Configure the FTP service in RedHatLinux

I. FTP working principle (1) the FTP server runs the FTPd daemon and waits for the user's FTP request. (2) The user runs the FTP command and requests the FTP server to serve it. For example, after receiving the user's FTP request, the FTP202.119.2.197 (3) FTPd daemon derives the sub-process FTP to interact with the user's process FTP, establishes a file transfer control connection, and uses TCP port 21. (4) The user enters the FTP sub-command, and the server receives the sub-command, if the command

I. How FTP works

(1) the FTP server runs the FTPd daemon and waits for the user's FTP request.

(2) The user runs the FTP command and requests the FTP server to serve it.

Example: FTP 202.119.2.197

(3) After receiving the user's FTP request, the FTPd daemon derives the sub-process FTP to interact with the user's FTP process, establishes a file transfer control connection, and uses TCP port 21.

(4) The user input the FTP sub-command, the server receives the sub-command, if the command is correct, each side derives a data transmission process FTP-DATA, establish a data connection, use TCP port 20, data transmission.

(5) The sub-command data transmission is complete, remove the data connection, end the FTP-DATA process.

(6) The user continues to input the FTP sub-command and repeats the (4) and (5) processes until the user enters the quit command. Both parties remove the control connection, end file transmission, and end the FTP process.

Ii. Install vsftp

(1) rpm-qa vsftpd # Check whether the vsftpd service is installed. If not. Execute (2 );

(2) rpm-ivh vsftpd-vsftpd-2.2.2-6.el6.i686 # Install the vsftpd service.

Iii. vsftpd service startup and Shutdown

(1)/etc/rc. d/iit. d/vsftpd start # start

(2)/etc/rc. d/iit. d/vsftpd stop # disable

(3)/etc/rc. d/iit. d/vsftpd restart # restart

Iv. vsftpd configuration file

(1)/etc/vsftpd. conf main configuration file

(2)/etc/pam. d/vsftpd

PAM Authentication file (the file =/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the user in the/etc/vsftpd/ftpusers file)

(3)/etc/vsftpd/ftpusers

Disable vsftpd user list files. Record the user name list that is not allowed to access the FTP server. The administrator can record some user accounts that are threatening system security in this file, this prevents the user from getting the right to upload or download more after logging on from FTP, which may cause damage to the system. (Note: This file is in the/etc/directory in the linux-4)

(4)/etc/vsftpd/user_list

Disable or allow vsftpd user list files. The Default User information specified in this file (in/etc/vsftpd. if userlist_deny = YES is set in conf, the FTP server cannot be accessed. When userlist_deny = NO is set, only the user specified in user_list can access the FTP server. (Note: This file is in the/etc/directory in the linux-4)

(5)/var/ftp

Vsftpd provides a scattered collection of files, including a pub subdirectory. By default, all directories are read-only.

V. vsftpd configuration file details

(1) User Logon Control

Anonymous_enable = YES, allows anonymous users to log on.

No_anon_password = YES. You do not need to enter a password when logging on as an anonymous user.

Local_enable = YES, allow local users to log on.

Deny_email_enable = YES, you can create a file to save the blacklist of some anonymous emails to prevent these people from using Dos attacks.

Banned_email_file =/etc/vsftpd. banned_emails. When the deny_email_enable function is enabled, the required path for saving the email blacklist is/etc/vsftpd. banned_emails by default ).

(2) user permission Control

Write_enable = YES. enable the global upload permission.

Local_umask = 022. The umask of the local user's uploaded file is set to 022 (the default value is 077. Generally, it can be changed to 022 ).

Anon_upload_enable = YES, which allows anonymous users to have the upload permission. Obviously, you must enable write_enable = YES to use this option. At the same time, we must create a directory that allows ftp users to read and write data (as mentioned earlier, ftp is mapped to user accounts by anonymous users ).

Anon_mkdir_write_enable = YES. Anonymous Users are allowed to create directories.

Chown_uploads = YES. If this option is enabled, the owner of the file to be uploaded anonymously will be changed to another user account. Note that you are advised not to specify the root account as the owner of the file to be uploaded anonymously!

Chown_username = whoever. When chown_uploads = YES is enabled, the specified owner account must be replaced by an appropriate user account.

Chroot_list_enable = YES. You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = YES, the specified users in this list are unrestricted.

Chroot_list_file =/etc/vsftpd. chroot_list. If chroot_local_user = YES, specify the Save path for the List (chroot_local_user) (/etc/vsftpd. chroot_list by default ).

Nopriv_user = ft1_cure: Specifies a secure User Account to allow the FTP server to be used as an independent user with full isolation and no privileges. This is a recommended option For vsftpd systems.

Async_abor_enable = YES. We strongly recommend that you do not enable this option, otherwise it may cause errors!

Ascii_upload_enable = YES; ascii_download_enable = YES. By default, the server will pretend to accept requests in asc ii mode but ignore such requests, enabling these two options enables the server to implement transmission in asc ii mode.

(3) User connection and timeout options

Idle_session_timeout = 600. You can set the default idle time-out period. If you do not wait for this period, the server will be kicked out.

Data_connection_timeout = 120, set the default data connection timeout time.

(4) server logs and welcome information

Dirmessage_enable = YES, which allows you to display information for directory configuration and the content of the message_file file under each directory.

Ftpd_banner = Welcome to blah FTP service. You can customize the Welcome information that FTP users can see when they log on to the server.

Xferlog_enable = YES, enabling the function of recording upload/Download activity logs.

Xferlog_file =/var/log/vsftpd. log. You can customize the log file storage path and file name. The default value is/var/log/vsftpd. log.

6. Create a virtual user

(1) install necessary software

Rpm-ivh db4-4.7.25-16.el6.i686

Rpm-ivh db4-utils-4.7.25-16.el6.i686

(2) create a user database

1. Create a temporary file and edit the file

Touch/etc/vsftpd/ftp_db_users

Vim/etc/vsftpd/ftp_db_users (the file content is as follows: two accounts are created)

Ftpuser1 user 1

Ftp user 1 Password

Ftpuser2 user 2

Ftp user 2 Password

2. Use the db_load command to generate the account file required for pam_userdb Authentication

Db_load-T-t hash-f/etc/vsftpd/ftp_db.users/etc/vsftpd. login. db

3. Configure PAM Information

Create a folder named vsftpd. pam in the/etc/pam. d/directory. The file content is as follows:

Auth required pam_userdb.so db =/etc/vsftpd. login

Account required pam_userdb.so db =/etc/vsftpd. login

4. configure a vsftpd account

The vsfptd service is always started with a specified configuration file, so we create a new file/etc/vsftpd. virtual. conf with the following content:

Listen = YES

Listen_port = 21

Anonymous_enable = NO

Local_enable = YES

Chroot_local_user = YES

Guest_enable = YES

Guest_username = ftp

Max_clients = 10

Max_per_ip = 10

Pam_service_name = vsftpd. pam

User_sub_token = $ USER

Local_root =/var/ftp/virtual/$ USER; specifies the configuration directory for each virtual USER account

Local_root =/var/ftp

Xferlog_enable = YES

Xferlog_file =/var/log/vsftp. log

Xferlog_std_format = YES

5. Create a virtual user directory

According to the preceding prompts, the home directories of ftpuser1 and ftpuser2 are:

/Var/ftp/virtual/ftpuser1 and/var/ftp/virtual/ftpuser2 create these two directories before starting the service.

Mkdir/var/ftp // virtual/ftpuser1-p

Mkdir/var/ftp // virtual/ftpuser2-p

Chown ftp. ftp/var/ftp/virtual/ftpuser1

Chown ftp. ftp/var/ftp/virtual/ftpuser2

6. Start the service according to the configuration file

Service vsftpd stop

/Usr/sbin/vsftpd/etc/vsftpd. virtual. conf

7. Test Virtual permissions with a virtual user

Ftp-u ftpuser1 192.168.1.114

VII. FTP client configuration and access

(1) access in Windows

C: \> ftp 192.168.1.114

Connect to 192.168.1.114.

220 (vsFTPd 2.2.2)

User (192.168.1.114 :( none): ftpuser1

331 Please specify the password.

Password:

230 Login successful.

Ftp>

(2) Access in Linux

[Root @ localhost/] # ftp

Ftp> open 192.168.1.114

Connected to 192.168.1.114 (192.168.1.114 ).

220 (vsFTPd 2.2.2)

Name (192.168.1.114: sunmaosheng): ftpuser2

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>