FTP configuration of the server
a FTP installation of the server
1 ) FTP related files generated after server installation
/ETC/LOGROTATE.D/VSFTPD #实现日志滚动的程序/etc/pam.d/vsftpd #用户认证配置文件/etc/rc.d/init.d/vsftpd #服务脚本/etc/vsftpd #配置文件所在目录/ Etc/vsftpd/ftpusers #控制哪些用户是否可登陆ftp/etc/vsftpd/user_list #控制哪些用户是否可登陆ftp/etc/vsftpd/vsftpd.conf #主配置文件/var/ftp # Anonymous user (mapped to system user) shared resource location
2 ) Installation FTP Server (configured before installation Yum Source and ensure iptables close)
#yum install vsftpd –y View the files generated after installing Vsftp #rpm -ql vsftpd start the VSFTPD service and see if Port 21 is turned on # service vsftpd startstarting vsftpd for vsftpd: [ OK ]# ss -tnlp | grep 21listen 0 32 *:21 *:* users: (("vsftpd", 2933, 3) to this, Our FTP server is installed! Test the connection to access the FTP server and discover that it can be used successfully! # ftp 192.168.3.130lftp 192.168.3.130:~> ls drwxr-xr-x 2 0 0 4096 Aug 04 2014 pub
two based on MySQL Storage of user information authentication FTP configuration of the server
1. configuration file-related information
# whether anonymous users are allowed to log on. The default value is yes. anonymous=yes|no# whether anonymous users are allowed to upload files (if set to Yes, write_enable must also be set to Yes). The default value is No. anon_upload_enable=yes|no# whether to allow anonymous users to create directories (if set to Yes, write_enable must also be set to Yes). The default value is No. anon_mkdir_write_enable=yes|no# whether anonymous users are allowed to delete and rename files (if set to Yes, write_enable must also be set to Yes). The default value is No. anon_other_write_enable=yes|no# specific explanations please see my other blog post. The default value is yes. anon_world_readable_only=yes|no# is used to set the Umask value of an anonymous user's upload file. The default value is 077. anon_umask=077 users limit the transfer speed (in byte/s) for anonymous users. The default value is 0 (indicates no limit). anon_max_rate=0# whether to allow anonymous users to connect over SSL (if set to Yes, the ssl_enable must also be set to Yes). The default value is No. allow_anon_ssl=yes|no# whether to change the owner of the file after the anonymous user uploads the file. The default value is No. chown_uploads=yes|no# is used to set the owner of the file after the anonymous user uploads the file (the parameter only takes effect if Chown_uploads is set to YES). The default value is root. chown_username=root# whether to allow non-anonymous users to log on. The default value is No. local_enable=yes|no# whether the user is allowed to have write permissions. The default value is No. write_enable=yes|no# whether the user is allowed to download files. The default value is yes. download_enable=yes|no# is used to set umask values for non-anonymous users to upload files. The default value is 022. local_umask=022# whether to allow users to compare commands that consume system resources after logging on to the FTP server using LS -R. The default value is No. ls_recurse_enable=yes|no# whether the user is allowed to use column directory commands such as Dir. The default value is YeS dirlist_enable=yes|no# whether the user list is enabled. The default value is No. userlist_enable=yes|no# if set to YES, the user in the Deny list is logged in, otherwise the user is allowed to log on only in the list. The default value is yes. userlist_deny=yes|no# the path used to set the user list. The default value is/etc/vsftpd/user_list. userlist_file=/etc/vsftpd/user_list# whether the local user is controlled in the home directory. The default value is No. chroot_local_user=yes|no# If set to Yes, Chroot_local_user must also be yes, indicating that only users in the list can leave the home directory, and if set to No, the list is not enabled. The default value is No. chroot_list_enable=yes|no # the path used to set the list. The default value is/etc/vsftpd/chroot_list. chroot_list_file=/etc/vsftpd/chroot_list# is used to specify the root directory of all non-anonymous users, by default, FTP directs each user to their home directory, and if you want all users to log in to the same root directory, Then you need to use this parameter. No default value. local_root# is used to limit the transfer speed (in byte/s) for non-anonymous users. The default value is 0 (indicates no limit). local_max_rate=0# whether the client is allowed to use commands such as sync. The default value is No. async_abor_enable=yes|no# whether to allow the uploading of files using ASCII transfer mode. The default value is No. ascii_upload_enable=yes|no# whether to allow the download of files using ASCII transfer mode. The default value is No. The ascii_download_enable=yes|no# is used to set the reply-in time-out (in seconds). The default value is 300. The idle_session_timeout=300# is used to set the time-out (in seconds) for data transfer. The default value is 300. The data_connection_timeout=300# is used to set the time-out (in seconds) for a passive connection. The default value is 60. The accept_timeout=60# is used to set the timeout time for the active connection (singleBits: seconds). The default value is 60. connect_timeout=60# is used to restrict the type of uploaded files, such as Deny_file={*.mp3,*.exe}. No default value. deny_file# when a VSFTPD server is connected to multiple networks, you need to set this parameter if you only want to listen for a request from a network. No default value. The listen_address# is used to set the listening port. The default value is 21. The listen_port=21# is used to set the maximum number of connections. The default value is 2000. The max_clients=2000# is used to set the maximum number of connections for the same host. The default value is 50. max_per_ip=50# whether to use local time. The default value is No. use_localtime=yes|no# whether standalone mode is enabled and listens through IPv4. The default value is No. listen=yes|no# whether standalone mode is enabled and listens through IPv6. The default value is No. listen_ipv6=yes|no# whether the Tcp_wrappers access control list is enabled. The default value is No. tcp_wrappers=yes|no# whether to use port 20 to transfer data. The default value is No. The connect_from_port_20=yes|no # is used to set the data transfer port. The default value is 20. ftp_data_port=20# the minimum value for the client's data connection port when setting up a passive connection. The default value is 0 (indicates a random port). pasv_min_port# the maximum value of the client's data connection port when setting up a passive connection. The default value is 0 (indicates a random port). The pasv_max_port# is used to set the running user for the VSFTPD service. The default value is nobody. nopriv_user=nobody# whether to enable logging of user uploads/downloads. The default value is No. xferlog_enable=yes|no# whether the log is logged using standard log files. The default value is No. The xferlog_std_format=yes|no# is used to set the path of the log file. The default value is/var/log/xferlog. xferlog_file=/var/log/xferlog# Specifies the welcome information when logging on to FTP. No default value. ftpd_banner# whether the user switches directoriesWhen the welcome message is displayed, if set to Yes, a file named. Message will need to be created in each directory where the welcome information needs to be displayed, and a welcome message must be entered inside. The default value is No. The dirmessage_enable=yes|no# is used to set the name of the file that holds the welcome information. The default value is. message. Message_file=.message
2. configuration Process
1). Lab Notes:
node1:192.168.3.11, as an ftp server
node2:192.168.3.12 , as MySQL Server
2). Experimental steps:
First, the installation of the necessary procedures
1. Install Node1 in vsftpd and connect MySQL module Pam _mysql #yum install vsftpd pam_mysql -y 2. Install MySQL on node2 and start the MySQL service #yum install mysql-servermysql-devel -y # service mysqld start # ss -tnlp | grep 3306LISTEN 0 50 *:3306 *:* users: (("mysqld", 2764,10))
Second, create a virtual user account
1. Preparing databases and related tables #mysql on Node2 >CREATE DATABASE vsftpd; >use vsftpd; >grant select on vsftpd.* [email protected] ' 192.168.3.% ' IDENTIFIED BY ' tanjie123 '; >flush privileges; test whether the authorization is successful on the Node1 host, whether the connection is successful # mysql -uvsftp - H192.168.3.12 -penter password:welcome to the mysql monitor. commands end with ; or \g..................... mysql> show databases;+----------------- ---+| database |+--------------------+| information_schema | | test | | vsftpd |+--------------------+3 rows in set (0.00 SEC) 2. Add a test virtual user on Node2 create a user table on Node2 and insert user data >CREATE TABLE users ( id INT UNSIGNED NOT NULLAUTO_INCREMENT PRIMARY KEY, name varchar ( BINARY NOT NULL, ) password char ( binary notnull); >desc users; >insert into users (Name, Password) values (' Tom ', password (' tanjie123 ')), (' Jerry ', password (' Tanjie ')); >select * from users;+----+-------+-------------------------------------------+| id | name | p assword |+ ----+-------+-------------------------------------------+| 1 | tom | * dd9360964df8a7220b7d9725afe323c5587b635f | | 2 | jerry |*d3d009de1810bbfd11427a1bed30c9b22564dd4d |+----+-------+---------- ---------------------------------+2 rows in set (0.00 SEC)
three Configuration vsftpd
1. Documents #vim required to establish PAM certification in Node1 /etc/pam.d/vsftpd.mysql Add the following: auth required pam_mysql.souser=vsftp passwd=tanjie123 host= 192.168.3.12 db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2 account required pam_ Mysql.souser=vsftp passwd=tanjie123 host=192.168.3.12 db=vsftpd table=usersusercolumn=name passwdcolumn=password crypt=2 2. Modifying configuration files in Node1 first set up the system account, the user name is VUser, home directory for/var/ftproot vuser, and give/var/ftproot directory other users can read, Executable Permissions #useradd -s /sbin/nologin -d /var/ Ftproot vuser #chmod go+rx /var/ftproot #vim / etc/vsftpd/vsftp.conf Add the following 2 items to the file and modify the Pam_service_name to Vsftpd.mysql: guest_enable=YES guest_username=vuser pam_service_name=vsftpd.mysql #service vsftpd restart
test access on Node2 , enter Tom, password tanjie123
#ftp 192.168.3.11
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/5F/wKioL1X7ppGiUThRAAF5g08cWeM759.jpg "title=" 1.png " alt= "Wkiol1x7ppgiuthraaf5g08cwem759.jpg"/>
four . Configure virtual users to have different access rights
1. Add vsftpd virtual user to profile directory in config file, #vim vsftpd.conf Add an item: user_config_dir=/etc/vsftpd/vusers Create a virtual user using the profile directory, And in the directory to create Tom and Jerry files, change the configuration, so that Tom can upload, create, delete files, and Jerry can not upload, create, delete files #mkdir /etc/vsftpd/vusers #cd vusers #vim tom anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES #vim jerry anon_upload_enable=no anon_mkdir_write_enable=NO anon_other_write_enable=no Restart service #service Vsftpd restart
on node2 , log in 192.168.3.11with ftp and choose Tom log in with Jerry and upload and create files separately to see if the results are successful or not.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/62/wKiom1X7pHCxfNFSAAIc_yv6lxg327.jpg "title=" 2.png " alt= "Wkiom1x7phcxfnfsaaic_yv6lxg327.jpg"/>
Configuration of FTP server under Linux system