Build the FTP Service (Linux)

Last updated: 2020-02-25 12:19:07

PDF

Scenario

Vsftpd (very secure FTP daemon) is the default FTP server in many Linux distributions. This paper takes the Tencent Cloud server (CVM) of CentOS 7.664-bit operating system as an example, and uses vsftpd software to build the FTP service of Linux Cloud Virtual Machine.

Software Versions

The component version of the FTP service built in this paper is as follows:

  • Linux: Linux operating system. In this example, CentOS 7.6 is used.
  • Vsftpd: this article takes vsftpd 3.0.2 as an example.

Directions

Step 2: Purchase cloud virtual machine

Step 1: Install vsftpd

  1. Execute the following command to install vsftpd.
yum install vsftpd -y
  1. Execute the following command to set up vsftpd Start up from Launch.
systemctl enable vsftpd
  1. Execute the following command, Launch FTP service.
systemctl start vsftpd
  1. Execute the following command to confirm whether the service has been started.
netstat -antup | grep ftp

If the result is shown below, it means that the FTP service has been successful, Launch.

At this time, vsftpd has enabled anonymous Access mode by default, and you can log in to the FTP server without using a user name and password. Users who log in to the FTP server in this way do not have the right to modify or upload files to Permission.

Step 3: configure vsftpd

  1. Execute the following command to create a user for the FTP service. This article takes ftpuser as an example.
useradd ftpuser
  1. Execute the following command to set the password for the ftpuser user.
passwd ftpuser1

After entering the password, please press Enter Confirm the setting. The password is not displayed by default. tf7295TFY As an example.
3. Execute the following command to create a file used by the FTP service, Directory, which is based on the /var/ftp/test As an example.

mkdir /var/ftp/test
  1. Execute the following order to modify Directory Permission.
chown -R ftpuser:ftpuser /var/ftp/test
  1. Run the following command to open the nginx.conf File.
vim /etc/vsftpd/vsftpd.conf
  1. By I Switch to edit mode, select FTP mode according to the actual needs, and modify the configuration file. vsftpd.conf :

FTP can connect and transfer data to client machines through active mode and passive mode. Due to the firewall settings of most client machines and the inability to get the real IP, it is recommended that you choose Passive mode Build the FTP Service. The following modifications take setting the passive mode as an example. If you want to choose the active mode, please go to Set FTP active mode .

  1. Modify the following configuration parameters, set the login Permission for anonymous and local users, set the path to the list file of specified exception users, and enable listening IPv4 sockets.
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
  1. Add at the beginning of the line # , comment listen_ipv6=YES Configure parameters to turn off listening IPv6 sockets.
#listen_ipv6=YES
  1. Add the following configuration parameters, turn on the passive mode, set the location of Directory after the local user logs in, and Cloud Virtual Machine establish the port range values that can be used for data transmission.
local_root=/var/ftp/test
allow_writeable_chroot=YES
pasv_enable=YES
pasv_address=xxx.xx.xxx.xx #Please modify it to your Linux CVM public network IP
pasv_min_port=40000
pasv_max_port=45000
  1. By Esc After input : wq Save and exit.
  2. Execute the following command to create and edit chroot_list File.
vim /etc/vsftpd/chroot_list
  1. By I Enter the edit mode, enter the user name, one user name occupies one line, and press Esc And enter : wq Save and exit.
    If you do not set the requirements of the exception user, you can skip this step and enter : wq Exit the file.
  2. Restart the FTP service by executing the following command.
systemctl start vsftpd

Step 4: Configure security group

After building the FTP service, you need to give the Linux Cloud Virtual Machine Open to Internet according to the FTP model actually used Inbound policy .
Most client machines are in the local area network, and IP addresses are translated. If you choose FTP active mode, make sure that the client machine has obtained the real IP address, otherwise the client may not be able to log on to the FTP server.

  • Active mode: Open to Internet port 21.
  • Passive mode: Open to Internet port 21, and Modify configuration file Set in pasv_min_port to pasv_max_port All ports between, this article Open to Internet port is 40000-45000.

Step 5: verify the FTP service

You can verify the FTP service through tools such as FTP client software, browser, or file explorer. This article takes the file explorer on the client side as an example.

  1. Open the client's IE browser, select * * tools * *-> * * Internet options * *-> * * Advanced * *, and modify it according to the FTP mode you selected:
  • Active mode: uncheck [use passive FTP].
  • Passive mode: check [use passive FTP].
  1. Open the client's computer and in the path bar, the address below Access.
ftp://CVM public network IP:21
  1. In the pop-up Login as window, enter Configuring vsftpd The user name and password that have been set in the.
    The user name used in this article is ftpuser The password is tf7295TFY .
  2. After successfully logging in, you can upload and download files.

Appendix

Set FTP active mode

The configurations that need to be modified in active mode are as follows, and the rest of the configurations remain at the default settings:

Anonymous_enable=NO # prohibits anonymous users from logging in. 
Local_enable=YES # supports local user login. 
Chroot_local_user=YES # all users are restricted to the home directory. 
Chroot_list_enable=YES # enable the list of exceptional users. 
Chroot_list_file=/etc/vsftpd/chroot_list # specifies the user list file in which users are not locked in the home directory. 
Listen=YES # listening on IPv4 sockets. 
# add # at the beginning of the line and comment out the following parameters. 
# listen_ipv6=YES # turn off listening IPv6 sockets. 
# add the following parameters. 
Allow_writeable_chroot=YES. 
Local_root=/var/ftp/test # sets the directory where local users log in

By Esc After input : wq After saving, exit and go to Step 8 Complete the vsftpd configuration.

FTP client failed to upload files

Problem Description

In Linux environment, users get the following error message when uploading files with vsftpd.

553 Could not create file

Solution

  1. Execute the following command to check the utilization of server disk space.
df -h
  • If there is not enough disk space, you will not be able to upload files. It is recommended to delete some large files.
  • If there is enough disk space, go to the next step.
  1. Execute the following command to check if the FTP directory has the Write permission.
ls -l /home/test      
# /home/test is the FTP directory. Change it to your actual FTP directory.
  • If there is no w In the returned result, it means that the user does not have the permission to write to the directory. Please go to the next step.
  • If there is a w In the returned result, please Submit a ticket .
  1. Execute the following command to add the Write permission to the FTP directory.
chmod +w /home/test 
# /home/test is the FTP directory. Change it to your actual FTP directory.
  1. Execute the following command to check whether the Write permission is added successfully.
ls -l /home/test   
# /home/test is the FTP directory. Change it to your actual FTP directory.