以下报错可以避免
- ftp vsftpd 530 login incorrect
- FTP连接不上,显示连接成功后无法获取目录列表
- refuse to run with writeable
创建 ftp用户密码以及家目录
user='zzz1122'
password1=$user'@2024'
mkdir /home/$user
useradd -g ftp -d /home/$user -s /sbin/nologin $user
echo "$user:$password1" | chpasswd
chown $user:ftp /home/$user
chmod 766 /home/$user
修改 /etc/pam.d/vsftpd 文件重新指定 .so 文件
#auth required pam_shells.so
auth required pam_nologin.so
vsftpd.conf 具体配置
[root@localhost home]# cat /etc/vsftpd/vsftpd.conf | grep -vE '^$|^#'
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
chroot_local_user=YES
listen_port=10021
ftp_data_port=10020
pasv_enable=YES
pasv_min_port=10221
pasv_max_port=10231
pasv_promiscuous=YES
allow_writeable_chroot=YES
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
[root@localhost home]#
服务 service 具体配置
[root@localhost pam.d]# cat /etc/services | grep -vE '^$|^#' | grep -E '^(ftp\s{8,13}.*/(tcp|udp.*)|ftp-data\s{8,13}.*(tcp|udp))$'
ftp-data 10020/tcp
ftp-data 10020/udp
ftp 10021/tcp
ftp 10021/udp fsp fspd
[root@localhost pam.d]#
防火墙策略配置
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="15.6.69.21" port protocol="tcp" port="10021" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="15.6.69.21" port protocol="tcp" port="10221-10231" accept"
firewall-cmd --reload
别忘了重启 vsftpd 服务
service vsftpd restart
