Simple usage of VSFTPD

In the company's business, there are some commonly used software is publicly used, such as Xshell this some commonly used, when the use of the time can not be downloaded it!!!
So the company will build some shared servers, etc., this is the introduction of the use of VSFTPD

(This request, will vsftpd to make, realizes the anonymous user can upload)


The client can upload the download from the server
192.168.1.100----------"192.168.1.1
PC Client----------------------------FTP server




The first step is to install the package
This time using Yum installation, you can also use the RPM or source package installation, incidentally shut down the firewall

[Email protected] Desktop]# yum-y install VSFTPD

The second step, and then wait for the installation to complete, after the installation, it is necessary to modify the master configuration file to enable anonymous users to access
The path to the master configuration file is in/etc/vsftpd/vsftpd.conf
[[Email protected] Desktop]# vim/etc/vsftpd/vsftpd
Vsftpd.conf vsftpd_conf_migrate.sh
[[Email protected] Desktop]# vim/etc/vsftpd/vsftpd.conf
...
Anon_upload_enable=yes #是否允许匿名用户上传, default is no
...
Anon_mkdir_write_enable=yes #是否允许匿名用户创建目录, the default is no #这里为了简单, directly with the set Nu to display the line number configuration changes
Anon_other_write_enable=yes #是否允许匿名用户进行其他所有的写入操作
...
The third step, after the modification, save exit, then Set ACL permissions
[Email protected] ~]# setfacl-m u:ftp:rwx/var/ftp/pub/
[Email protected] ~]# getfacl/var/ftp/pub/
Getfacl:removing leading '/' from absolute path names
# file:var/ftp/pub
# Owner:root
# Group:root
User::rwx
User:ftp:rwx
Group::r-x
Mask::rwx
Other::r-x
Fourth, start the service, and set the service to boot automatically, with the client to access
[Email protected] ~]# service vsftpd restart
[Email protected] ~]# chkconfig vsftpd on
Then use the anonymous user upload download to try it


The result is successful, but as it is used, the problem arises because anonymous users can upload and download, and the things they pass on can be deleted.
So the safety of this piece is not very good, careful can also be found to enter the server root directory, this is simply too insecure
The next step is to improve security in this respect, open the firewall, prohibit anonymous user access, will access the user Prisoner home directory
Then the last implementation of the use
[[Email protected] Desktop]# vim/etc/vsftpd/vsftpd.conf
Anonymous_enable=no #拒绝匿名用户登录
Chroot_local_user=yes #将访问用户囚禁在家目录
Then restart the service, turn on the firewall
[Email protected] ftp]# service vsftpd restart
Close vsftpd: [OK]
Start vsftpd for vsftpd: [OK]
[[Email protected] ftp]# service iptables start
Iptables: Apply firewall rule: [OK]
First, clear the firewall rules,
[Email protected] ftp]# iptables-f
[Email protected] ftp]# IPTABLES-NL
Chain INPUT (Policy ACCEPT)
Target Prot opt source destination

Chain FORWARD (Policy ACCEPT)
Target Prot opt source destination

Chain OUTPUT (Policy ACCEPT)
Target Prot opt source destination
And then write to the firewall rules.
[Email protected] ftp]# iptables-a input-p tcp--dport 21-j ACCEPT #允许通过21号端口
[[Email protected] ftp]# service Iptables Save
Iptables: Save firewall Rules to/etc/sysconfig/iptables: [OK]
Save the firewall rules.
Here's an interesting verification, called VSFTPD Black and white list
Create several users
[Email protected] ~]# Useradd Lily
[Email protected] ~]# Useradd Mike
[Email protected] ~]# Useradd Kaka
[Email protected] ~]# echo "123456" | passwd--stdin Lily
Changing password for user lily.
Passwd:all authentication tokens updated successfully.
[Email protected] ~]# echo "123456" | passwd--stdin Mike
Changing password for user Mike.
Passwd:all authentication tokens updated successfully.
[Email protected] ~]# echo "123456" | passwd--stdin Kaka
Changing password for user Kaka.
Passwd:all authentication tokens updated successfully.
Here for simplicity, set the password to 123456.
Then write the/etc/vsftpd/ftpusers blacklist/etc/vsftpd/user_list Whitelist Separately, the default is blacklist
[Email protected] ~]# grep lily/etc/vsftpd/ftpusers #测试黑名单
Lily
[Email protected] ~]# grep mike/etc/vsftpd/user_list #测试白名单
Mike

Then restart the service to verify that only Kaka users can access it, but many do not understand why the white list of access does not go in, see below
[[email protected] ~]# grep userlist_deny/etc/vsftpd/vsftpd.conf
Userlist_deny=no #只允许user_list里面的用户访问FTP
Because the whitelist is not open by default, so the role is equal to the blacklist, the following white list open
[Email protected] ftp]# vim/etc/vsftpd/vsftpd.conf
119 Userlist_enable=yes #是否启用user_list名单
Userlist_deny=no #是否允许user_list名单中的进行访问还是拒绝
Then restart the service for verification

This article is from the Linux Services blog, so be sure to keep this source http://9239489.blog.51cto.com/9229489/1639745

Simple usage of VSFTPD