安装

yum -y install vsftpd

安装联网过程下载速度慢，请移步更换华为云YUM源，速度快的飞起！(●'?'●)！

• 查看描述及版本信息

rpm -qi vsftpd

[root@bdslave02 ~]# rpm -qi vsftpd
Name        : vsftpd
Version     : 3.0.2
Release     : 29.el7_9
... ... ... ... ... ...(省略部分)

• 查看安装文件列表

rpm -ql vsftpd | grep -v "share/doc"    ## grep -v 过滤帮助文件

[root@bdslave02 ~]# rpm -ql vsftpd | grep -v "share/doc"
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd
... ... ... ... ... ...(省略部分)

• 查看配置文件列表

rpm -qc vsftpd

[root@bdslave02 ~]# rpm -qc vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf

主配置文件

vi /etc/vsftpd/vsftpd.conf
vim /etc/vsftpd/vsftpd.conf
more  /etc/vsftpd/vsftpd.conf
cat /etc/vsftpd/vsftpd.conf | grep -v "^#"

默认禁止root用户登录

[root@bdslave02 vsftpd]# cat /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

/etc/vsftpd/user_list文件默认是配置黑名单，名单中的用户是不允许登录的。

参数userlist_deny默认是YES，如果配置成NO，那么名单里的用户是白名单。

[root@bdslave02 vsftpd]#  cat /etc/vsftpd/ftpusers 
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

/etc/vsftpd/ftpusers 文件中的账户名单是黑名单，是不允许登录的。

开放ftp防火墙

SELinux对ftp会有限制作用，对于学习和测试环境可以关闭。参考：如何关闭SELinux？

firewall-cmd --zone=public --add-service=ftp
firewall-cmd --zone=public --add-service=ftp --permanent

anonymous_enable 是否开启匿名账户

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES

是否开启匿名账户？YES：开启。NO：关闭。

注意：如果不注释“anonymous_enable=YES”，那么默认是允许匿名账户的。

local_enable 是否开启本地账户登录

本地账户就是指Linux系统账户。

# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES

YES：开启。NO：关闭。

write_enable 是否允许写入（上传文件）

# Uncomment this to enable any form of FTP write command.
write_enable=YES

YES：开启。NO：关闭。

local_umask 创建新的文件时权限指定

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022

local_umask=022时，本地用户创建目录权限是755（777-022），文件权限是644。

anon_upload_enable 是否允许匿名用户上传文件

# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES

YES：开启。NO：关闭。

不推荐开启匿名用户上传文件！

SELinux开启时需要设置参数匿名用户才能上传文件，干脆关了，当然有风险！

匿名用户上传的目录必须有权限，干脆设置755，当然有风险！

参数anon_upload_enable设置成YES，当然有风险！总之，不推荐。

anon_mkdir_write_enable 是否允许匿名用户创建新的目录

# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES

xferlog_enable 是否启用上传和下载的日志文件

# Activate logging of uploads/downloads.
xferlog_enable=YES

connect_from_port_20 指定ftp-data传输数据时用的端口默认是20

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

chown_uploads和chown_username指定是否更改上传文件的所有者

# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever

xferlog_file 指定日志文件的位置

# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog

xferlog_std_format 日志文件是否采用标准格式

# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES

idle_session_timeout 指定用户连接上服务器的超时时间（单位:秒）

# You may change the default value for timing out an idle session.
#idle_session_timeout=600

data_connection_timeout 指定数据传输结束超时时间断开（单位:秒）

# You may change the default value for timing out a data connection.
#data_connection_timeout=120

nopriv_user 指定非特权的ftp用户

# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure

ftpd_banner 当用户登录时显示的欢迎信息字符串

# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.

chroot_local_user和chroot_list_enable等参数 更改用户登录后进入的目录

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list