Very Secure FTP Daemon (Vsftpd) is the default FTP server for most Linux distributions. This document uses a CentOS 7.6 64-bit CVM as an example to describe how to use vsftpd to set up the FTP service for a Linux CVM.
The following lists the software programs for setting up the FTP service.
Log in to a Linux instance by using WebShell (recommended). You can also use any of the following login methods that you are comfortable with.
yum install -y vsftpd
systemctl enable vsftpd
systemctl start vsftpd
netstat -antup | grep ftp
If the following information appears, the FTP service has been started.
useradd ftpuser
passwd ftpuser
After entering the password, press Enter to confirm. By default, the password is not displayed. Here, tf7295TFY
is used as an example password./var/ftp/test
in this case:mkdir /var/ftp/test
chown -R ftpuser:ftpuser /var/ftp/test
vsftpd.conf
file:vim /etc/vsftpd/vsftpd.conf
vsftpd.conf
configuration file.The FTP server can connect to the client in either active or passive mode for data transmission. Due to the firewall settings of most clients and the fact that the actual IP address cannot be obtained, we recommend that you use the passive mode to set up the FTP service. The following modification uses the passive mode as an example. To use the active mode, see Setting the FTP active mode.
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
#
) at the beginning of the following line to annotate listen_ipv6=YES
and disable listening on IPv6 sockets.#listen_ipv6=YES
local_root=/var/ftp/test
allow_writeable_chroot=YES
pasv_enable=YES
pasv_address=xxx.xx.xxx.xx # Replace xxx.xx.xxx.xx with the public IP address of your Linux CVM
pasv_min_port=40000
pasv_max_port=45000
chroot_list
file:vim /etc/vsftpd/chroot_list
systemctl restart vsftpd
After setting up the FTP service, configure inbound rules for the Linux CVM based on the actually used FTP mode. For details, see Adding Security Group Rules.
Most clients convert IP addresses in LANs. If you are using the FTP active mode, ensure that the client has obtained the actual IP address. Otherwise, the client may fail to log in to the FTP server.
pasv_min_port
to pasv_max_port
set in the configuration file, such as ports 40000 to 45000 in this document.You can verify the FTP server by using tools such as an FTP client, browser, or Windows Explorer. Here, Windows Explorer is used as an example.
ftp://<CVM public IP address:21>
ftpuser
and the password is tf7295TFY
.
To use the active mode, modify the following configuration parameters and leave others as their defaults:
anonymous_enable=NO # Forbid anonymous users to log in
local_enable=YES # Allow local users to log in
chroot_local_user=YES # Restrict all users to access only the root directory
chroot_list_enable=YES # Enable the exceptional user list
chroot_list_file=/etc/vsftpd/chroot_list # Specify the user list, in which the listed users are not restricted to access only the root directory
listen=YES # Enable listening on IPv4 sockets
# Add the pound sign (#) at the beginning of the following line to comment out the following parameter.
#listen_ipv6=YES # Disable listening on IPv6 sockets
# Add the following parameters
allow_writeable_chroot=YES
local_root=/var/ftp/test # Set the directory where local users reside after login
Press Esc and enter :wq. Then, save the changes and close the file. After that, go to Step 8 to configure vsftpd.
In the Linux environment, users encounter the following error message when uploading files with vsftpd.
553 Could not create file
df -h
ls -l /home/test
# Here, /home/test indicates the FTP directory. Replace it with your actual FTP directory.
w
is not returnred in the result, you do not have the write permission to the directory. In this case, go to the next step.w
is returned in the result, submit a ticket for further troubleshooting.chmod +w /home/test
# Here, /home/test indicates the FTP directory. Replace it with your actual FTP directory.
ls -l /home/test
# Here, /home/test indicates the FTP directory. Replace it with your actual FTP directory.
Was this page helpful?