1. 程式人生 > >CentOS7 +vsftpd (一)之 匿名

CentOS7 +vsftpd (一)之 匿名

網絡設備 scripts /usr yml list packet 如果 sting cmp

CentOS7 +vsftpd (一)之 匿名

ftp的搭建是一個基礎性的工作,CentOS7 +vsftpd 是一個比較容易實現的平臺,但在搭建中問題會不少,本系列將通過四篇隨筆與大家分享。

一、CentOS7

1、實驗環境為:VMware Workstation Pro +CentOS 7 64位最小化安裝(略)(網絡采用橋接方式)。

2、安裝完後,網絡設置(如果未能啟用網絡,請采用以下步驟)

[[email protected] pub]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.21  netmask 255.255.255.0  broadcast 192.168.1.255 <======================未啟用網絡設備,沒有這些IP,請執行 ifup ens33
        inet6 fe80::ccbe:f76:f63f:8270  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:09:37:0a  txqueuelen 1000  (Ethernet)
        RX packets 4721  bytes 426895 (416.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3090  bytes 384658 (375.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[[email protected] pub]# ifup ens33 <=======================ens33 你的網絡設備名,

3、安裝工具 VIM

yum install -y vim

4、設置靜態IP地址

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33  <=======================ens33 你的網絡設備名
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=4c9cac13-3d1d-451a-88ba-91aaddfa09d5
DEVICE=ens33
ONBOOT=yes <=======================開機啟動
BOOTPROTO=static <=================靜態IP方式
IPADDR=192.168.1.21 <================IP
NETMASK=255.255.255.0 <=================子網掩碼
DNS1=192.168.1.1 <=================DNS1
DNS2=114.114.114.114 <=============DNS2
GATEWAY=192.168.1.1 <=============網關

5、測試網絡

[[email protected] pub]# ping baidu.com
PING baidu.com (123.125.114.144) 56(84) bytes of data.
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=52 time=46.7 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=52 time=48.8 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=52 time=46.6 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=5 ttl=52 time=40.8 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=6 ttl=52 time=40.9 ms
^C
--- baidu.com ping statistics ---
6 packets transmitted, 5 received, 16% packet loss, time 5023ms
rtt min/avg/max/mdev = 40.880/44.798/48.869/3.288 ms

二、vsftp 安裝

1、服務器上安裝,並測試

[[email protected] ~]# yum install -y vsftpd

[[email protected] ~]# systemctl start vsftpd
[[email protected] ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[[email protected] ~]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-10-05 22:36:52 EDT; 50s ago
 Main PID: 1661 (vsftpd)
   CGroup: /system.slice/vsftpd.service
           └─1661 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Oct 05 22:36:52 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
Oct 05 22:36:52 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.
Hint: Some lines were ellipsized, use -l to show in full.


 [[email protected] ~]# yum install -y ftp

[[email protected] ~]# ftp 192.168.1.21
Connected to 192.168.1.21 (192.168.1.21).
220 (vsFTPd 3.0.2)
Name (192.168.1.21:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,21,244,190).
150 Here comes the directory listing.
drwxr-xr-x    2 0        0               6 Aug 03 06:10 pub
226 Directory send OK.
ftp> quit
221 Goodbye.

2、進階設置

通過第一步的安裝,說明vsftpd已在服務器上運行,並能在服務器上訪問,下面的設置是為了能從網絡上訪問a、防火墻

[[email protected] ~]# firewall-cmd --zone=public --add-service=ftp --permanent

[[email protected] ~]# firewall-cmd --reload

b、匿名用戶權限

[[email protected] ~]# cd /etc/vsftpd/
[[email protected] vsftpd]# ls
ftpusers  user_list  vsftpd.conf  vsftpd_conf_migrate.sh
[[email protected] vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F`
[[email protected] vsftpd]# ls
ftpusers   vsftpd.conf             vsftpd_conf_migrate.sh
user_list  vsftpd.conf_2017-10-05

[[email protected] vsftpd]# mkdir /www
[[email protected] vsftpd]# mkdir /www/ftp
[roo[email protected] vsftpd]# mkdir /www/ftp/pub
[[email protected] vsftpd]# chmod 777 /www/ftp/pub <================匿名用戶口的上傳目錄
[[email protected] pub]# vim /etc/vsftpd/vsftpd.conf <================修改這個配置文件 內容如下
[[email protected] pub]# grep -Ev ‘(^#\s.*|^#|^$)‘ /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_mkdir_write_enable=YES
anon_root=/www/ftp
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

c、SElinux設置

550錯誤是vsftpd最為常見的錯誤,多是由SElinux設置、vsftpd.conf和FTP目錄權限引起,這三者搞清楚,vsftpd設置起來就很容易,如出錯重點也是檢查這三處

[[email protected] ~]# getsebool -a | grep ftpd <====================最小化安裝Selinux 級別為 1 即 ===>Current mode:  enforcing
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
[[email protected] ~]# setsebool -P ftpd_full_access on <========================開啟ftpd全部存取權限



#========================================如果以上仍然不行,可用 setenforce 0 臨時下調 Selinux 級別 0 相當於關閉Selinux =====可能確定故障點 ==

[[email protected] ~]# setenforce 1 <====================重新開啟Selinux
[[email protected] pub]# systemctl restart vsftpd



三、關鍵

1、防火墻

2、FTP目錄權限

3、vsftpd.conf設置 參見 http://yuanbin.blog.51cto.com/363003/108262/

4、Selinux級別與開關

CentOS7 +vsftpd (一)之 匿名