1.ftp服务搭建
yum install vsftpd
getenforce
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
ll /etc/vsftpd/vsftpd.conf.bak
id www
cat /etc/passwd|grep www
[root@reserve ~]# cat /etc/passwd|grep www
www:x:500:500::/data/www:/sbin/nologin
egrep -v "^#|^$" /etc/vsftpd/vsftpd.conf
> /etc/vsftpd/vsftpd.conf
2.主配置文件:
[root@reserve data]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
chroot_local_user=YES
guest_enable=YES
guest_username=www
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/extra
3.用户个人子配置文件:
[root@reserve data]# cat /etc/vsftpd/extra/kafa
local_root=/data/www/mm/
anonymous_enable=NO
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
max_per_ip=5
local_max_rate=5000
4.密码文件:
[root@reserve data]# cat /etc/vsftpd/vsftpd_login
zka@kafa
testjZK5#an
5.加密生成密码文件:
db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
6.将密码文件写入pam.d认证文件下:
[root@reserve data]# cat /etc/pam.d/vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth requiredpam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth requiredpam_shells.so
#auth includepassword-auth
#account includepassword-auth
#session required pam_loginuid.so
#session includepassword-auth
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
7.给站点目录授权:
[root@reserve data]# cat /etc/passwd|grep /data/www
www:x:503:503::/data/www:/sbin/nologin
/data/www为站点目录
chown -R www.www /data/www
/etc/init.d/vsftpd restart
8.遇到530链接不上ftp解决办法:
防火墙影响:解决:modprobe ip_conntrack_ftp
参考文档:http://www.myexception.cn/vsts/480445.html
ftp参数意义参考文档:
http://moerjinrong.blog.51cto.com/11124564/1881357
