Linux system installation and configuration of FTP

1.1 Version

1.2 Application Scenarios

• If you want to upload the generated attachments to FTP on other servers after the scheduled task is completed, you need to prepare a configured FTP server in advance.

• Configure to open the cluster If you select File Server Sharing and FTP as the protocol, you need to prepare a configured FTP server in advance.

1.3 Function Introduction

VSFTP is a GPL-based FTP server software for Unix-like systems, its full name is Very Secure FTP, from the name you can see that security is the original intention of writing VSFTP, in addition to this inherent security feature, high speed and high stability are also two important features of VSFTP.

Note: To install vsftpd you need to be the top user (root), otherwise you cannot do it.

2.1 Installing FTP

2.1.1 Network installation

rpm -qa |grep vsftpd   # Check if ftp is installed
yum install vsftpd -y   # Install ftp using yum

2.1.2 Off-line installation

Download the installation package：http://rpmfind.net/linux/rpm2html/search.php?query=vsftpd （Select the corresponding rpm package according to your system）

For example：vsftpd-2.2.2-24.el6.x86_64.rpm：vsftpd-2.2.2-24.el6.x86_64.rpm

          vsftpd-3.0.2-22.el7.x86_64.rpm ：vsftpd-3.0.2-22.el7.x86_64.rpm

rpm -ivh vsftpd-2.2.2-24.el6.x86_64.rpm  # To install vsftpd, write the command according to the name of the actual rpm package

2.2 Modify configuration

Edit the vsftpd.conf configuration file and change the anonymous_enable value to NO to disable anonymous logins.

vi /etc/vsftpd/vsftpd.conf   # Edit the vsftpd.conf configuration file
anonymous_enable=NO   #  Disable anonymous login

For more information, see: vsftpd.conf Configuration Manual

2.3  Add an FTP user and start the vsftpd service

1）Add FTP user

useradd ftpuser   #Create a new user named ftpuser and automatically create the /home/ftpuser directory
passwd ftpuser   # Set the password for this user

Then just enter the password you want to set for that user twice in a row. Use the ftpuser account password to log in and use the FTP service.

Note: The user name and password used when configuring the platform cluster are the ones added above, in this document our default user name is ftpuser, vsftpd will prohibit some users from logging in to use FTP (by default root, bin, daemon, adm, lp, sync, shutdown, halt, mail, news If you want to use these user names, you can go to /etc/vsftpd/ftpusers and /etc/vsftpd/user_list and use "#" to block the user name.

2）Start FTP

service vsftpd start  # Start the vsftpd service

2.4 Copy WEB-INF and assign permissions to the folder

1）Copy the WEB-INF folder in the official environment web project and paste it into the /home/ftpuser directory, and fill in the FTP path /home/ftpuser/WEB-INF when the platform opens the file server.

2）Granting Permissions

chmod -R 777 /home/ftpuser  #Give write access to the ftpuser folde

Note: If you consider security, you cannot give 777 permissions, you can give 755 permissions only, the command is chmod -R 755 /home/ftpuser, but be sure to use FTP user when copying WEB-INF files, otherwise the file will not be written due to file attribution problems.

Configure chroot_list to disable or allow users to access upper-level directories, see: vsftpd: Disable or allow users to access upper-level directories

2.5 Test for success

The prerequisite is that the firewall of the FTP server is open on ports 20 and 21, two ways are provided here.

1) Connect with an FTP tool, such as Xftp, to log in to the FTP user.

2) Open a folder directly on a computer with access to the IP and enter ftp://ip in the address. 

After connecting to FTP in the above two ways, if the new and deleted folders are confirmed to have read and write permissions, the FTP deployment is successful

service vsftpd status # View the status of ftp
service vsftpd start # Start the service
service vsftpd stop # Stop the service
service vsftpd restart # Restart ftp
chkconfig vsftpd on # Set to boot

For more O&M knowledge, see: Cluster O&M Manual - Linux Edition

4.1 Close SELinux

Note: Login to ftp and operate the file with the error "550 create directory operation failed" or unable to login and still no read/write access after opening 777 privileges consider the following actions.

This is a problem with the SELinux (Security-Enhanced Linux, the NSA's implementation of mandatory access control, the most prominent new security subsystem on Linux) installation mechanism, and SELinux needs to be turned off.

1）The way to permanently shut down SELinux

vi /etc/selinux/config # Edit the SELinux config file
SELINUX=enforcing --> SELINUX=disabled  # Permanently shut down SELinux 
and reboot the system to take effect

2）The way to temporarily shut down SELinux

setenforce 0 # Execute the command, only temporarily shut down, reboot 
and it will be back to the original state

3）Do not close SELinux

getsebool -a | grep ftpd # Only ftp_home_dir and allow_ftpd_full_access must be on in order for vsftpd to have access to the ftp root directory and file transfer privileges
setsebool -P ftp_home_dir 1 # Just execute
setsebool -P allow_ftpd_full_access 1 # Just execute

Note: For more SELinux-related knowledge, see: Getting Started with SELinux