当前位置：首页 > 行业动态 > 正文

如何进行CentOS vsftpd安装系统帐户设置

admin
行业动态
2023-12-23
2

CentOS vsftpd安装系统

1、更新系统

在安装vsftpd之前，首先需要更新系统的软件包，执行以下命令：

sudo yum update

2、安装EPEL源

由于CentOS默认的YUM源不包含vsftpd,需要安装EPEL源，执行以下命令：

sudo yum install epel-release

3、安装vsftpd

执行以下命令安装vsftpd:

sudo yum install vsftpd

4、启动vsftpd服务

安装完成后，启动vsftpd服务：

sudo systemctl start vsftpd

5、设置开机自启

为了确保vsftpd在系统启动时自动运行，需要设置开机自启，执行以下命令：

sudo systemctl enable vsftpd

系统帐户设置

1、创建用户和组

首先需要创建一个用于FTP访问的用户和组，执行以下命令：

sudo groupadd ftpusers
sudo useradd -g ftpusers -s /sbin/nologin -d /var/ftp ftpuser

这里我们创建了一个名为ftpusers的组，并创建了一个名为ftpuser的用户，该用户的主目录被设置为/var/ftp，将ftpuser的登录shell设置为/sbin/nologin,使其无法登录系统，这是为了保证FTP服务器的安全性。

2、修改vsftpd配置文件

接下来需要修改vsftpd的配置文件，以便允许新创建的用户访问FTP服务器，打开配置文件：

sudo vi /etc/vsftpd/vsftpd.conf

找到以下行：

Allow local users to log in.
local_enable=YES
Allow anonymous FTP? (ie. not logged in)? If set to YES then only anonymous login is allowed. If set to NO then only authenticated users are allowed! Default value is NO! (=NO)
anonymous_enable=NO
Allow anonymous FTP? (ie. not logged in)? If set to YES then only anonymous login is allowed. If set to NO then only authenticated users are allowed! Default value is NO! (=NO)
anon_upload_enable=YES      Allow anonymous upload of files? (ie. without login)? If set to YES then anonymous users can upload files. Default value is NO! (=NO)         anon_mkdir_write_enable=YES      Allow anonymous creation of directories? If set to YES then anonymous users can create new directories. Default value is NO! (=NO)         anon_other_write_enable=YES      Allow anonymous write access other than uploading and creating directories? If set to YES then anonymous users can modify existing files and download new files. Default value is NO! (=NO)         anon_root=/tmp       The default directory for anonymous users when they connect with no account. Default value is /var/ftp/pub/Anonymous  anon_uid=$UID         The default user id for anonymous users if not specified by the client. Default value is $UID anon_gid=$GID         The default group id for anonymous users if not specified by the client. Default value is $GID         pasv_min_port=40000      The minimum port number that may be used by passive connections. Default value is 40000         pasv_max_port=40009      The maximum port number that may be used by passive connections. Default value is 40009         pasv_address=127.0.0.1      The IP address to use for passive connections. Default value is 127.0.0.1         For security reasons, you should consider changing this to a non-localhost address if possible.         listen=YES             Listen for incoming client connections on the local machine instead of forwarding them to a virtual server or portmapper instance. Default value is yes.         listen_ipv6=YES      Enable IPv6 support for the listener. Default value is yes.        pam_service_name=vsftpd         Use the named pam module for authentication (refer to "UsePAM" below). This option overrides the above setting for this particular virtual server. Default value is yes (which means use the built-in vsftpd authentication).        userlist_enable=YES      When userlist_enable=YES, a list of allowed and denied users will be stored in this file: /etc/vsftpd/user_list (default). See also 'userlist_deny' and 'userlist_allow' options in this section. Default value is NO (which means no userlist file will be created).        userlist_deny=NO      When userlist_deny=YES, an entry in the userlist file will deny a connection attempt if the remote user is listed in this file. Default value is NO (which means no entries will be added to the userlist file).        userlist_file=/etc/vsftpd/user_list      Set the pathname of the userlist file where the list of allowed and denied users will be stored. See also 'userlist_enable' and 'userlist_deny' options in this section. Default value is /etc/vsftpd/user_list        chroot_local_user=YES      Change the working directory of local users when they log in through the shell (default = no chroot). Default value是YES(即chroot到其主目录)。        chroot_list_enable=YES      Allow configuration of which users are allowed to log in as root via chroot(). Default value是NO(即不允许任何用户通过chroot登录为root)。        chroot_list_file=/etc/vsftpd/chroot_list      Set the pathname of the file containing a list of users who are allowed to log in as root via chroot(). Default值是/etc/vsftpd/chroot_list        xferlog_enable=YES      Enable logging of data transfer events that occur during FTP sessions using the XFER command or PASV command. Default value是YES(即记录事件)。        xferlog_file=/var/log/xferlog      Set the pathname of the file where XFER and PASV transfer log events will be stored. Default值是/var/log/xferlog        connect_from_port_20=YES      Allow clients to connect from any port but only if all ports below are closed by other processes on the server (i.e. no other services listening on those ports). Default value是NO(即只允许从指定端口连接)。        connect_from_port=21-60      Allow clients to connect from any port between the range 21 and 60, inclusive of both ends of the range. Default value是21-60(即只允许从指定端口范围连接)。        secure_chroot_dir=/var/run/vsftpd      The directory where VSFTPD will store information about secure chroot operations (such as open sockets). Default value是${HOME}/run/vsftpd(即存储信息的位置为${HOME}/run/vsftpd)。        force_local_data_ssl=NO      Force SSL encryption of data transfers even when connecting from behind a NAT (Network Address Translation) router or firewall that supports it (this option requires SSL support in both client and server). Default value是NO(即不强制使用SSL加密数据传输)。        force_local_logins=YES      Force local logins only when using SSL encryption (this option cannot be combined with force_local_data_ssl). Default value是NO(即可以使用SSL加密或明文进行本地登录)。        tls_local_data=YES      Enable use of local SSL certificates for data transfers (only required if force_local_data_ssl or force_local_logins has been enabled). Default value是NO(即不使用本地SSL证书)。        tls_auth_only=NO      Enable use of OpenSSL client authentication (requires OpenSSL library installed and configured). Default value是YES(即启用OpenSSL客户端认证)。        tls_verify=NO      Do not verify peer certificates when communicating with servers over SSL or TLS connections (this option cannot be combined with force_local_data_ssl). Default value是YES(即验证对等证书)。        autoprivanon=YES      When autoprivanon is enabled, private directory permissions are automatically changed after each session ends so that a new session cannot read files written by previous sessions unless explicitly allowed by the user or administrator. This can help prevent unauthorized access to sensitive information on a public network where multiple people might use the same computer at once. Default value是YES(即启用自动匿名模式)。        pasv_enable=YES      Enable passive mode data transfer (PASV), which allows clients to connect directly