4\"<\/span>><\/span>\r\n    <port<\/span> protocol<\/span>=\"tcp\"<\/span> port<\/span>=\"20\"<\/span>\/><\/span>\r\n    <accept<\/span>\/><\/span>\r\n  <\/rule<\/span>><\/span><\/code><\/pre>\n
\u56fe\u5f62\u65b9\u5f0f<\/p>\n
yum -y<\/span> install firewall-config<\/span>\r\n\/\/\u5b89\u88c5\u6210\u529f\u540e\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5728\u5f39\u51fa\u754c\u9762\u8fdb\u884c\u914d\u7f6e<\/span>\r\nfirewall-config<\/span><\/code><\/pre>\n
\u719f\u6089iptables\u7684\u53ef\u4ee5\u6309\u7167\u4e0b\u9762\u7684\u65b9\u5f0f\u914d\u7f6e\u00a0 \u7531\u4e8ecentos7 \u81ea\u5e26\u7684\u662ffirewall\u6ca1\u6709iptables\u6211\u4eec\u8981\u7981\u7528firewall\u5b89\u88c5\u914d\u7f6e\u914d\u7f6eiptables\u00a0 \u7981\u7528firewall<\/p>\n
systemctl stop firewalld.service<\/span> #\u505c\u6b62firewall<\/span>\r\nsystemctl disable firewalld.service<\/span> #\u7981\u6b62firewall\u5f00\u673a\u542f\u52a8<\/span><\/code><\/pre>\n
\u5b89\u88c5iptables<\/p>\n
#\u5148\u68c0\u67e5\u662f\u5426\u5b89\u88c5\u4e86iptables<\/span>\r\nservice iptables status\r\n#\u5b89\u88c5iptables<\/span>\r\nyum install -y iptables\r\n#\u5347\u7ea7iptables<\/span>\r\nyum update iptables \r\n#\u5b89\u88c5iptables-services<\/span>\r\nyum install iptables-services <\/code><\/pre>\n
\u914d\u7f6eiptables<\/p>\n
vim \/etc\/sysconfig\/iptables<\/code><\/pre>\n
-A<\/span> INPUT  -p<\/span> TCP --<\/span>dport 61001<\/span>:62000<\/span> -j<\/span> ACCEPT  \r\n-A<\/span> OUTPUT -p<\/span> TCP --<\/span>sport 61001<\/span>:62000<\/span> -j<\/span> ACCEPT \r\n-A<\/span> INPUT  -p<\/span> TCP --<\/span>dport 20<\/span> -j<\/span> ACCEPT   \r\n-A<\/span> OUTPUT -p<\/span> TCP --<\/span>sport 20<\/span> -j<\/span> ACCEPT\r\n-A<\/span> INPUT  -p<\/span> TCP --<\/span>dport 21<\/span> -j<\/span> ACCEPT\r\n-A<\/span> OUTPUT -p<\/span> TCP --<\/span>sport 21<\/span> -j<\/span> ACCEPT<\/code><\/pre>\n
\u4fee\u6539iptable\u5f00\u673a\u542f\u52a8<\/p>\n
systemctl enable iptables.service<\/span> #iptables\u5f00\u673a\u542f\u52a8<\/span><\/code><\/pre>\n
\u91cd\u65b0\u542f\u52a8\u673a\u5668\uff08\u4fee\u6539\u4e86selinux\u91cd\u65b0\u542f\u52a8\u8ba9\u914d\u7f6e\u751f\u6548\uff09<\/p>\n
\u5e38\u7528\u547d\u4ee4\r\nsystemctl stop firewalld.service<\/span> #\u505c\u6b62firewall<\/span>\r\nsystemctl disable firewalld.service<\/span> #\u7981\u6b62firewall\u5f00\u673a\u542f\u52a8<\/span>\r\nsystemctl stop iptables.service<\/span> #\u505c\u6b62iptables<\/span>\r\nsystemctl disable iptables.service<\/span> #\u7981\u6b62iptables\u5f00\u673a\u542f\u52a8<\/span>\r\nsystemctl restart vsftpd.service<\/span> #\u91cd\u65b0\u542f\u52a8ftp\u670d\u52a1<\/span><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
vsftpd\u5b89\u88c5 yum\u5b89\u88c5vsftpd yum -y install vsftpd \u68c0\u67e5\u662f\u5426\u5b89\u88c5 rpm – … \u9605\u8bfb\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,49,5],"tags":[786,124],"class_list":["post-2767","post","type-post","status-publish","format-standard","hentry","category-hemanual","category-linux","category-jishu","tag-centos-7-x","tag-vsftpd"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/comments?post=2767"}],"version-history":[{"count":1,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2767\/revisions"}],"predecessor-version":[{"id":2768,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2767\/revisions\/2768"}],"wp:attachment":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/media?parent=2767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/categories?post=2767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/tags?post=2767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}