1. vsftpd package 설치
[root@localhost ~]# yum -y install vsftpd2. ftp 설정
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf- 해당 파일 default 내용
Line 102 / 104 주석 해제
->chroot_list 에 있는 계정 접속 허용
1 # Example config file /etc/vsftpd/vsftpd.conf
2 #
3 # The default compiled in settings are fairly paranoid. This sample file
4 # loosens things up a bit, to make the ftp daemon more usable.
5 # Please see vsftpd.conf.5 for all compiled in defaults.
6 #
7 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
9 # capabilities.
10 #
11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
12 anonymous_enable=YES
13 #
14 # Uncomment this to allow local users to log in.
15 # When SELinux is enforcing check for SE bool ftp_home_dir
16 local_enable=YES
17 #
18 # Uncomment this to enable any form of FTP write command.
19 write_enable=YES
20 #
21 # Default umask for local users is 077. You may wish to change this to 022,
22 # if your users expect that (022 is used by most other ftpd's)
23 local_umask=022
24 #
25 # Uncomment this to allow the anonymous FTP user to upload files. This only
26 # has an effect if the above global write enable is activated. Also, you will
27 # obviously need to create a directory writable by the FTP user.
28 # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
29 #anon_upload_enable=YES
30 #
31 # Uncomment this if you want the anonymous FTP user to be able to create
32 # new directories.
33 #anon_mkdir_write_enable=YES
34 #
35 # Activate directory messages - messages given to remote users when they
36 # go into a certain directory.
37 dirmessage_enable=YES
38 #
39 # Activate logging of uploads/downloads.
40 xferlog_enable=YES
41 #
42 # Make sure PORT transfer connections originate from port 20 (ftp-data).
43 connect_from_port_20=YES
44 #
45 # If you want, you can arrange for uploaded anonymous files to be owned by
46 # a different user. Note! Using "root" for uploaded files is not
47 # recommended!
48 #chown_uploads=YES
49 #chown_username=whoever
50 #
51 # You may override where the log file goes if you like. The default is shown
52 # below.
53 #xferlog_file=/var/log/xferlog
54 #
55 # If you want, you can have your log file in standard ftpd xferlog format.
56 # Note that the default log file location is /var/log/xferlog in this case.
57 xferlog_std_format=YES
58 #
59 # You may change the default value for timing out an idle session.
60 #idle_session_timeout=600
61 #
62 # You may change the default value for timing out a data connection.
63 #data_connection_timeout=120
64 #
65 # It is recommended that you define on your system a unique user which the
66 # ftp server can use as a totally isolated and unprivileged user.
67 #nopriv_user=ftpsecure
68 #
69 # Enable this and the server will recognise asynchronous ABOR requests. Not
70 # recommended for security (the code is non-trivial). Not enabling it,
71 # however, may confuse older FTP clients.
72 #async_abor_enable=YES
73 #
74 # By default the server will pretend to allow ASCII mode but in fact ignore
75 # the request. Turn on the below options to have the server actually do ASCII
76 # mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
77 # the behaviour when these options are disabled.
78 # Beware that on some FTP servers, ASCII support allows a denial of service
79 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
80 # predicted this attack and has always been safe, reporting the size of the
81 # raw file.
82 # ASCII mangling is a horrible feature of the protocol.
83 #ascii_upload_enable=YES
84 #ascii_download_enable=YES
85 #
86 # You may fully customise the login banner string:
87 #ftpd_banner=Welcome to blah FTP service.
88 #
89 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
90 # useful for combatting certain DoS attacks.
91 #deny_email_enable=YES
92 # (default follows)
93 #banned_email_file=/etc/vsftpd/banned_emails
94 #
95 # You may specify an explicit list of local users to chroot() to their home
96 # directory. If chroot_local_user is YES, then this list becomes a list of
97 # users to NOT chroot().
98 # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
99 # the user does not have write access to the top level directory within the
100 # chroot)
101 #chroot_local_user=YES
102 chroot_list_enable=YES
103 # (default follows)
104 chroot_list_file=/etc/vsftpd/chroot_list
105 #
106 # You may activate the "-R" option to the builtin ls. This is disabled by
107 # default to avoid remote users being able to cause excessive I/O on large
108 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
109 # the presence of the "-R" option, so there is a strong case for enabling it.
110 #ls_recurse_enable=YES
111 #
112 # When "listen" directive is enabled, vsftpd runs in standalone mode and
113 # listens on IPv4 sockets. This directive cannot be used in conjunction
114 # with the listen_ipv6 directive.
115 listen=YES
116 #
117 # This directive enables listening on IPv6 sockets. By default, listening
118 # on the IPv6 "any" address (::) will accept connections from both IPv6
119 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
120 # sockets. If you want that (perhaps because you want to listen on specific
121 # addresses) then you must run two copies of vsftpd with two configuration
122 # files.
123 # Make sure, that one of the listen options is commented !!
124 listen_ipv6=NO
125
126 pam_service_name=vsftpd
127 userlist_enable=YES
128 tcp_wrappers=YES
*수정 ( 2022.04.05 )
115 : listen = NO -> listen = YES
124 : llisten_ipv6=YES -> llisten_ipv6=NO
* 수정 ( 2022.04.05 )
설정 이슈 인지 아래 내용 적용시
500 OOPS: vsftpd: refusing to run with writable root inside chroot() 발생.
해당 list 내용 제거
chroot_list 계정 추가 ( root , user1 , user 2 .. )
[root@localhost ~]# vi /etc/vsftpd/chroot_list
root
user1
user2
~
~
~
~
-- INSERT --
root으로 접속시 안되는 경우 아래 경로 에서 root 을 제거하면 된다.
[root@localhost ~]# vi /etc/vsftpd/ftpusers
[root@localhost ~]# vi /etc/vsftpd/user_list-> 위 내용을 진행하지 않으면 530 Permission denied 를 보게 된다.
응답: 530 Please login with USER and PASS.
상태: 보안되지 않은 서버입니다. TLS를 통한 FTP를 지원하지 않습니다.
명령: USER root
응답: 530 Permission denied.
오류: 서버에 연결하지 못함
3. 방화벽 해제
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp
success
[root@localhost ~]# firewall-cmd --permanent --add-port=21/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
4. FTP 실행
[root@localhost ~]# systemctl start vsftpd
[root@localhost ~]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-04-01 01:59:31 EDT; 4min 38s ago
Process: 10268 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 10269 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─10269 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Apr 01 01:59:31 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
Apr 01 01:59:31 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.5. 접속 확인 ( Windows10 - Filezilla )
호스트( IP or DNS ) , 계정, 패스워드 , 포트 ( 22 ) 입력 후 연결 하면 아래와 같이 접속 된다.
'Server > 환경 구축 - Centos' 카테고리의 다른 글
| [Linux] CentOS 7 MySQL 계정 권한 설정 (0) | 2022.04.25 |
|---|---|
| [Linux] CentOS 7 MySQL 계정 추가 및 외부 접속 허용 (0) | 2022.04.18 |
| [Linux] CentOS 7 MySQL 설치 및 설정 (0) | 2022.04.15 |
| [Linux] CentOS 7 SSH 설정 (0) | 2022.03.31 |
| [Linux] CentOS 7 환경 구축 (0) | 2022.03.31 |