第一步、使用yum安装vsftpd
[root@localhostyum.repos.d]# yum install -y vsftpd
Loaded plugins:fastestmirror, refresh-packagekit, security
Determiningfastest mirrors
...省略...
Installed:
vsftpd.x86_64 0:2.2.2-14.el6
Complete!
第二步、禁止匿名登录
我的测试机上是使用root作为ftp的登录用户,这就省略了ftp用户的建立过程,当然这是不安全的。
我禁止了匿名登录。anonymous_enable=YES改为NO。
[13:54:34][root@localhost~]# vi /etc/vsftpd/vsftpd.conf
# Example configfile /etc/vsftpd/vsftpd.conf
#
# The defaultcompiled in settings are fairly paranoid. This sample file
# loosens thingsup a bit, to make the ftp daemon more usable.
# Please seevsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: Thisexample file is NOT an exhaustive list of vsftpd options.
# Please read thevsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymousFTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment thisto allow local users to log in.
local_enable=YES
#
# Uncomment thisto enable any form of FTP write command.
write_enable=YES
#
# Default umaskfor local users is 077. You may wish to change this to 022,
# if your usersexpect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment thisto allow the anonymous FTP user to upload files. This only
# has an effect ifthe above global write enable is activated. Also, you will
# obviously needto create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment thisif you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activatedirectory messages - messages given to remote users when they
# go into acertain directory.
dirmessage_enable=YES
...其他部分省略...
第三步、开放21端口
[root@localhost~]# vi /etc/sysconfig/iptables
# Firewallconfiguration written by system-config-firewall
# Manualcustomization of this file is not recommended.
*filter
:INPUT ACCEPT[0:0]
:FORWARD ACCEPT[0:0]
:OUTPUT ACCEPT[0:0]
-A INPUT -m state--state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp-j ACCEPT
-A INPUT -i lo -jACCEPT
-A INPUT -m state--state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21-j ACCEPT
-A INPUT -j REJECT--reject-with icmp-host-prohibited
-A FORWARD -jREJECT --reject-with icmp-host-prohibited
COMMIT
之后,重启iptables服务
[root@localhost~]#
[root@localhost~]# service iptables restart
iptables: Settingchains to policy ACCEPT: filter [ OK ]
iptables: Flushingfirewall rules: [ OK ]
iptables:Unloading modules: [ OK ]
iptables: Applyingfirewall rules: [ OK ]
第四步、放开用户访问权限
将allow_ftpd_full_access、ftp_home_dir值设为开启,数字值是1。
[root@localhost~]# setsebool -P allow_ftpd_full_access1
[root@localhost~]# setsebool -P ftp_home_dir 1
最后,重启ftp服务
[root@localhost~]# service vsftpd restart
Shutting downvsftpd: [ OK ]
Starting vsftpdfor vsftpd: [ OK ]
好了,到此,ftp服务就架设好了,但是在客户端使用root用户登陆时会报错,这是因为默认是不允许root用户访问ftp的,需要编辑 /etc/vsftpd/ftpusers 和/etc/vsftpd/user_list ,将这2个文件中的root用户删除或注视掉就行了。
另外,在ftp客户端,如果想在本地执行命令,需要在命令前加!(叹号)。如想查看本地当前路径下有什么文件,如下:
ftp> !dir
驱动器 D 中的卷是 软件
卷的序列号是 000F-07D1
D:\用户\Desktop 的目录
2015/09/22 13:52 <DIR> .
2015/09/22 13:52 <DIR> ..
2015/03/17 16:36 33,115,516 mysql-5.6.22.tar.gz
2015/09/22 13:50 17,560 新建 Microsoft Office Word 文档.docx
2 个文件 33,133,076 字节
2 个目录 97,620,426,752 可用字节