Experimental topology:
Linux Client
-----RHEL5.9 (Vmnet1)----------(VMNET1)
Win7 Client
Experiment one: Test the results of the default installation vsftpd
Anonymous users and local users can log on
Anonymous user Login to/var/ftp, only download cannot upload
Local user Login to local user's home directory, can upload and download
Server-side settings
[[email protected] ~]# cd/misc/cd/server //Enter RHEL5.9 disc
[[email protected] server]# ls *vsftpd* //view VSFTP installation package
vsftpd-2.0.5-28.el5.x86_64.rpm
[[email protected] server]# RPM-IVH vsftpd-2.0.5-28.el5.x86_64.rpm //Installation VSFTPD
[[Email protected] server]# service vsftpd restart //start VSFTPD services
[[email protected] server]# chkconfig vsftpd on //Set VSFTPD boot from
[[email protected] server]# touch/var/ftp/pub/test1.txt //Create test file
[Email protected] ~]# Useradd Kaka
[Email protected] ~]# echo "123456" | passwd--stdin Kaka //Set password for user Kaka
Changing password for user Kaka.
Passwd:all authentication tokens updated successfully.
Validation: (client-side test)
[[Email protected] ~]# FTP 192.168.1.253 //Connect FTP server
Connected to 192.168.1.253.
(VsFTPd 2.0.5)
530 Login with USER and PASS.
530 Login with USER and PASS.
Kerberos_v4 rejected as an authentication type
Name (192.168.10.253:root): FTP //anonymous user login
331 Specify the password.
Password:
Successful Login. //Login Successful
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> CD Pub //Enter the pub directory
Directory successfully changed.
Ftp> ls
227 Entering Passive Mode (192,168,1,253,75,98)
Here comes the directory listing.
-rw-r--r--1 0 0 11627 June 02:04 etc.txt
226 Directory send OK.
Ftp> get Test1.txt //download test file
Local:etc.txt Remote:etc.txt
227 Entering Passive Mode (192,168,1,253,136,141)
Opening BINARY mode data connection for Etc.txt (11627 bytes).
226 File send OK.
11627 bytes received in 0.00082 seconds (1.4e+04 kbytes/s)
ftp>!ls //! Execute the command externally to view
Download results
Anaconda-ks.cfg test1.txt install.log.syslog //download Test.txt success
Desktop Install.log
Ftp> put Install.log //upload file
Local:install.log Remote:install.log
227 Entering Passive Mode (192,168,1,253,46,17)
550 Permission denied. //no permission denied
Ftp> quit //Exit
...
Experiment Two:
Prevent anonymous users from logging on
Modify FTP default port to 2121
Imprison local users in their home directory
Experimental steps:
[Email protected] ~]# cd/etc/vsftpd/
[[email protected] vsftpd]# cp vsftpd.conf Vsftpd.conf.bak //backup VSFTPD main
File
[[email protected] vsftpd]# vim vsftpd.conf //edit VSFTPD main
File
...
Anonymous_enable=no //anonymous user not allowed
Access
...
119 listen_port=2121 //Listening port 2121
Chroot_local_user=yes
[[Email protected] vsftpd]# service vsftpd restart //Restart services
[Email protected] vsftpd]# NETSTAT-TULNP | grep vsftpd //view listening port
TCP 0 0 0.0.0.0:2121 0.0.0.0:* LISTEN
4705/vsftpd
Test:
FTP 192.168.1.253 2121 //Login FTP
Name (192.168.1.253:root): Kaka //user Kaka login
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd //view current directory as pseudo root directory (i.e. user home directory)
257 "/"
Experiment Three: Verify Black/White list
/etc/vsftpd/ftpusers//Blacklist
/etc/vsftpd/user_list //Black/White list
[[email protected] ~]# useradd Jerry //Add user Jerry
[Email protected] ~]# Useradd Mike
[Email protected] ~]# echo "123456" | passwd--stdin Jerry //Set a password for user Jerry
Changing password for user Jerry.
Passwd:all authentication tokens updated successfully.
[Email protected] ~]# echo "123456" | passwd--stdin Mike
Changing password for user Mike.
Passwd:all authentication tokens updated successfully.
[[email protected] ~]# grep kaka/etc/vsftpd/ftpusers //See if the user Kaka is blacklisted
Kaka //user Kaka in blacklist
Excuse me, can kaka login ftp??
[[email protected] ~]# grep jerry/etc/vsftpd/user_list //See if the user Jerry is in the black and white list
Jerry
Could jerry log in to FTP???
[[email protected] ~]# vim/etc/vsftpd/vsftpd.conf //Edit VSFTPD Master profile
...
121 Userlist_deny=no //Deny user list select NO
[Email protected] ~]# service vsftpd restart
May I ask Kaka, Jerry, Mike who can log in???
Only jerry can log in.
After the experiment, please 121 the main configuration file Userlist_deny=no comments, add user_list and Ftpusers
Account is removed
Experiment Four:
Local Users log in to the/data/ftproot directory
Up upload/download, down download only. Deny all user logins including anonymous users
Up to 20 concurrent, up to 2 concurrent per IP address
Limit download speed limit to 100kb/s
[[email protected] ~]# mkdir-p/data/ftproot //new Folder FTPRoot
[[email protected] ~]# useradd up
[Email protected] ~]# Useradd down
[Email protected] ~]# echo "Redhat" | passwd--stdin up
[Email protected] ~]# echo "Redhat" | passwd--stdin Down
[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
...
Anonymous_enable=no //Turn off anonymous user access
...
Write_enable=yes //Allow writable
...
117 Userlist_enable=yes //Enable black and white list
...
121 Userlist_deny=no //Whether to enable black-and-white list rejection, not enabled
122 Local_root=/data/ftproot //Specify VSFTP directory
123 max_clients=20 //Maximum number of connections
124 max_per_ip=2 //MAX concurrent number
local_max_rate=100000 //MAX download speed
[Email protected] ~]# service vsftpd restart
[Email protected] ~]# setfacl-m u:up:rwx/data/ftproot/
[Email protected] ~]# tail-n 2/etc/vsftpd/user_list
Up
Down
[[email protected] ~]# dd If=/dev/zero of=/data/ftproot/local.tgz bs=1m count=1000// Create test file
Test:
[[Email protected]~]# wget ftp://up:[email protected]:2121/local.tgz//download file test download speed
Vsftpd.conf Master configuration file interpretation
Listen whether to monitor the service in a standalone manner
listen_address Setting the IP address of the Listening FTP service
Listen_port setting up ports to listen for FTP services
Write_enable whether Write permission is enabled
Download_enable whether to allow download
Userlist_enable whether the User_list list file is enabled
Userlist_deny whether to disable users in User_list
Max_clients limit the number of concurrent clients
Max_per_ip limit the number of concurrent connections per client IP
Anonymous_enable whether anonymous access is enabled
Anon_umask permission mask for anonymous uploads
Anon_root Anonymous FTP root directory
Anon_upload_enable whether to allow uploading of files
Anon_mkdir_write_enable whether to allow the directory to be built
Anon_other_write_enable Other write controls
Anon_max_rate Maximum transfer speed (Bytes/sec)
Local_enable whether local users are enabled
Local_umask permission masks uploaded by local Users
Local_root Local user's FTP root directory
Chroot_local_user is locked in the home directory
Local_max_rate Maximum transfer rate (Bytes/sec)