Linux服务器 Linux FTP Setup vsftpd Tutorial Server File Transfer FTP Service Configuration Linux Server 2025-12-08 118 views

What is FTP?

FTP (File Transfer Protocol) is a standard protocol used for transferring files over a network. Setting up an FTP service on a Linux server enables convenient file upload, download, and management between local computers and the server.

Why Choose vsftpd?

vsftpd (Very Secure FTP Daemon) is the most popular FTP server software in Linux systems, renowned for its security, stability, and high performance. It is ideal for beginners. This article will explain the setup process using vsftpd as an example.

I. Prerequisites

  1. Environment Requirements: A Linux server (e.g., CentOS 7/8 or Ubuntu 20.04/22.04) with administrative privileges (ability to run sudo or root commands).
  2. Network Requirements: Ensure the server has internet (or internal network) access and a configured IP address.

II. Install vsftpd Server

CentOS (using yum)

sudo yum install vsftpd -y  # Install vsftpd, -y auto-confirms installation

Ubuntu (using apt)

sudo apt update  # Update software sources
sudo apt install vsftpd -y  # Install vsftpd

III. Start the Service and Set Up Auto-Startup

Steps Common to CentOS/Ubuntu

# Start the vsftpd service
sudo systemctl start vsftpd

# Enable auto-start on boot
sudo systemctl enable vsftpd

Verify service status:

sudo systemctl status vsftpd  # Should show "active (running)"

IV. Configure Firewall (Open FTP Ports)

FTP requires two key ports:
- Port 21: Control connection (for command transmission)
- Passive Mode Port Range: Default 50000-60000 (data transfer, adjustable as needed)

CentOS (using firewalld)

# Open port 21 (control connection)
sudo firewall-cmd --permanent --add-port=21/tcp

# Open passive port range (50000-60000)
sudo firewall-cmd --permanent --add-port=50000-60000/tcp

# Reload firewall rules
sudo firewall-cmd --reload

# Check open ports
sudo firewall-cmd --list-ports  # Should show 21/tcp and 50000-60000/tcp

Ubuntu (using ufw)

# Open port 21
sudo ufw allow 21/tcp

# Open passive port range (50000-60000)
sudo ufw allow 50000:60000/tcp

# Enable ufw (if not already enabled)
sudo ufw enable

# Check status
sudo ufw status  # Should show 21/tcp and 50000-60000/tcp

V. Create FTP User (Security Note: Prevent Root Login)

1. Create FTP User

# Create user with home directory /home/ftpuser (customizable) and disable shell access
sudo useradd -d /home/ftpuser -s /sbin/nologin ftpuser

# Set user password
sudo passwd ftpuser
# Enter password when prompted (remember for later FTP login)

2. Set Directory Permissions

# Ensure directory owner is ftpuser and permissions are 755 (user: rwx, group/others: rx)
sudo chown -R ftpuser:ftpuser /home/ftpuser
sudo chmod 755 /home/ftpuser

VI. Configure vsftpd Service

Edit Configuration File

sudo vim /etc/vsftpd/vsftpd.conf

Modify Key Parameters (Only adjust these for beginners):

# Allow local users to log in (i.e., our created ftpuser)
local_enable=YES

# Allow write operations (upload/download)
write_enable=YES

# Restrict users to their home directory (prevent unauthorized access)
chroot_local_user=YES

# Allow writing in chroot environment (required for uploads)
allow_writeable_chroot=YES

# Passive mode port range (matches firewall open ports)
pasv_min_port=50000
pasv_max_port=60000

# Passive mode IP (server public IP or 0.0.0.0 for all IPs; use server IP for internal networks)
pasv_address=Server_IP  # e.g., 192.168.1.100

Save and Restart Service

# After saving the config file, restart vsftpd
sudo systemctl restart vsftpd

VII. Test FTP Connection

Local Testing (Server Terminal)

ftp localhost  # Connect to local FTP server
# Enter username: ftpuser, password: your set password
# After login, try uploading/downloading files (e.g.):
# put /tmp/test.txt  # Upload local temporary file
# get test.txt       # Download file

Remote Testing (Using Client Tools)

  1. Windows/macOS: Use FileZilla, Xftp, etc., with:
    - Host: Server IP
    - Port: 21
    - Username: ftpuser
    - Password: Your set password
  2. After successful connection: Upload/download files in the server directory (/home/ftpuser).

VIII. Common Troubleshooting

1. Connection Timeout or Refusal

  • Check Firewall: Confirm ports 21 and passive port range are open (firewall-cmd --list-ports or ufw status).
  • Check Service Status: sudo systemctl status vsftpd to ensure the service is running.

2. Permission Errors (550 Permission denied)

  • Check Directory Permissions: ls -ld /home/ftpuser; ensure owner is ftpuser and permissions are 755.
  • SELinux Issue (CentOS): Temporarily disable SELinux: sudo setenforce 0; if resolved, set permanently: sudo setsebool -P ftpd_full_access=on.

3. Passive Mode Failure

  • Check Port Range: Ensure pasv_min_port and pasv_max_port in vsftpd.conf match firewall open ports.
  • Test Passive Port: telnet Server_IP 50000 (replace 50000 with a port in the passive range).

Summary

You have successfully set up an FTP service using vsftpd. Its core is restricting user permissions and directories for security. Advanced features like anonymous users, virtual users, or SSL encryption (FTPS) can be added later. The local user mode is sufficient for daily, simple, and reliable file transfers.

Related Articles

Introduction to Shell Scripting: Automating Tasks on Linux Servers 2025-12-08 Detailed Explanation of Linux Network Services: From DNS to FTP 2025-12-08 Essential for Beginners: 5 Basic Linux Server Commands 2025-12-08 Zero to Hero: A Guide to Installing Linux on a Server 2025-12-08 Understanding Linux SSH Service: A Complete Guide to Configuration and Usage 2025-12-08
Xiaoye