centos的vsftpd配置centos的vsftpd配置安全组在服务器的安全组中，开启21端口安装开启配置

安全组

在服务器的安全组中，开启21端口

安装开启

# 安装
yum install -y vsftpd
# 启动vsftpd
systemctl start vsftpd.service
# 开机自启动vsftpd
systemctl enable vsftpd.service

配置

# 创建主目录
chmod o+w /var/ftp/pub/ 
# 打开配置文件
vim /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#改为NO） // 禁用匿名用户
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
# 允许使用本地帐户进行FTP用户登录
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
allow_writeable_chroot=YES
local_umask=0
local_umask=22
local_root=/var/www/html
anon_root=/var/www/html
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
allow_writeable_chroot=YES
# 上传的文件夹默认权限是777，上传的文件默认权限是666
local_umask=0
# 上传的文件夹默认权限是755，上传的文件默认权限是644
local_umask=22
# ftp主目录
local_root=/var/www/html
anon_root=/var/www/html

添加用户

# 创建一个用户 ftpuser
useradd ftpuser
# 限制用户 ftpuser只能通过 FTP 访问服务器,而不能直接登录服务器:
usermod -s /sbin/nologin ftpuser
# 设置为用户的主目录
usermod -d /var/ftp ftpuser
# 或直接
useradd -s /sbin/nologin -d /var/www/html ftpuser
# 然后给家目录修改权限，否则你无法上传文件

# 为用户 ftpuser 设置密码
passwd ftpuser
# 输入两遍密码即可