CentOS7 +vsftpd (一)之 匿名
阿新 • • 發佈:2017-10-06
網絡設備 scripts /usr yml list packet 如果 sting cmp
CentOS7 +vsftpd (一)之 匿名
ftp的搭建是一個基礎性的工作,CentOS7 +vsftpd 是一個比較容易實現的平臺,但在搭建中問題會不少,本系列將通過四篇隨筆與大家分享。
一、CentOS7
1、實驗環境為:VMware Workstation Pro +CentOS 7 64位最小化安裝(略)(網絡采用橋接方式)。
2、安裝完後,網絡設置(如果未能啟用網絡,請采用以下步驟)
[[email protected] pub]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255 <======================未啟用網絡設備,沒有這些IP,請執行 ifup ens33 inet6 fe80::ccbe:f76:f63f:8270 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:09:37:0a txqueuelen 1000 (Ethernet) RX packets 4721 bytes 426895 (416.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3090 bytes 384658 (375.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [[email protected] pub]# ifup ens33 <=======================ens33 你的網絡設備名,
3、安裝工具 VIM
yum install -y vim
4、設置靜態IP地址
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 <=======================ens33 你的網絡設備名 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=4c9cac13-3d1d-451a-88ba-91aaddfa09d5 DEVICE=ens33 ONBOOT=yes <=======================開機啟動 BOOTPROTO=static <=================靜態IP方式 IPADDR=192.168.1.21 <================IP NETMASK=255.255.255.0 <=================子網掩碼 DNS1=192.168.1.1 <=================DNS1 DNS2=114.114.114.114 <=============DNS2 GATEWAY=192.168.1.1 <=============網關
5、測試網絡
[[email protected] pub]# ping baidu.com PING baidu.com (123.125.114.144) 56(84) bytes of data. 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=52 time=46.7 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=52 time=48.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=52 time=46.6 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=5 ttl=52 time=40.8 ms 64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=6 ttl=52 time=40.9 ms ^C --- baidu.com ping statistics --- 6 packets transmitted, 5 received, 16% packet loss, time 5023ms rtt min/avg/max/mdev = 40.880/44.798/48.869/3.288 ms
二、vsftp 安裝
1、服務器上安裝,並測試
[[email protected] ~]# yum install -y vsftpd [[email protected] ~]# systemctl start vsftpd [[email protected] ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. [[email protected] ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-10-05 22:36:52 EDT; 50s ago Main PID: 1661 (vsftpd) CGroup: /system.slice/vsftpd.service └─1661 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf Oct 05 22:36:52 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon... Oct 05 22:36:52 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon. Hint: Some lines were ellipsized, use -l to show in full. [[email protected] ~]# yum install -y ftp [[email protected] ~]# ftp 192.168.1.21 Connected to 192.168.1.21 (192.168.1.21). 220 (vsFTPd 3.0.2) Name (192.168.1.21:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,1,21,244,190). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Aug 03 06:10 pub 226 Directory send OK. ftp> quit 221 Goodbye.
2、進階設置
通過第一步的安裝,說明vsftpd已在服務器上運行,並能在服務器上訪問,下面的設置是為了能從網絡上訪問a、防火墻
[[email protected] ~]# firewall-cmd --zone=public --add-service=ftp --permanent [[email protected] ~]# firewall-cmd --reload
b、匿名用戶權限
[[email protected] ~]# cd /etc/vsftpd/ [[email protected] vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh [[email protected] vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F` [[email protected] vsftpd]# ls ftpusers vsftpd.conf vsftpd_conf_migrate.sh user_list vsftpd.conf_2017-10-05 [[email protected] vsftpd]# mkdir /www
[[email protected] vsftpd]# mkdir /www/ftp
[roo[email protected] vsftpd]# mkdir /www/ftp/pub
[[email protected] vsftpd]# chmod 777 /www/ftp/pub <================匿名用戶口的上傳目錄
[[email protected] pub]# vim /etc/vsftpd/vsftpd.conf <================修改這個配置文件 內容如下
[[email protected] pub]# grep -Ev ‘(^#\s.*|^#|^$)‘ /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_mkdir_write_enable=YES
anon_root=/www/ftp
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
c、SElinux設置
550錯誤是vsftpd最為常見的錯誤,多是由SElinux設置、vsftpd.conf和FTP目錄權限引起,這三者搞清楚,vsftpd設置起來就很容易,如出錯重點也是檢查這三處
[[email protected] ~]# getsebool -a | grep ftpd <====================最小化安裝Selinux 級別為 1 即 ===>Current mode: enforcing ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off
[[email protected] ~]# setsebool -P ftpd_full_access on <========================開啟ftpd全部存取權限
#========================================如果以上仍然不行,可用 setenforce 0 臨時下調 Selinux 級別 0 相當於關閉Selinux =====可能確定故障點 ==
[[email protected] ~]# setenforce 1 <====================重新開啟Selinux
[[email protected] pub]# systemctl restart vsftpd
三、關鍵
1、防火墻
2、FTP目錄權限
3、vsftpd.conf設置 參見 http://yuanbin.blog.51cto.com/363003/108262/
4、Selinux級別與開關
CentOS7 +vsftpd (一)之 匿名