##############################################################################
1. close the firewall service
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl stop firewalld.service //stop the firewall service
#systemctl disable firewalld.service //disable it to luanch when the system starts up
##############################################################################
2. install iptables
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#yum install iptables iptables-services //install iptables
#vim /etc/sysconfig/iptables //edit iptables‘ configuration file
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10060:10090 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Type <- :wq! -> to save it and leave it out.
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl restart iptables.service //restart the firewall for taking effect
#systemctl enable iptables.service //configure the iptables service automatically reboot when the system starts up
Notice that: 21 port is the FTP server‘s port, however, the ports which are needed on the passive mode of the vsftpd are from 10060 port to 10090 port , these ports you can define by yourself, it is up to you.
##############################################################################
3. Close SELINUX
vim /etc/selinux/config
#SELINUX=enforcing #SELINUXTYPE=targeted SELINUX=disabled
:wq! to save and leave it out.
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#setenforce 0 //Enable configuration to take effect immediately
##############################################################################
4. Install vsftpd
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#yum install -y vsftpd //install vsftpd
#install install -y psmisc net-tools systemd-devel libdb-devel perl-DBI
# systemctl start vsftpd.service
#systemctl enable vsftpd.service
##############################################################################
5. Configure vsftpd server‘s configuation file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak
anon_upload_enable=NO anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES chown_uploads=YES #xferlog_file=/var/log/xferlog xferlog_std_format=YES idle_session_timeout=300 data_connection_timeout=1 #nopriv_user=ftpsecure async_abor_enable=YES ascii_upload_enable=YES ascii_download_enable=YES ftpd_banner=Welcome to blah FTP service. #deny_email_enable=YES #banned_email_file=/etc/vsftpd/banned_emails chroot_local_user=YES #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd/chroot_list #ls_recurse_enable=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES use_localtime=YES listen_port=21 guest_enable=YES guest_username=vsftpd user_config_dir=/etc/vsftpd/vconf virtual_use_local_privs=YES pasv_min_port=10060 pasv_max_port=10090 accept_timeout=5 connect_timeout=1 allow_writeable_chroot=YES
##############################################################################
6. create a virtual user list file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#touch /etc/vsftpd/virtusers
#vim /etc/vsftpd/virtusers
web1 123456 web2 123456 web3 123456
:wq! to save and leave it out.
##############################################################################
7. generate a virtual user data file
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#db_load -T -t hash -f /etc/vsftpd/virtusers /etc/vsftpd/virtusers.db
#chmod 600 /etc/vsftpd/virtusers.db
##############################################################################
8. Edit /etc/pam.d/vsftpd file and add some information as below
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.backup
#vim /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/virtusers
Note that: if your system is 32bit system, you can modify lib64 into lib, or you will fail to configure it correct.
##############################################################################
9. Create a system user vsftpd, its home directory is /home/wwwroot, set user login console as /bin/false (in order to disable its login function)
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#useradd vsftpd -m -d /home/wwwroot -s /bin/false
##############################################################################
10. Create the configuration file for the virtual user vsftpd
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#mkdir /etc/vsftpd/vconf
#cd /etc/vsftpd/vconf
#touch web1 web2 web3
#mkdir -p /home/wwwroot/web1/http/
#mkdir -p /home/wwwroot/web2/http/
#mkdir -p /home/wwwroot/web3/http/
#vim web1
local_root=/home/wwwroot/web1/http/ write_enable=YES anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
#vim web2
local_root=/home/wwwroot/web2/http/ write_enable=YES anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
#vim web3
local_root=/home/wwwroot/web3/http/ write_enable=YES anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
##############################################################################
11. Restart vsftpd server
=====THE COMMAND YOU CAN TYPE INTO YOUR CONSOLE======
#systemctl restart vsftpd.service
##############################################################################
Thank you for your reading!
That‘s all, at the same time, it‘s my pleasure to share something I know, hope it will be helpful for you.
##############################################################################
Setup and Configure the vsftpd server in CentOS 7 operation system
原文:http://www.cnblogs.com/stavenVanderbilt/p/5507216.html