Linux Instance to Build FTP Site
<p>vsftpd stands for very secure FTP daemon. It is an open source FTP server software used in Linux distributions. This article describes how to set up an FTP site with a Linux instance, taking CentOS7.6-64Bit as an example.</p>
<p><strong>Procedures</strong></p>
<p><strong>Step 1: Install vsftpd</strong></p>
<p>1.Log in to the ECS Console.</p>
<p>2.Install vsftpd, execute the following command:</p>
<p><strong>yum install -y vsftpd</strong></p>
<p>The following information opens, indicating that the software installation is successful.</p>
<p>3.Execute the following command to set the FTP service to start automatically after booting.</p>
<p><strong>systemctl enable vsftpd.service </strong></p>
<p>4.Execute the following command to start the FTP service.</p>
<p><strong>systemctl start vsftpd.service</strong></p>
<p>5.Execute the following command to view the FTP service port.</p>
<p><strong>netstat -antup | grep ftp</strong></p>
<p><strong>Step 2: Configure vsftpd</strong></p>
<p>After installing vsftpd, the anonymous FTP function is enabled by default. With anonymous FTP, you can log in to the FTP server without entering a user name and password, but you do not have permission to modify or upload files. Anonymous access to the FTP server is not safe. This method is generally only used to maintain unimportant external files. We recommend that you do not use in the production environment.</p>
<p>If you use the account in the Linux operating system to log in to the server, it will be rejected by vsftpd. You can configure the user account and password in vsftpd to log in. The following operation describes configuring the user account and password in vsftpd to log in to the FTP server.</p>
<p>1.Execute the following command to create a Linux user for the FTP service. In this example, the user name is ftptest.</p>
<p><strong>useradd ftptest</strong></p>
<p>2.Execute the following command and enter the password of the set ftptest user.</p>
<p><strong>passwd ftptest</strong></p>
<p>3.Execute the following command to create a file directory for FTP, in this case / var / ftp / test01.</p>
<p><strong>mkdir /var/ftp/test01</strong></p>
<p>4.Execute the following command to change the owner of the created file directory to the local user used to log in to FTP.</p>
<p><strong>chown -R ftptest:ftptest /var/ftp/test01</strong></p>
<p>5.Modify the configuration file of vsftpd.conf.</p>
<p>a. Execute the following command to open the configuration file vsftpd.conf.</p>
<p><strong>vi /etc/vsftpd/vsftpd.conf</strong></p>
<p>b. Press i to enter edit mode.</p>
<p>c. Modify the opened vsftpd.conf file.</p>
<p>You can configure FTP to be in active mode or passive mode according to actual business needs.</p>
<ul>
<li><strong>Active mode:</strong> the client sends data port information to the server, and the server actively connects to the data port sent by the client. The parameters are as follows:</li>
</ul>
<table border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2" style="vertical-align:top">
<p>#Set the following parameters to not allow anonymous login to the FTP server, allow local users to log in to the FTP server, and specify the file directory used by FTP local users.</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>anonymous_enable=NO </p>
</td>
<td style="vertical-align:top">
<p>#Do not allow anonymous login to the FTP server</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>local_enable=YES</p>
</td>
<td style="vertical-align:top">
<p>#Do not allow anonymous login to the FTP server</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>local_root=<strong>/var/ftp/test01</strong></p>
</td>
<td style="vertical-align:top">
<p>#Allow local users to log in to the FTP server</p>
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align:top">
<p>#Set the following parameters to restrict users to only access their own home directory.</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>chroot_local_user=YES</p>
</td>
<td style="vertical-align:top">
<p>#All users are restricted to the home directory</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>chroot_list_enable=YES </p>
</td>
<td style="vertical-align:top">
<p>#Enable exception user list</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>chroot_list_file=/etc/vsftpd/chroot_list</p>
</td>
<td style="vertical-align:top">
<p>#Designate the list of exception users, these users are not locked in the home directory</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>allow_writeable_chroot=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align:top">
<p>#Configure other parameters</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>local_umask=022</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>dirmessage_enable=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>xferlog_enable=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>connect_from_port_20=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>xferlog_std_format=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>listen=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>pam_service_name=vsftpd</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>userlist_enable=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>tcp_wrappers=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
</tbody>
</table>
<ul>
<li><strong>Passive mode:</strong> The server opens and sends data port information to the client. The client connects to the data port opened by the server, and the server passively accepts the connection. In passive mode, you need to configure the following parameters in addition to all the parameters required for active mode:</li>
</ul>
<table border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2" style="vertical-align:top">
<p>#Set the following parameters, configure FTP to support passive mode, and specify the public IP address of the FTP server and the range of ports that can be accessed. You can configure the port range according to the actual environment.</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>listen=YES</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>listen_ipv6=NO</p>
</td>
<td style="vertical-align:top">
<p> </p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>pasv_address=xx.xx.xx.xx</p>
</td>
<td style="vertical-align:top">
<p>#FTP server public IP address</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>pasv_min_port=port number</p>
</td>
<td style="vertical-align:top">
<p>#Set the minimum port in passive mode</p>
</td>
</tr>
<tr>
<td style="vertical-align:top">
<p>pasv_max_port=port number </p>
</td>
<td style="vertical-align:top">
<p>#Set the maximum port in passive mode</p>
</td>
</tr>
</tbody>
</table>
<p>d. Press Esc to exit edit mode, enter<strong>: wq</strong> to save and exit.</p>
<p>e. Create a chroot_list file in the / etc / vsftpd / directory.</p>
<p><strong>Note:</strong> The chroot_list file is a list of exception users restricted to the home directory. If you need to set a user to be restricted from accessing only its home directory, you can write the corresponding user name to this file. There is a chroot_list file, the content can be empty.</p>
<p>6.Execute the following command to restart the vsftpd service for the configuration to take effect.</p>
<p>service vsftpd restart</p>
<p><strong>Step 3: Set up security groups</strong></p>
<p>After the FTP site is built, you need to add a rule to allow FTP ports in the inbound direction of the ECS Instance security group. For more information, see Configure Security Group Rules.</p>
<ul>
<li>FTP is in active mode: port 21.</li>
<li>FTP is in passive mode: port 21, all ports between the parameters pasv_min_port and pasv_max_port in the configuration file /etc/vsftpd/vsftpd.conf.</li>
</ul>
<p><strong>Step 4: Client test</strong></p>
<p>1.Open the client IE browser.</p>
<p>2.Set the browser access mode, select <strong>Settings</strong> > <strong>Internet Options</strong> > <strong>Advanced</strong>, check <strong>Enable FTP Folder View</strong>. If it is in active access mode, uncheck <strong>Use passive FTP</strong>; if it is in passive mode select Use passive FTP.</p>
<p>3.In the path bar, enter: <strong>ftp: // FTP server IP address: FTP port</strong>, for example: ftp: // 101.89.95.105:21.</p>
<p><strong>Note:</strong> If you do not fill in the port information, you will access port 21 by default.</p>
<p>4.A dialog box for entering the user name and password opens, indicating that the configuration is successful. Enter the correct user name and password to operate the FTP file with corresponding permissions.</p>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!