内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍VSFT
风哥提示:
PD FTP服务器的安装、配置和管理方法。
Part01-VSFTPD安装
1.1 安装VSFTPD服务
$ sudo dnf install -y vsftpd
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 22:50:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.5-5.el9 appstream 180 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 180 k
Installed size: 360 k
Downloading Packages:
vsftpd-3.0.5-5.el9.x86_64.rpm 180 kB/s | 180 kB 00:01
——————————————————————————–
Total 180 kB/s | 180 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : vsftpd-3.0.5-5.el9.x86_64 1/1
Running scriptlet: vsftpd-3.0.学习交流加群风哥QQ1132571745-5.el9.x86_64 1/1
Verifying : vsftpd-3.0.5-5.el9.x86_64 1/1
Installed:
vsftpd-3.0.5-5.el9.x86_64
Complete!
# 启动VSFTPD服务
$ sudo systemctl start vsftpd
# 设置开机自启动
$ sudo systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# 查看服务状态
$ sudo systemctl status vsftpd
● vsftpd.service – Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-04-03 22:50:00 CST; 10s ago
Main PID: 12360 (vsftpd)
Tasks: 1 (limit: 49152)
Memory: 1.0M
CPU: 10ms
CGroup: /system.slice/vsftpd.service
└─12360 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Apr 03 22:50:00 rhel10 systemd[1]: Starting Vsftpd ftp daemon…
Apr 03 22:50:00 rhel10 systemd[1]: Started Vsftpd ftp daemon.
# 配置防火墙
$ sudo firewall-cmd –permanent –add-service=ftp
success
$ sudo firewall-cmd –reload
success
# 测试FTP连接
$ ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 3.0.5)
Name (localhost:user): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
Part02-VSFTPD配置文件
2.1 配置vsftpd.conf
$ sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.更多视频教程www.fgedu.net.cnconf.bak
# 编辑配置文件
$ sudo tee /etc/vsftpd/vsftpd.conf << EOF
# 基本配置
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
# 性能优化
max_clients=100
max_per_ip=5
idle_session_timeout=600
data_connection_timeout=120
# 安全配置
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
# 日志配置
dual_log_enable=YES
log_ftp_protocol=YES
vsftpd_log_file=/var/log/vsftpd.log
xferlog_file=/var/log/xferlog
# 传输模式
ascii_upload_enable=YES
ascii_download_enable=YES
# 被动模式配置
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
pasv_address=192.168.1.100
EOF
# 创建chroot列表文件
$ sudo touch /etc/vsftpd/chroot_list
# 创建用户列表文件
$ sudo tee /etc/vsftpd/user_list << EOF
user1
user2
user3
EOF
# 重启服务
$ sudo systemctl restart vsftpd
Part03-虚拟用户配置
3.1 配置虚拟用户
$ sudo tee /etc/vsftpd/vusers.txt << EOF user1 password1 user2 password2 user3 password3 EOF # 生成数据库文件 $ sudo db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db # 设置权限 $ sudo chmod 600 /etc/vsftpd/vusers.db # 创建PAM配置文件 $ sudo tee /etc/pam.d/vsftpd-virtual << EOF auth required pfrom PG视频:www.itpux.comam_userdb.so db=/etc/vsftpd/vusers account required pam_userdb.so db=/etc/vsftpd/vusers EOF # 创建虚拟用户映射的系统用户 $ sudo useradd -d /var/ftp -s /sbin/nologin ftpuser # 创建虚拟用户目录 $ sudo mkdir -p /var/ftp/user1 $ sudo mkdir -p /var/ftp/user2 $ sudo mkdir -p /var/ftp/user3 # 设置权限 $ sudo chown -R ftpuser:ftpuser /var/ftp # 修改VSFTPD配置 $ sudo tee -a /etc/vsftpd/vsftpd.conf << EOF # 虚拟用户配置 guest_enable=YES guest_username=ftpuser virtual_use_local_privs=YES user_sub_token=$USER local_root=/var/ftp/$USER pam_service_name=vsftpd-virtual EOF # 创建用户配置文件 $ sudo tee /etc/vsftpd/vusers_config/user1 << EOF local_root=/var/ftp/user1 write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES EOF $ sudo tee /etc/vsftpd/vusers_config/user2 << EOF local_root=/var/ftp/user2 write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES EOF # 重启服务 $ sudo systemctl restart vsftpd
Part04-SSL/TLS加密配置
4.1 配置FTPS
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/pki/tls/private/vsftpd.key \
-out /etc/pki/tls/certs/vsftpd.crt \
-subj “/C=CN/ST=Beijing/L=Beijing/O=Example/CN=ftp.fgedu.net.cn”
Generating a RSA private key
……………….+++++
…………+++++
writing new private key to ‘/etc/pki/tls/private/vsftpd.key’
—–
# 修改VSFTPD配置
$ sudo tee -a /etc/vsftpd/vsftpd.conf << EOF
# SSL/TLS配置
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
rsa_cert_file=/etc/pki/tls/certs/vsftpd.crt
rsa_private_key_file=/etc/pki/tls/private/vsftpd.key
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
EOF
# 重启服务
$ sudo systemctl restart vsftpd
# 测试FTPS连接
$ lftp -u user1,pass学习交流加群风哥微信: itpux-comword1 ftp://192.168.1.100
lftp user1@192.168.1.100:~> ls
drwxr-xr-x 2 1001 1001 4096 Apr 3 22:55:00 .
lftp user1@192.168.1.100:/> quit
Part05-FTP服务器管理
5.1 管理FTP服务
$ sudo tail -f /var/log/vsftpd.log
Thu Apr 3 22:55:00 2026 [pid 12361] CONNECT: Client “192.168.1.10”
Thu Apr 3 22:55:00 2026 [pid 12361] FTP response: Client “192.168.1.10”, “220 (vsFTPd 3.0.5)”
Thu Apr 3 22:55:00 2026 [pid 12361] FTP command: Client “192.168.1.10”, “USER user1”
Thu Apr 3 22:55:00 2026 [pid 12361] FTP response: Client “192.168.1.10”, “331 Please specify the password.”
Thu Apr 3 22:55:00 2026 [pid 12361] FTP command: Client “192.168.1.10”, “PASS
Thu Apr 3 22:55:00 2026 [pid 12361] [user1] OK LOGIN: Client “192.168.1.10”
# 查看当前连接
$ sudo ss -tnp | grep :21
ESTAB 0 0 192.168.1.100:21 192.168.1.10:54321 users:((“vsftpd”,pid=12361,fd=0))
# 查看传输日志
$ sudo tail -f /var/log/xferlog
Thu Apr 3 22:55:30 2026 1 192.168.1.10 1024 /var/ftp/user1/test.txt b _ i r user1 ftp 0 * c
# 测试上传下载
$ lftp -u user1,password1 ftp://192.168.1.100
lftp user1@192.168.1.100:/> put test.txt
lftp user1@192.168.1.100:/> get test.txt
lftp user1@192.168.1.100:/> quit
# 配置防火墙被动模式端口
$ sudo firewall-cmd –permanent –add-port=40000-50000/tcp
success
$ sudo firewall-cmd –reload
success
# 配置SELinux
$ sudo setsebool -P ftp_home_dir 1
$ sudo setsebool -P ftpd_full_access 1
# 查看SELinux上下文
$ ls -Z /var/ftp/
unconfined_u:object_r:public_content_t:s0 user1
unconfined_u:object_r:public_content_t:s0 user2
unconfined_u:object_r:public_content_t:s0 user3
1. 禁用匿名访问提高安全性
2. 使用虚拟用户管理访问权限
3. 启用SSL/TLS加密传输
4. 配置合理的权限和配额
5. 定期检查日志文件
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
