FTP: File Transfer Protocol, Client/Server mode
1. Install WU-FTPD
#rpm -ivh wu-ftpd*.rpm #tar zxvf wu-ftpd*.tar.gz #cd wu-ftp* #./configure #make #make install |
If no installation directory is specified, the execution files are installed in/usr/bin and/usr/sbin by default.
2. Start the WU-FTPD
Cd to the/etc/xinetd. d/directory |
Open the wu-ftpd file and change disable = yes to disable = no.
Then restart the xinetd service:
#/etc/rc.d/init.d/xinetd restart |
Iii. Confirm FTP startup
#telnet localhost 21 Trying 127.0.0.1 connected to rh escape character is '^]', 220 rh.china.com FTP server (version wu-2.6.1) mon jul 24 01:59:25 EDT 2000)ready. |
^] // Press ctrl +.
Telnet> q // press Q to exit.
Iv. Anonymous FTP settings and organization
/Etc/ftpaccess // The most important profile for the WU-FTPD /Etc/ftpconversions // when an anonymous FTP user transfers a file, the file can be tar, compressed, and decompressed. /Etc/ftpgroups // specifies which user groups cannot log on to the FTP server. /Etc/ftphosts // specifies which network addresses cannot be connected to the FTP server /Etc/ftpusers // specifies who cannot log on to the FTP server. |
Executable program for the WU-FTPD
/Usr/bin/ftpcount // query the current number of online users. /Usr/bin/ftprestart // reactivate FTP /Usr/bin/ftpshut // generate the shutmsg file and suspend the FTP service. /Usr/bin/ftpwho // query online Conditions |
Directory of the downloaded file
To increase system security, you can use adduser to add administrators of FTP Server resources, such as ftpadm, and add ftpadm to the adm group. In this way, when others have suggestions for FTP, you can send an email to ftpadm, instead of having to run the root program on everything.
Modify/etc/group as follows:
adm:x4:root,adm,daemon,ftpadm |
Then:
/Var/ftp/bin directory
Because anonymous users cannot see anything except/var/ftp, they must provide enough files for anonymous FTP. By default,/var/ftp is the root directory of FTP users, /var/ftp/bin directory
Place some commonly used FTP commands, such as ls, tar, gzip, compress, and other execution files. The directory permission should be 111.
/Var/ftp/etc directory
This directory contains some settings files required by anonymous FTP users, such as passwd and group. When an anonymous user executes ls-l, the file and directory of the FTP server will display the owner's name and group instead of numbers. The permission for this directory is 111.
/Var/ftp/pub directory
Place the start point of the downloaded file. Normally, the file resource features are classified under the pub directory, and then subdirectories are created, which are planned by the Administrator.
/Var/ftp/upload directory
Upload directory. By default, the system does not provide the upload directory. If you need to upload files, you must create the directory by yourself to provide anonymous FTP users to upload files. To avoid viruses, a good administrator will filter the files and directories in upload. After everything is correct, the uploaded files will be moved to the download area. Generally, the permission for setting the upload directory is chmod 733.
5. Restrict login users and hosts
Users that can be logged on can be divided into three categories: real, anonymous, and guest.
Real:
A user who owns an account on this server and logs on to it with his account. The default logon directory for such accounts is its exclusive directory, but as long as he has the permission to read a directory, which directory can be switched even if the directory is not in its exclusive directory.
Anonymous:
Users without accounts on this server can use anonymous and email addresses as account names and passwords to log on to the server anonymously. The root cause after logon is/var/ftp, such users cannot switch to directories other than/var/ftp.
Guest:
Guest account. In some cases, the Administrator may only want users with accounts to access files under the exclusive directory rather than files outside the exclusive directory after logging on, therefore, the administrator can use ftpaccess to set the guestuser or guestgroup parameters in the file to specify which users belong to this type.
Set users that cannot log on
The/etc/ftpusers setting file is used to set which users are not allowed to log on. The method is that each user occupies a row.
Modify the/etc/ftphosts setting file
This file is used to allow or deny users to log on from different addresses. There are two formats: allow and deny.
1. allow specific users to log on to allow from a specified address
The format is as follows:
Allow
<帐号名称>
<主机地址>
... For example, allow the test user to log in from the * .china.com domain,
Allow test * .china.com
|
2. Refuse to log on to deny from a specified address.
The format is as follows:
Deny
<帐号名称>
<主机名称>
... For example, the user test is not allowed to log on from the address 202.198.16.8,
Deny test 202.198.16.8
|