CentOS7 deploy vsftp (FTP) service

Vsftp installation creates users and limits users to their own directories
1、 Check if vsftpd has been installed
vsftpd -version
2、 Install vsftpd (CentOS7)
yum install -y vsftpd
3、 New FTP directory
The FTP directory created is as follows:
/data/KodServer/data/User/tomas/home
4、 Create new user
ftpname is the username you created for the ftp, and /data/KodServer/data/User/tomas/home is the location after logging in
useradd -d /data/KodServer/data/User/tomas/home -s /bin/bash ftpname
5、 Set a password for the newly created user
passwd ftpname
[Remark: Use cat etc/passwd to view current system users]
6、 Set the home directory (change the directory you see when you log in, depending on your personal needs, if step 4 has been set, this step can be ignored)
usermod -d /data/KodServer/data/User/tomas/home ftpname
7、 Add user group (this step can be ignored)
groupadd ftpgroup
8、 Add FTP service to firewall
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload
Solution:
①, check the Selinux status of ftp: sestatus -b | grep ftp
②. You can see in the result: ftp_home_dir off
③. Change the status to on: setsebool -P ftp_home_dir on
④, restart vsftp service: systemctl restart vsftpd.service
setsebool -P ftpd_full_access on
systemctl restart firewalld.service
9、 The configuration can only access its own directory (/data/KodServer/data/User/tomas/home), not other paths
Modify /etc/vsftpd.conf
cd /etc/vsftpd/
vi vsftpd.conf

Remove the previous comment

chroot_local_user=YES
ascii_upload_enable=YES
ascii_download_enable=YES

Add at the end of the file

allow_writeable_chroot=YES
Save and restart vsftpd
Set boot up:
systemctl enable vsftpd.service
Start the vsftpd service
systemctl start vsftpd.service
Prohibit ftp users from logging in to the ftp server through port 22:
Due to the need to restrict ftp users to their own directories, there is no problem under port 21, but when ftp users log in with sftp, they can still access the upper-level directory, so the ftp user ssh login is prohibited and the communication on port 22 is cut off.
First, execute the following command to find the shell of nologin:
vi /etc/shells
You can see that the shell file forbidden to log in is /usr/sbin/nologin, and then execute the following command:
usermod -s /usr/sbin/nologin tomas
If you want to restore tomas's ssh login, execute the following command:
usermod -s /bin/bash tomas

Recommended Posts

CentOS7 deploy vsftp (FTP) service
CentOS 7 deploy saltstack service
Centos6.8 deploy vnc service
Centos7.6 deploy django+nginx+uwsgi
CentOS 7 deploy OpenLDAP+FreeRadius
Deploy GitBook under CentOS7
CentOS 8 enable NTP service
CentOS 7 install Docker service
CentOS 7 deploys RabbitMQ service
CentOS 6.8 deploy zookeeper cluster
Deploy JDK+Tomcat8 under CentOS
CentOS7 deploys NFS service
Deploy vuepress on centos7
Centos7 build DNS service
Deploy Jenkin on centos7
Deploy FTP server under ubuntu
CentOs7.3 build Solr stand-alone service
CentOs7.3 build RabbitMQ 3.6 stand-alone service
CentOS 7.2 deploy Node.js development environment
Deploy front-end projects using centOS 7
CentOs7.3 build ZooKeeper-3.4.9 stand-alone service
CentOS 7.2 deploy mail server (Postfix)
Centos7.2 deployment vnc service record
CentOS7.7 deploy k8s (1 master + 2 node)
CentOs7.3 build SolrCloud cluster service
Centos 7 install jdk and package service service
CentOS7.7 deploy k8s (3 master + 3 node + 1 client)
CentOS 7 set up NTP, SSH service
CentOS7.7 deploy k8s + Prometheus (1 master + 2 node)
CentOS builds a cloud service platform
Deploy and optimize Tomcat under Centos
CentOS 8 - install and configure NFS service
Build an FTP server under centos7
CentOS 7 Tomcat service installation and configuration
CentOS 7.2 deploy website access log analyzer-Piwik