1 installationvsftpd
[[email protected] ~]# yum install vsftpdloaded Plugins:product-id, Search-disabled-repos, Subscription-managerthis system is not registered with an entitlement server. You can use the Subscription-manager to register. Resolving dependencies--> Running Transaction Check---> Package vsftpd.x86_64 0:3.0.2-22.el7 would be installed--& Gt Finished Dependency resolutiondependencies resolved============================================================== ========================================================= Package Arch Version Repository size===================================================================== ==================================================INSTALLING:VSFTPD x86_64 3.0.2- 22.EL7 DVD 169 Ktransaction summary============================================== =========================================================================install 1 packagetotal Download size:169 kinstalled size:348 kIs This ok [y/d/n]: Ydownloading Package S:running transaction checkrunning Transaction testtransaction test succeededrunning transaction installing:vsftpd-3.0 .2-22.el7.x86_64 1/1 verifying:vsftpd-3.0.2- 22.el7.x86_64 1/1 Installed:vsftpd.x86_64 0:3 .2-22.EL7 complete! [[email protected] ~]# 2 installation ftp lftp client software
[[email protected] ~]# yum install FTP lftp-yloaded plugins:product-id, Search-disabled-repos, Subscription-managerthis system is not registered with an entitlement server. You can use the Subscription-manager to register. Resolving dependencies--> Running Transaction Check---> Package ftp.x86_64 0:0.17-67.el7 would be installed---> P Ackage lftp.x86_64 0:4.4.8-8.el7_3.2 'll be installed--> finished Dependency resolutiondependencies Resolved======= =============================================================================================================== = Package Arch Version Repository size=== =============================================================================================================== =====installing:ftp x86_64 0.17-67.EL7 DVD Lftp K-x86_64 4.4.8-8.el7_3.2 DVD 752 Ktransaction summary========================================== =============================================================================install 2 PackagesTotal Download size : 812 kinstalled size:2.5 mdownloading Packages:------------------------------------------------------------------- ----------------------------------------------------Total 8.7 MB/s | 812 KB 00:00:00 Running transaction checkrunning transaction testtransaction test succeededrunning transaction Insta Lling:lftp-4.4.8-8.el7_3.2.x86_64 Installi Ng:ftp-0.17-67.el7.x86_64 2/2 Verifying : ftp-0.17-67.el7.x86_64 verifying:l ftp-4.4.8-8.el7_3.2.x86_64 2/2 Installed:ftp.x86_64 0:0.1 7-67.el7 lftp.x86_64 0:4.4.8-8.el7_3.2 complete!3 Start the service and join the boot-up
[[email protected] ~]# systemctl start vsftpd[[email protected] ~]# systemctl enable vsftpdCreated symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
4 Viewing the Listening port status
Using anonymous open mode[[email protected] ~]# ss -lntup | grep vsftpdtcp LISTEN 0 32 :::21 :::* users:(("vsftpd",pid=1411,fd=3))
The directory that is accessed by default after the service starts is/var/ftp, and anonymous users do not have upload, create, rename, delete functions. But with the download function.
Direct access after service is turned on
Create folder is rejected
Renaming failed
Let's modify the configuration file so that the anonymous user can upload the file, edit the configuration file vim /etc/vsftpd/vsftpd.conf , and modify it to the following content
anon_upload_enable=YESanon_umask=022
It is still not possible to upload the file because of the FTP permissions issue and we modify it to FTP user rights.
= = Note: The default anonymous user home directory/var/ftp permissions is 755, this permission can not be changed, remember! ==
[[email protected] var]# ll -d ftpdrwxr-xr-x 3 root root 30 Aug 13 21:32 ftp[[email protected] var]# chown -Rf ftp /var/ftp/pub[[email protected] var]# ll ftptotal 0-rw-r--r-- 1 root root 0 Aug 13 21:32 1.txtdrwxr-xr-x 2 ftp root 19 Aug 13 21:32 pub
Now can upload the file, but only upload to the ftp/pub directory, because just give this directory permissions. Now it's done. You can only upload files and downloads, but you cannot create folders.
Uploading files
Renaming failed
Create folder is rejected
[[email protected] var]# ll ftp/pubtotal 0-rw-r--r-- 1 ftp root 0 Aug 13 21:32 2.txt-rw-r--r-- 1 ftp ftp
If you need to turn on anonymous users to create a folder feature, modify the configuration file as shown below.
anon_upload_enable=YESanon_mkdir_write_enable=YESanon_umask=022
Anonymous users can now upload files and download files and create folders. but cannot be renamed.
If you need to turn on anonymous user upload download and create folders and rename and delete features, modify the configuration file as shown below.
anon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESanon_umask=022
Now anonymous users can upload and download, create folders and delete folders and files, and rename them.
Uploading files
New Folder
This is the maximum permissions of anonymous users, generally anonymous access, as long as the download function can be. The website provides what users download what.
Using local user modeSample Demo The company has an FTP and Web server, the function of FTP is mainly used to maintain site content, for uploading files, creating directories, updating Web pages and so on. The company has two departments responsible for maintenance tasks, they are used team1 and TEAM2 account management, require only allow team1 and team2 account login to the FTP server, single can not log on to the local system, and the root directory of the two accounts to limit to/var/www/html, You cannot go into any directory other than this directory.
Pre-preparation first installation apache and vsftpd , the specific installation method here is not introduced.
Create test accounts team1 and TEAM2
[[email protected] ~]# useradd -s /sbin/nologin team1 [[email protected] ~]# useradd -s /sbin/nologin team2[[email protected] ~]# echo "123456" | passwd --stdin team1Changing password for user team1.passwd: all authentication tokens updated successfully.[[email protected] ~]# echo "123456" | passwd --stdin team2Changing password for user team2.passwd: all authentication tokens updated successfully.
Next, modify the configuration file, which is somewhat different in RHEL6 and RHEL7
anonymous_enable=NOlocal_enable=YESchroot_local_user=YESlocal_root=/var/www/htmlallow_writeable_chroot=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list
You can put unlimited accounts in here and create a user list file because this account accesses other directories. But it's dangerous to do things like that.
[[email protected] ~]# touch /etc/vsftpd/chroot_list[[email protected] ~]# vim /etc/vsftpd/chroot_list teamleader
Modifying the root permissions of Apache/var/www/html
[[email protected] ~]# ll -d /var/www/html/drwxr-xr-x 2 root root 6 May 9 2017 /var/www/html/[[email protected] ~]# chmod -R o+w /var/www/html/
Access test
Do not restrict user access
No restrictions on user access, users can freely go to any directory
Restrict user access, the user is only in this directory, the security aspect is relatively much better.
File owner permissions after file upload
Virtual user modeExample demo in order to promote the company's product information, plans to build an FTP server, to provide customers with relevant information download, only allow download product information, prohibit uploading. The company's cooperation unit and can be uploaded and downloaded on the FTP server, but cannot delete the data.
Create user database files for FTP authentication, where odd-numbered account names and even-numbered behavior passwords are created. Editvim /etc/vsftpd/vuser.list
ftp123456vip123456
Because the plaintext information is neither secure nor compliant with the format that the VSFTPD service program directly adds, you need to use the Db_load command to turn the plaintext information file into a database file using the hash algorithm. Required for installation in RHEL6 db4-utils , in RHEL7libdb-utils
[[email protected] ~]# rpm -qf `which db_load`libdb-utils-5.3.21-20.el7.x86_64[[email protected] ~]# db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db[[email protected] ~]# file /etc/vsftpd/vuser.db /etc/vsftpd/vuser.db: Berkeley DB (Hash, version 9, native byte-order)
Reduce permissions on database files to prevent others from seeing the contents of the database file, and then delete the plaintext information file.
[[email protected] ~]# chmod 600 /etc/vsftpd/vuser.db[[email protected] ~]# ll /etc/vsftpd/vuser.db-rw------- 1 root root 12288 Aug 14 01:19 /etc/vsftpd/vuser.db
Create a Pam file to support virtual users
Vim/etc/pam.d/vsftpd.vu
auth required pam_userdb.so db=/etc/vsftpd/vuseraccount required pam_userdb.so db=/etc/vsftpd/vuser
Establish the root directory of the user store file and the system-local user mapping the virtual user.
[[email protected] ~]# useradd -d /var/ftp/share -s /sbin/nologin ftpuser[[email protected] ~]# useradd -d /var/ftp/vip -s /sbin/nologin ftpvip[[email protected] ~]# chmod -R 500 /var/ftp/share/[[email protected] ~]# chmod -R 700 /var/ftp/vip/
Modifying a configuration file
anonymous_enable=NOlocal_enable=YESallow_writeable_chroot=YESpam_service_name=vsftpd.vuuser_config_dir=/etc/vsftpd/vuserconfigmax_clients=300max_per_ip=10
Create a virtual account configuration file
[[email protected] ~]# mkdir /etc/vsftpd/vuserconfig[[email protected] ~]# touch /etc/vsftpd/vuserconfig/ftp[[email protected] ~]# touch /etc/vsftpd/vuserconfig/vip
/etc/vsftpd/vuserconfig/ftpWhat's in vim editing
guest_enable=YESguest_username=ftpuseranon_world_readable_only=NOanon_max_rate=50000
/etc/vsftpd/vuserconfig/vipWhat's in vim editing
guest_enable=YESguest_username=ftpvipanon_world_readable_only=NOwrite_enable=YESanon_mkdir_write_enable=YESanon_upload_enable=YESanon_max_rate=2000000
Test your FTP account
[[email protected] ~]# lftp 192.168.56.15 -u ftp,123456lftp [email protected]:~> ls drwx------ 5 0 0 97 Aug 13 18:14 grub2-r--r--r-- 1 0 0 11607904 Aug 13 18:13 mariadb-server.rpm
Access Speed limit Test
Test VIP Account
[[email protected] ~]# lftp 192.168.56.15 -u vipPassword: lftp [email protected]:~> ls -rw------- 1 1004 1004 5505024 Aug 13 18:33 kali-linux-2018.2-amd64.iso-rw------- 1 1004 1004 111017984 Aug 13 18:36 kali-linux-2018.2-amd641.iso-r--r--r-- 1 0 0 11607904 Aug 13 18:30 mariadb-server.rpm
Upload and download access speed test
Basic Linux Learning-transfer files using the VSFTPD service
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
