FTP: File Transfer Protocol, client/server mode
I. Installation of WU-FTPD
#rpm-IVH wu-ftpd*.rpm #tar ZXVF wu-ftpd*.tar.gz #cd wu-ftp* #./configure #make #make Install |
If you do not specify an installation directory, their execution files are installed by default in/usr/bin and/usr/sbin respectively.
Second, start wu-ftpd
CD to/etc/xinetd.d/directory
|
Open the Wu-ftpd file and change the Disable = Yes to disable = No.
Then restart the XINETD service:
#/etc/rc.d/init.d/xinetd restart
|
third, verify that FTP is started
#telnet localhost 21 Trying 127.0.0.1 Connected to RH Escape character is ' ^] ', rh.china.com FTP Server (version wu-2.6.1) Mon 01:59:25 EDT) ready.
|
^]///press CTRL +] number interrupted.
TELNET>Q//Press Q key to exit.
Four, anonymous FTP setup and organization
/etc/ftpaccess//wu-ftpd most important setup files /etc/ftpconversions//Set FTP anonymous users to transfer files, you can do the file tar, compression, decompression and other processing. /etc/ftpgroups//Qualify which user groups cannot log on to the FTP server. /etc/ftphosts//Limits which network addresses the machine cannot connect to the FTP server /etc/ftpusers//Qualify who cannot log on to the FTP server. |
WU-FTPD's executable program
/usr/bin/ftpcount//Inquire the current number of online users. /usr/bin/ftprestart//re-activating FTP /usr/bin/ftpshut//produces shutmsg files and pauses the FTP service. /usr/bin/ftpwho//Query online
|
Put on, download directory of files
In order to increase the security of the system, you can use AddUser to add the FTP server resources managers, such as: Ftpadm, and add Ftpadm to the ADM group, so that when others have suggestions for FTP, you can send email to ftpadm, and do not have to root.
Modify the/etc/group content should read as follows:
Adm:x4:root,adm,daemon,ftpadm |
And then:
/var/ftp/bin Directory
Because anonymous users do not see anything other than/VAR/FTP, you must provide enough files for anonymous FTP to use, the default/var/ftp is the FTP user's root directory,/var/ftp/bin directory
Put some commonly used FTP commands, such as: ls,tar,gzip,compress, such as execution files, this directory permissions should be 111.
/VAR/FTP/ETC Directory
This directory places some of the settings files that anonymous FTP users need, such as Passwd,group. When an anonymous user executes ls-l, the FTP server's files and directories show the owner's name and group instead of the number. The permissions for this directory are 111.
/var/ftp/pub Directory
Place the starting point of the download file, usually in the pub directory, will classify the characteristics of the file resources, and then set up subdirectories, by the administrator of their own planning.
/var/ftp/upload Directory
Upload directory. System default does not provide upload directory, if you need to do file upload, to create their own directory to provide anonymous FTP users upload files, in order to avoid viruses, a good administrator will filter the files and directories in upload, all without problems, will upload files to the download area. The general set of permissions for the upload directory is: chmod 733
V. Restricting login users and hosts
Users can be logged into 3 categories, respectively, Real,anonymous,guest.
Real
The user who owns the account on this server and logs in with his account, the default login directory for such an account is its own directory, but as long as he has read access to a certain directory, even if the directory is not in its exclusive directory, can also switch to which directory.
Anonymous
Refers to users who do not have an account on this server, can use anonymous and e-mail address as the account name and password, login anonymously to the server, login after the root is/var/ftp, such users can not switch to directories other than/var/ftp.
Guest
Guest account. In some cases, an administrator may want to only access files in a proprietary directory, and not access files that are not in the exclusive directory, if the user who owns the account is logged in, so the administrator can use the Ftpaccess settings file The Guestuser or Guestgroup parameter specifies which users belong to this category.
Set up users who are not allowed to log in
The/etc/ftpusers settings file is used to set which users are not allowed to log in by one row for each user.
Modify/etc/ftphosts settings file
The file is used to allow or deny users access from different addresses, with allow and deny two formats.
1 Allow specific users to log into allow from the specified address
The format is as follows:
Allow < account name > < host address > ... For example, allow test users to log in from the *.china.com domain, Allow Test *.china.com
|
2 Deny specific users access to deny from the specified address
The format is as follows:
Deny < account name > < host name > ... For example, test users are not allowed to log in from 202.198.16.8 Addresses, Deny Test 202.198.16.8 |
Vi. Server environment settings (/etc/ftpaccess file)
Instructions
Class
Class is used to define a user workgroup and specify which categories of users belong to this workgroup, or from which sniper address, and we can define multiple workgroups in a ftpaccess file in the following format:
Class < workgroup name >< User class >< user's host address >
|
Workgroup name: This workgroup name, defined by the administrator
User Category: The category that can be used is real,anonymous,guest.
Host Address: Login to the user's host IP or domain name, where the host address can be clearly specified, or the use of wildcard * can also be.
The following example is the default value:
Class All Real,guest,anonymous * The workgroup name for this definition is all and sets this team member to all categories of users logged in from anywhere.
|
For example, Class group1 real *
Class group2 real,guest,anonymous *.china.com 203.84.200.*
|
Email
Set the FTP server administrator's e-mail address, when wu-ftpd to display the manager email address, it will show the format here:
For example:
Practice:
1 Start FTP
2 Establish user account AAA and BBB, set not allowed BBB landing
3 Establish a workgroup group1, define this team member is the real, and anonymous categories of users who are logged in from the 192.168.9.0 network
Guestuser
Specify users who belong to the guest category
For example (format):
Guestgroup
Use to specify which workgroup belongs to the guest category, and the following example will specify users who belong to the GUESTGP workgroup, all of which belong to the guest category: Guestgroup GUESTGP//GUESTGP Workgroup is established first.
Loginfails
Set the number of times that the user is allowed to log in at most failed, in the following format:
Loginfails < login times >//Login number means that the user is no longer allowed to attempt to log in after the user enters the wrong account and the password exceeds the set number of login times.
For example:
Readme
Used to set when the user log in to FTP, or the first time you switch a directory, there will be prompts to remind users to read the description file, the format is as follows:
Readme < description file path >< timing >< workgroup name >
|
Description file path:
Set the location of the description file where the set value can be used with the wildcard character *
Time:
Set the time to display the prompt, use the login option to indicate that the user is logged in, and use the cwd=< path > option to indicate the first time a user has switched to the directory.
Workgroup name:
Prompts are displayed only for the specified workgroup.
Practice:
Set:
Readme readme* Login//When the user login FTP, the system prompts the user to read the same directory of readme* files in the user's exclusive directory to create a readme file, or set up a file with the name of the readme, and enter some content.
Restart the XINETD service
/etc/rc.d/init.d/xinetd restart
|
Connect the FTP server in the shell state as user. You will be prompted to read the Readme file
Case II
Set README readme* cwd=*//indicates that users are prompted to read readme* files in the same directory when they switch to any directory at once.
Example Three
Setting the README readme* cwd=/lib GROUP1//indicates that the user is prompted to read the/lib file the first time the user in the group1 workgroup switches to the readme* directory.
Message
is used to set the welcome information that the system will display when the user is logged in, or the first time they switch to a directory, in the following format:
Message < information file path >< timing >< Category >
|
Information file path:
Set the location of the welcome information file, which is a path relative to the/var/ftp directory.
Time:
Set the time to display the message. Using the login option, the,cwd=< path > means that when the user first switches to the directory, the message is displayed only once the user switches to the directory, and if you switch back to the same directory again, the information is no longer displayed.
Current 1/2 page
12 Next read the full text