CentOS6.4搭建配置基本ftp服务器

1、安装并启动ftp服务

2、如果开启服务失败，查看selinux状态并关闭防火墙，或者临时关闭selinux（终端输入setenforce 0）

3、设置开机自启动并更改ftp共享文件夹权限（chmod命令）

4、进行简单的配置，允许所有人登录，配置文件位置在/etc/vsftpd/vsftpd.conf，在配置文件中将anon_mkdir_write_enable=anonymous_ena芟鲠阻缒ble=local_enable=write_enable=全部找到，改成=yes

5、最好讲IP配置成静态IP，如下图；配置完成后重启服务：

6、根据个人需要可以设置不允许root登录或者是ftp用户无法登录系统

7、重启服务后（service vsftpd restart）就可以使用ftp服务登录了

8、配置文件含义：anonymous_enable=YESlocal_enable=YES#允许本地用户访问(/etc/passwd中的用户)write_enable=YES#可以上传（全局控制），删除，重命名# Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022 #本地用户上传权限的umask## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.anon_upload_enable=YES#控制匿名用户对文件（非目录）上传权限anon_mkdir_write_enable=YES# Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES #是否显示目录说明文件, 默认是YES 但需要手工创建.message文件,这个.message，只有用命令登陆或者用工具，才可以看见,他不是一个弹出对话框，而是一段字符,如在pub下建立一个.message,那么在客户端进入pub目录时就会显示.message文档中的内容## The target log file can be vsftpd_log_file or xferlog_file.# This depends on setting xferlog_std_format parameterxferlog_enable=YES#记录使用者所有上传下载信息## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES #确保ftp-datad 数据传送使用port 20（20号端口）## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!chown_uploads=YES#所有匿名上传的文件的所有者会变成chown_username#chown_username=whoever#匿名上传文件所属用户名## The name of log file when xferlog_enable=YES and xferlog_std_format=YES# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.logxferlog_file=/var/log/xferlog#将上传下载信息记录到/var/log/vsftpd.log中## Switches between logging into vsftpd_log_file and xferlog_file files.# NO writes to vsftpd_log_file, YES to xferlog_filexferlog_std_format=YES## You may change the default value for timing out an idle session.idle_session_timeout=600#如果使用者600秒没有动作，则强制离线，也就是指令超时时间## You may change the default value for timing out a data connection.#data_connection_timeout=120#如果 client与 Server 间的数据传送在 120 秒内都无法传送#成功，那 Client的联机就会被我们的 vsftpd 强制剔除# It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:ftpd_banner=Welcome to blah FTP service.#ftp的欢迎信息## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd/banned_emails## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().chroot_list_enable=YES#如果启动这项功能，则所有列在chroot_list_file之中的使用者不能更改根目录# (default follows)chroot_list_file=/etc/vsftpd/chroot_list#与上条同时使用，设置要禁固宿主目录#的用户的配置文件为/etc/vsftpd/chroot_list 建立文本文件/etc/vsftpd/chroot_list，#写入要禁固宿主目录的用户，一行一个。当chroot_list_enable=YES时，则禁固chroot_list文件里面的用户的#宿主目录，而为NO时chroot_list文件里面的用户不禁固宿主目录# You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## When "listen" directive is enabled, vsftpd runs in standalone mode and# listens on IPv4 sockets. This directive cannot be used in conjunction# with the listen_ipv6 directive.listen=YES#使用standalone启动vsftpd，而不是super daemon(xinetd)控制它## This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6# sockets, you must run two copies of vsftpd whith two configuration files.# Make sure, that one of the listen options is commented !!#listen_ipv6=YESpam_service_name=vsftpd#PAM所使用的名称.同userlist_*一样限制用户登陆，不同的是userlist_*在进行密码验证之前拒绝用#户登陆，pam是在密码验证之后拒绝登陆.(提示密码错误) 用户列表默认存放在/etc/ftpusers中，一行#一个. (可通过/etc/pam.d/vsftpd重定向用户列表存放文件)userlist_enable=YES#限制了这里的用户不能访问tcp_wrappers=YES#支持tcp_wrappers,限制访问(/etc/hosts.allow,/etc/hosts.deny)#anon_world_readable_only=YES#允许匿名用户浏览，下载文件,默认没有这一项，只有在虚拟用户的配置文件里才有用anon_other_write_enable=YES#允许匿名用户具有建立目录，上传之外的权限，如重命名，删除#banner_file=/etc/vsftpd/banner_file.txt#ftp的欢迎信息#欢迎信息存放在banner_file.txt文件中，如果添加中文欢迎信息，就需要在xp中将此文件编辑#好后上传到/etc/vsftpd 目录中。如果ftpd_banner和banner_file同时设置，那么banner_file将覆盖ftpd_banner的设置。#Listen_address=10.1.6.0 #默认没有这一项，禁止10.1.6.0段访问此FTP#listen_port=21#ftp监听端口#userlist_enable=YES#/etc/vsftpd/user__list文件中的用户将不能访问vsftpd服务器#userlist_deny=YES#与下面这条参数：userlist_file=/etc/vsftpd/localuser_list 结合使用#userlist_file=/etc/vsftpd/localuser_list#来改变存放可以登录或禁止登录的账号max_clients=100 #最大用户在线数量max_per_ip=2#每ip最大线程anon_max_rate=30000#匿名用户最大传输速度 单位: bytes/秒local_max_rate=50000#本地用户最大传输速度 单位：bytes/秒#user_config_dir=/etc/userconf#个别用户配置目录(用来设定特殊帐号)#在/etc/userconf/下创建文本文件blue(与用户名相同),加入local_max_rate=100000anon_root=/var/ftp/pub/#设定匿名用户登陆后所在的目录#local_root=/var/local_user#设定所有本地用户登陆后的目录use_localtime=YES#使用本地时间而不是GMT