Check FTP service during installation. CentOS system will help you install vsftpd FTP server and mark it as system service
Start command: / etc / rc.d/init.d/vsftpd start
At this time, you can use FTP client connection
The permissions of vsftpd seem to be linked to the system permissions
The following is the copied configuration to explain the configuration of vsftpd
Vsftpd.ftpusers: located in the / etc directory. It specifies which user accounts cannot access the FTP server, such as root
vsftpd.user_ List: it is located in the / etc directory. The user account in this file cannot access the FTP server by default. Only when the userlist is enabled in the vsftpd. Conf configuration file_ Access is allowed only when enable = no option
Vsftpd.conf: it is located in the / etc / vsftpd directory. It can customize the configuration of FTP servers such as user login control, user permission control, timeout setting, server function options, server performance options, server response messages, etc
(1) CentOS system user login control
anonymous_ Enable = yes, allow anonymous users to log in
no_ anon_ Password = yes, anonymous users do not need to enter a password when logging in
local_ Enable = yes, allow local users to log in
deny_ email_ Enable = yes, you can create a file to save the blacklist of some anonymous emails to prevent these people from using DOS attacks
banned_ email_ file=/etc/vsftpd.banned_ Email, when deny is enabled_ email_ When the enable function is enabled, the required e-mail blacklist saving path (the default is / etc / vsftpd. Barned_emails)
(2) CentOS system user authority control
write_ Enable = yes, enable global upload permission
local_ Umask = 022, the umask of the uploaded file of the local user is set to 022 (the system defaults to 077, which can generally be changed to 022)
anon_ upload_ Enable = yes, anonymous users are allowed to have upload permission. Obviously, write must be enabled_ Enable = yes to use this item. At the same time, we must also establish a directory that allows FTP users to read and write (as mentioned earlier, FTP is the mapped user account of anonymous users)
anon_ mkdir_ write_ Enable = yes, allowing anonymous users to create directories
chown_ Uploads = yes, if this option is enabled, the primary user who uploads files anonymously will be changed to another user account. Note that it is recommended not to specify the root account as the primary user who uploads files anonymously!
chown_ Username = Whoever, when chown is enabled_ When uploads = yes, the specified primary user account is the primary user account, and the who here should naturally be replaced by the appropriate user account
chroot_ list_ Enable = yes, you can use a list to limit which local users can only be active in their own directory. If chroot_ local_ User = yes, then the users specified in this list are unrestricted
chroot_ list_ file=/etc/vsftpd.chroot_ List, if chroot_ local_ User = yes, specify the save path of the list (chroot_local_user) (the default is / etc / vsftpd. Chroot_list)
nopriv_ User = ftpsecure, specify a secure user account and use the FTP server as a completely isolated and unprivileged independent user. This is the recommended option for the vsftpd system
async_ abor_ Enable = yes, it is strongly recommended not to enable this option, otherwise an error may occur!
ascii_ upload_ enable=YES; ascii_ download_ Enable = yes, by default, the server pretends to accept the ASC Ⅱ mode request, but actually ignores such a request. Enabling the above two options can enable the server to truly realize the ASC Ⅱ mode transmission
Note: enable ASCII_ download_ The enable option allows malicious remote users to consume a large amount of I / O resources of the FTP server with instructions such as “size / big / file” in ASC II mode
These ASC Ⅱ mode settings are divided into upload and download options, so that we can allow ASC Ⅱ mode upload (which can prevent the crash caused by uploading malicious files such as scripts) without the risk of denial of service attack
(3) CentOS system user connection and timeout options
idle_ session_ Timeout = 600, the default idle timeout can be set. If the user does not act after this time, he will be kicked out by the server
data_ connection_ Timeout = 120, set the default data connection timeout
(4) CentOS system server log and welcome information
dirmessage_ Enable = yes, it is allowed to configure the display information for the directory and display the message under each directory_ The contents of the file
ftpd_ Banner = welcome to blah FTP service, you can customize the welcome information that FTP users see when logging in to the server
xferlog_ Enable = yes, enable the function of recording upload / download activity log
xferlog_ File = / var / log / vsftpd.log. You can customize the save path and file name of the log file. The default is / var / log / vsftpd.log
Above, we have completed the FTP configuration in CentOS system