Part 1: Theory 1. basic principles of FTP server 1. basic concept: ftp file transfer protocol: filetransportprotocol2. transmission mode: Active mode and passive mode 3. use port. active Mode: Command Control: 21 data transmission: 20B. passive mode: Command Control: Number 21...
Part 1: Theory
I. basic principles of FTP servers
1. basic concept: ftp file transfer protocol: file transport protocol
2. transmission mode: Active mode and passive mode
3. use port A. active mode: Command Control: 21 data transmission: 20
B. passive mode: Command Control: 21 random port after data transmission: 1024
II. common FTP server software
In Windows: iis serverU
In Linux: wu-ftp proftp vsftp
III. common server software vsftp-top priority of this chapter: very security file transport protocol
4. common ftp client software
1. features:
Features of FTP client software
Window program running in graphic environment
You can use the mouse or menu to perform operations.
User-friendly and easy to operate
2. common FTP client software
CuteFTP, leapftp, and flashxp are popular commercial software in Windows.
Filezilla is an open-source software running in Windows.
Gftp is an FTP client running in the GNOME desktop environment in Linux and is an important part of GNOME.
5. common configuration parameters in vsftpd. conf:
Anonymous_enable = YES enable anonymous users
Local_enable = YES enable local user
Write_enable = YES enable write permission for the local user
Local_umask = 022 mask of the file generated by the local user (the permission for uploading files is 644)
If the total permission of the uploaded folder is 777, and the file is 666 (file_open_mode = 0777 can be used)
Dirmessage_enable = YES dirmessage_enable is set to "YES". when you switch to a directory on the FTP server, the content of the. message implicit file under this directory is displayed.
When xferlog_enable = YES xferlog_enable is set to "YES", the FTP server enables upload and download logs.
(Log File:/var/log/xferlog)
When connect_from_port_20 = YES connect_from_port_20 is set to "YES", the FTP server will enable the connection request of the FTP data port.
When xferlog_std_format = YES xferlog_std_format is set to "YES", the FTP server uses the standard ftpd xferlog format.
Pam_service_name = vsftpd pam_service_name: Set the name of the configuration file for the PAM authentication service.
When userlist_enable = YES userlist_enable is set to "YES", the FTP server checks whether the user specified in the userlist_file setting file can access the vsftpd server.
(Userlist_enable = YES userlist_deny = NO indicates that users in vsftpd. user_list can log on)
(Userlist_enable = YES userlist_deny = YES indicates that users in the file cannot log on)
(By default, userlist_deny = yes means that users written to vsftpd. user_list cannot log on)
When listen = YES is set to yes, ftp is started independently. Otherwise, it is started as a super process.
When tcp_wrappers = YES tcp_wrappers is set to "YES", the FTP server uses tcp_wrappers as the host access control mode.
Chroot_local_user = YES restrict local users from being banned from the home directory
Max_clients = 100 Max client
Max_per_ip = 5 maximum number of connections per ip
Local_max_rate = 500000 maximum local user transmission rate (unit: byte)
Anon_max_rate = 200000 maximum transmission rate of anonymous users
Listen_port = 2121 change the default ftp port number
6./etc/vsftpd. ftpusers is used to save the local user account that is not allowed to log on to FTP.
VII./etc/vsftpd. user_list file provides more flexible user access control for vsftpd servers
If you want to prevent users in the file from logging on to the ftp server
Userlist_enable = YES
Userlist_deny = YES
If you want to allow users in the file to log on to the ftp server
Userlist_enable = YES
Userlist_deny = NO
8. user types supported in vsftpd
1. anonymous User: anonymous user name: ftp and anonymous
2. system users: actual users in the system
3. virtual users: non-system users
Part 2: Experiment
Experiment 1: Test anonymous users and system users
1. install the ftp software package: rpm-ivh vsftpd ......
2. start the ftp service: service vsftpd start
3. log on to the ftp client for testing.
A. run the test command in cmd: ftp server ip address.
B. Use a client to log on to and test windows clients: flashxp, cuteftp, and leapftp.
Linux client: gftp (first install the gftp package)
Test 2: ftp Virtual User configuration
1. create a virtual user password library file (username and password in the odd line)
Go to the/etc/vsftpd directory and create the file benet.
2. generate vsftpd authentication File (need to install db4-util book not introduced)
Db_load-T-t hash-f/etc/vsftpd/benet. db
3. create the PAM configuration file (/etc/pam. d/) required by the virtual user /)
Go to/etc/pam. d and create the ftp file. the content is as follows:
Auth required/lib/security/pam_userdb.so db =/etc/vsftpd/benet (database name)
Account required/lib/security/pam_userdb.so db =/etc/vsftpd/benet (database name)
4. create system users required by virtual users
Useradd aa-d/virtual (virtual User home directory)-s/sbin/nologin
5. create the directory to be accessed by the virtual user and set the corresponding permissions (modify the home directory permission 700)
Chmod 700-R/virtual
6. set the/etc/vsftpd. conf configuration file and add the following content at the end of the document:
Guest_enable = YES
Guest_username = aa (new system user)
Pam_service_name = ftp (verification module name)
User_config_dir =/etc/vsftpd_user_conf configuration directory for virtual user permissions
7. enter/etc/vsftpd_user_conf to create the files aa and bb. These two files are the permission configuration files for aa and bb users. the following parameters are specific parameters that may be used.
Anon_world_readable_only = NO indicates that you can browse the FTP directory and download files.
Anon_upload_enable = YES indicates that you can upload files.
Anon_mkdir_write_enable = YES indicates that the user has the permission to create a directory and cannot delete the directory.
Anon_other_write_enable = YES indicates that the user has the permission to rename and delete files.
Local_root =/specify the virtual user directory
8. grant aa users the permission to browse and download, and bb users the permission to browse, upload, download, and delete.
Supplemental lab
1. how to implement anonymous user uploads.
Create a directory under/var/ftp/to upload the file.
2. how to restrict any local switch to the home directory.
Chroot_local_user = YES