?

1.安裝ftp服務

?

1. 首先檢查是否安裝過：?

   #沒有輸出說明當前系統并沒有安裝vsftp
   [root@min2 ~]# rpm -qa|grep vsftpd
   [root@min2 ~]# 

2. 方式一“離線安裝”(二選一)
   準備離線安裝包：vsftpd-2.2.2-21.el6.x86_64.rpm
   上傳文件到linux：
   
   并按如下命令安裝：

   [root@min2 apps]# rpm -iv vsftpd-2.2.2-21.el6.x86_64.rpm 
   warning: vsftpd-2.2.2-21.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
   Preparing packages for installation...
   vsftpd-2.2.2-21.el6
   

3. 方式二“yan線安裝”(二選一)

   [root@min2 apps]# yum -y install vsftpd
   Loaded plugins: fastestmirror
   base                                                      | 3.7 kB     00:00     
   base/primary_db                                           | 4.7 MB     00:01     
   extras                                                    | 3.4 kB     00:00     
   extras/primary_db                                         |  27 kB     00:00     
   updates                                                   | 3.4 kB     00:00     
   updates/primary_db                                        | 3.0 MB     00:02     
   Setting up Install Process
   Resolving Dependencies
   --> Running transaction check
   ---> Package vsftpd.x86_64 0:2.2.2-24.el6 will be installed
   --> Finished Dependency ResolutionDependencies Resolved=================================================================================Package          Arch             Version                  Repository      Size
   =================================================================================
   Installing:vsftpd           x86_64           2.2.2-24.el6             base           156 kTransaction Summary
   =================================================================================
   Install       1 Package(s)Total download size: 156 k
   Installed size: 340 k
   Downloading Packages:
   vsftpd-2.2.2-24.el6.x86_64.rpm                            | 156 kB     00:00     
   warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
   Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
   Importing GPG key 0xC105B9DE:Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
   Running rpm_check_debug
   Running Transaction Test
   Transaction Test Succeeded
   Running TransactionInstalling : vsftpd-2.2.2-24.el6.x86_64                                    1/1 Verifying  : vsftpd-2.2.2-24.el6.x86_64                                    1/1 Installed:vsftpd.x86_64 0:2.2.2-24.el6                                                   Complete!
   

   ?

2.配置/etc/vsftpd/vsftpd.conf

?編輯文件

vi /etc/vsftpd/vsftpd.conf

#Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES#
# You may fully customise the login banner string:
ftpd_banner=Welcome to lightnear FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YESpam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
#local_root=/var/www
tcp_wrappers=YES
use_localtime=YES
pasv_enable=YES
pasv_min_port=3000
pasv_max_port=3100

3.添加例外用戶?

編輯 配置文件（沒有則新建）：/etc/vsftpd/chroot_list

[root@min2 vsftpd]# vi chroot_list#編輯內容一行一個用戶名 :wq保存退出
ftpuser

?編輯配置文件：/etc/vsftpd/user_list

[root@min2 vsftpd]# vi user_list #編輯內容一行一個用戶名 :wq保存退出
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
ftpuser

4.創建用戶及目錄

?創建用戶并設置密碼：

備注：如下命令目錄默認所有權歸ftpuser所有，如果需要給用戶修改目錄權限使用linux的權限機制編輯即可

#-d 表示指定ftpuser用戶的主目錄為/home/ftpuser
#-s 表示限定用戶ftpuser不能telnet，只能ftp
[root@min2 vsftpd]# useradd -d /var/ftpuser  -s /sbin/nologin  ftpuser#使用passwd設置用戶密碼
[root@min2 vsftpd]# passwd ftpuser

5.設置為開機啟動

[root@localhost var]# chkconfig vsftpd on

6.550權限問題

?查看FTP權限設置

[root@min2 ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off

?其中，ftp_home_dir和allow_ftpd_full_access必須為on 才能使vsftpd 具有訪問ftp根目錄，以及文件傳輸等權限。

運行以下命令：

[root@min2 ~]# setsebool -P ftp_home_dir 1
[root@min2 ~]# setsebool -P allow_ftpd_full_access 1

重新登陸ftp再試，不出意外上述問題則可以解決。

?

7.把ftp端口添加到防火墻

[root@min2 home]#  vi /etc/sysconfig/iptables#在文件中追加以下配置編輯內容，編輯保存后：wq退出
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000:3100 -j ACCEPT#重啟防火墻
[root@min2 home]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

?

6.登錄測試??

創建文件夾：

7.卸載FTP

如果需要卸載ftp重新安裝則執行如下命令：

#1.檢查安裝的版本
[root@min2 vsftpd]# rpm -aq vsftpd
vsftpd-2.2.2-21.el6.x86_64#如果在運行則先停止vsftp 服務
[root@min2 vsftpd]#service vsftpd stop#卸載輸出 查找vsftpd的返回結果
[root@min2 vsftpd]# rpm -e vsftpd-2.2.2-21.el6.x86_64
warning: /etc/vsftpd/vsftpd.conf saved as /etc/vsftpd/vsftpd.conf.rpmsave
warning: /etc/vsftpd/user_list saved as /etc/vsftpd/user_list.rpmsave
#刪除返回的結果指向的文件
rm -rf /etc/vsftpd/vsftpd.conf.rpmsave
rm -rf /etc/vsftpd/user_list.rpmsave

?

總結

以上是生活随笔為你收集整理的Linux 中FTP服务的应用（安装配置）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。