【记录】cent OS 7.6 搭建ftp (详细到窒息)

  最近公司要求搭建ftp,查阅多方资料已搭建成功

 

1:安装net-tools工具,已安装可忽略

yum install net-tools

 

2:更新yum

yum update -y

 

3:安装ftp

yum install -y vsftpd

 

4:安装ftp客户端

yum install -y ftp

 

5:查看ftp版本

rpm -qa | grep vsftpd

 

 

 

6:查看防火墙端口

service firewalld status

 

7:启动ftp

service vsftpd start

 

8:防火墙添加21端口

firewall-cmd --zone=public --permanent --add-port=21/tcp

firewall-cmd --zone=public --permanent --add-service=ftp

 

9:防火墙重启

firewall-cmd --reload

 

10:防火墙设置列表

 firewall-cmd --list-all

 

 

11:ftp的两种连接模式port主动模式、pasv被动模式,这两种模式端口不太一样,建议用被动模式

想了解更多的朋友可以移步下面几篇文章:

linux下FTP客户端主动模式设置:https://blog.csdn.net/yuanyuan_186/article/details/8705602

ftp的主动模式active mode和被动模式 passive mode的配置和区:https://www.cnblogs.com/linuxws/articles/11035545.html

FTP(文件传输协议)的主动模式与被动模式:https://www.toutiao.com/a4633248032/

Linux vsftpd 内网服务器 被动模式配置外网访问 部分填坑:https://blog.csdn.net/hajistark/article/details/82954777

vsftpd 主动被动模式的坑:https://www.cnblogs.com/augusite/p/11232680.html

详解ftp连接超时如何配置主动模式解决:https://www.toutiao.com/a6765078267931132427/

Vsftp的PASV mode(被动模式传送)和Port模式及 Linux下VsFTP配置全方案:https://blog.csdn.net/binsoft/article/details/44595677

12:测试连接ftp,会让你输入账号密码,默认端口21不用填

ftp xxx.xxx.xx.xx

进入ftp后,ftp命令及响应码见本文最后

 

---------------------------------以下设置新增用户访问、禁止匿名访问、pasv被动模式设置、端口修改----------------------------

13:先备份配置文件防止以后出错回复

cp -f /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default

 

14:编辑ftp配置文件

vim /etc/vsftpd/vsftpd.conf

 

15:将本人的配置贴出来供大家参考

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#是否允许匿名用户登陆
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
#本地账号允许登陆ftp
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#允许用户上传数据
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#上传文件默认权限755
local_umask=000
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# 当用户进入某个目录时,会显示该目录需要注意的内容,显示的档案默认是 .message
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
# 当设定为 YES 时,使用者上传与下载文件都会被纪录起来
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#主动模式,FTP数据端口
#connect_from_port_20=NO
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#日志开启并格式化
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#等待输入FTP指令的空闲时间(秒)。初次连上FTP服务后、或上一次FTP指令执行完成后,开始计时。相当于使用FTP客户端命令行工具时,出现输入提示符,等待用户输入的时间。
# 这个时间超时,客户端的(一个TCP,命令)连接会被断开。
idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
# 等待数据传输(上传/下载)的空闲时间(秒)。当FTP服务端每接收/或发送一次数据包(trans_chunk_size大小,默认值是8KB),就会复位一次这个定时器。相当于使用FTP客户端命令行工具时,出现传输速率为0的持续时间。
# 这个时间超时,客户端的(两个TCP,命令与数据)连接都会被断开
data_connection_timeout=300
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
# 默认情况下服务器会假装接受ASCⅡ模式请求但实际上是忽略这样的请求,启用上述的两个选项可以让服务器真正实现ASCⅡ模式的传输。
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#限制用户只能在自己的目录
chroot_local_user=NO
#/etc/vsftpd/chroot_list文件里的用户是不被限制home的
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
#若设定为 YES 表示 vsftpd 是以 standalone 的方式来启动的,设置为NO时以xinetd方式启
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
# 设置项用于设置FTP服务器所允许的最大客户端连接数,值为0时表示不限制。例如max_client=100表示FTP服务器的所有客户端最大连接数不超过100个。
#max_client=0
#设置项用于设置对于同一IP地址允许的最大客户端连接数,值为0时表示不限制。例如max_per_ip=5表示同一IP地址的FTP客户机与FTP服务器建立的最大连接数不超过5个。
#max_per_ip=0
#禁用IPV6
listen_ipv6=NO
#虚拟用户使用PAM认证方式,设置PAM模块名称
pam_service_name=vsftpd
#启用vstpd的抵挡机制,禁用一些用户登陆
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
#当userlist_enable设置为YES时,则/etc/vsftpd/user_list文件里的用户禁止登陆FTP,如果为NO,则只允许此文件中的用户登陆
userlist_deny=NO
#tcp_wrappers使用/etc/hosts.allow和/etc/hosts.deny两个配置文件实现主机访问控制
tcp_wrappers=YES
#启用chroot,必须保证ftp根目录不可写,此选项可忽略此问题
allow_writeable_chroot=YES
listen_port=9090
#listen_data_port=10221
#-------------------主动模式
#主动模式开启
port_enable=NO
#主动模式,是否启用20端口监听
connect_from_port_20=NO
#主动模式指定数据端口
ftp_data_port=10221
#-------------------以下是被动模式
#设置启用被动模式
pasv_enable=YES
#被动模式启用端口范围,如果值设置为0,则使用随机端口
pasv_min_port=10221
pasv_max_port=10222
#关闭PASV模式的安全检查,该检查确保数据连接和控制连接是来自同一个IP地址,此选项唯一合理的用法是存在于由安全隧道方案构成的组织中。默认为NO,开启安全检查  YES关闭
pasv_promiscuous=YES
#如果服务器是在局域网,而外网需要访问,则还要增加下面两行配置,pasv_address后面的IP为公网IP地址
#pasv_addr_resolve,注意放在 pasv_address 前面
#允许vsftpd去欺骗客户
pasv_addr_resolve=YES
pasv_address=113.229.645.12
#欢迎语句
ftpd_banner=Welcome to FTP Service

 

16:修改services ftp端口

vim /etc/services

 

 将端口改成9090

 

17:新增用户

useradd -g ftp test

默认的路径是 /home/test下面,可以自定义用户路径

 

18:更改用户路径为/upload目录下

usermod -d /upload test

 

19:设置用户密码

passwd test

 

20:切换selinux为宽容模式

setenforce 0

SELinux工作模式设置(getenforce、setenforce和sestatus命令):http://c.biancheng.net/view/3921.html

 

或者更改文件

vim /etc/sysconfig/selinux

将 selnux=enforcing 改成 selinux=disabled

 

21:重启服务器

reboot

 

22:添加用户权限

vim /etc/vsftpd/chroot_list

添加用户test

vim /etc/vsftpd/user_list

添加用户test

 

具体权限配置参考如下文章:

vsftpd中关于ftpusers和user_list两个文件的说明以及vsftpd.conf中的userlist_enable和userlist_deny两个配置项的解释:https://blog.csdn.net/bluishglc/article/details/42273197

 

23:测试

ftp xxx.xxx.xx.xx 9090

 

24:输入账号密码

25:ls

 

 

 

至此,ftp搭建成功!

以下参考地址:

linux 下FTP安装配置详解:https://www.toutiao.com/a6730053178626146824/

vsftpd的配置文件说明:https://www.cnblogs.com/fly-allblue/p/3569252.html

FTP常用命令及代码和响应码:https://blog.csdn.net/nowhere_/article/details/44877439

Linux的/etc/services文件的作用?:https://blog.csdn.net/mydriverc2/article/details/79892948

 

问题:
500 Illegal PORT command.
ftp: bind: Address already in use

解决:
ftp> quote pasv
227 Entering Passive Mode (192,168,0,112,164,248).
ftp> passive
Passive mode on.

墙裂推荐:

史上最详细的vsftpd配置文件讲解https://www.cnblogs.com/helonghl/articles/5533857.html

 

 

 

 

 

 

 

 

 

 

 

 

 

posted @ 2020-05-29 13:57  -天道酬勤-  阅读(624)  评论(0编辑  收藏  举报