Recently, the company has an internal competition (hackathon), enrolled in such a tournament, while preparing the entries (the participating servers need to build their own), taking this opportunity, decided to put the knowledge of the Tomcat deployment from 0 to 1 to re-brush again. I'll be the memo.
The FTP server (file Transfer Protocol server) is a computer that provides files storage and access services on the Internet, and they provide services in accordance with the FTP protocol. The FTP is the file Transfer Protocol (Files Transfer Protocol). As the name implies, is the protocol dedicated to transferring files. Simply put, a server that supports the FTP protocol is an FTP server.
This article applies the scope WIN10 system to connect the virtual machine Contos, the blogger uses the FileZilla connection Contos. If other means are for reference only.
vInstall VSFTPD? Check and install
Confirm Virtual Machine Network connection mode
As far as possible virtual machine and physical machine in the same IP segment, the body machine: 192.168.122.1 virtual machine: 192.168.122.9
Ensure that the IP of the physical machine and the virtual machine can ping each other
First check if you have VSFTPD installed
rpm -q vsftpd
If it is not installed, if it is installed, display for example vsftpd-3.0.2-10.el7.x86_64
Install VSFTPD if not installed
yum install -y vsftpd
For example, root privileges are required
su root
Then enter the password, for example, set root permissions to succeed
Then proceed with the installationyum install -y vsftpd
Installation completed, such as.
To view the directory that is installedwhereis vsftpd
The VSFTPD directory is:/usr/sbin/vsftpd/etc/vsftpd/usr/share/man/man8/vsftpd.8.gz
View the status of the VSFTPD servicesystemctl status vsftpd.service
Open VSFTPD Servicesystemctl start vsftpd.service
Check the status of the VSFTPD service after opening
Set the VSFTPD service to startsystemctl enable vsftpd.service
vFirewall settings
Firewall Add FTP Service
systemctl enable firewalld
systemctl restart firewalld
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload
firewall-cmd --reload
Set SELinux
getsebool -a | grep ftp
setsebool -P ftpd_full_access on
View Settingsvi /etc/selinux/config
Set upSELINUX=disabled
vConfigure vsftpd.conf
Backup before configurationcp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak
Configuration vsftpd.conf file vim /etc/vsftpd/vsftpd.conf
recommended vim way, vi configuration file comments and entities are not color-coded, will look at preoccupied.
# Example config file/etc/vsftpd/vsftpd.conf## the default compiled in Settings is fairly paranoid. This is sample file# loosens things up a bit, to make the ftp daemon more usable.# please see vsftpd.conf.5 for all compiled In defaults.## read This:this example file was not a exhaustive list of vsftpd options.# please read the vsftpd.conf.5 ma Nual page to get a full idea of vsftpd ' s# capabilities.## allow anonymous FTP? (beware-allowed by default if you comment this out). anonymous_enable=yes## Uncomment . # when SELinux are enforcing check for SE bool ftp_home_dirlocal_enable=yes## Uncomment this to enable any form of FTP WRI Te command.write_enable=yes## Default umask for Local Users is 077. wish to 022,# if your users expect that (022 are used by the most other ftpd ' s) local_umask=022## Uncomme NT the anonymous FTP user to upload files. This only# have an effect if the above global write enable is activated. Also, you WIll# obviously need to create a directory writable by the FTP user.# when SELinux are enforcing check for SE bool ALLOW_FTPD _anon_write, allow_ftpd_full_access#anon_upload_enable=yes## Uncomment this if you want the anonymous FTP user to be able To create# new directories. #anon_mkdir_write_enable =yes## Activate directory messages-messages given to remote users whe n they# go into a certain directory.dirmessage_enable=yes## Activate logging of uploads/downloads.xferlog_enable=yes## Ma ke sure port transfer connections originate from port (ftp-data). connect_from_port_20=yes## If you want, can Arrang E for uploaded anonymous files to be owned by# a different user. note! Using "root" for uploaded files are not# recommended! #chown_uploads =yes#chown_username=whoever## you override where the Log file goes if you like. The default is shown# below. #xferlog_file =/var/log/xferlog## If You want, can has your log file in standard ftpd Xfer Log format.# Note that the default log file Location Is/var/log/xferlog in this case.xferlog_std_format=yes## to change the default value for timing out an idle ses Sion. #idle_session_timeout =600## The default value for timing out a data connection. #data_connection_timeou t=120## It is recommended so define on your system a unique user which the# FTP server can use as a totally isolated and unprivileged user. #nopriv_user =ftpsecure## Enable This and the server would recognise asynchronous ABOR requests. not# Recommended for security (the code is non-trivial). Not enabling it,# However, could confuse older FTP clients. #async_abor_enable =yes## By default the server would pretend to Al Low ASCII mode and in fact ignore# the request. Turn on the below options to has the server actually do ascii# mangling on files while in ASCII mode.# beware, on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "Size/big/file" in ASCII mode. Vsftpd# predicted this attack and have always beenSafe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable =yes# ascii_download_enable=yes## fully customise the login banner string: #ftpd_banner =welcome to blah FTP service.## Yo U may specify a file of disallowed anonymous e-mail addresses. apparently# useful for combatting certain DoS attacks. #deny_email_enable =yes# (default follows) #banned_email_file =/ETC /vsftpd/banned_emails## Specify an explicit list of the Local users to Chroot () to their home# directory. If Chroot_local_user is YES and then the this list becomes a list of# users to not Chroot (). # (warning! chroot ' ing can very da Ngerous. If using chroot, make sure that# the user does not having write access to the top level directory within the# chroot) #chroot _local_user=yes#chroot_list_enable=yes# (default follows) #chroot_list_file =/etc/vsftpd/chroot_list## Activate the "-r" option to the builtin LS. This is disabled by# default to avoid remote users being ABLe to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-r" option, so there is a stron G Case for enabling it. #ls_recurse_enable =yes## when "Listen" directive are enabled, VSFTPD runs in standalone mode and# Li Stens on IPV4 sockets. This directive cannot is used in conjunction# with the Listen_ipv6 directive.listen=no## this directive enables listening On IPV6 sockets. By default, listening# in the IPv6 "any" address (::) would accept connections from both ipv6# and IPV4 clients. It is not necessary to listen on *both* IPv4 and ipv6# sockets. If you want this (perhaps because you want to listen on specific# addresses) then you must run and copies of VSFTPD with T Wo configuration# files.# Make sure, which one of the listen options is commented!! Listen_ipv6=yespam_service_name=vsftpduserlist_enable=yestcp_wrappers=yes
View Code
Chinese version of (from the network, infringement must be deleted):
# whether to allow anonymous logons to the FTP server, the default setting is yes allow # users can use the user name FTP or anonymous FTP login, password for the user's e-mail address. # If anonymous access is not allowed, set to noanonymous_enable=yes# whether to allow local users (that is, user accounts in the Linux system) to log on to the FTP server, the default setting is YES to allow # Local users to log in to the user home directory, While anonymous users log in to the anonymous user's download directory/var/ftp/pub# only allow anonymous user access, preceded by the # comment out to prevent local users to access the FTP server local_enable=yes# whether to allow local users to FTP server files have write permissions, The default setting is YES to allow the Write_enable=yes # mask, the local user default mask is 077# you can set the local user's file mask to default 022, or you can set it to a different value according to your preference #local_umask=022# whether to allow anonymous users to upload files, Must be the global write_enable=yes. The default is yes#anon_upload_enable=yes# whether to allow anonymous users to create new folders #anon_mkdir_write_enable=yes # whether to activate directory welcome info # When the user first accesses a directory on the server in CMD mode, The FTP server will display the welcome message # By default, the welcome information is obtained through the. message file in this directory # This file saves the custom welcome information that is established by the user themselves #dirmessage_enable=yes# whether to let the system automatically maintain the uploaded and downloaded log files # The log file is/var/log/vsftpd.log by default, or it can be set by the following xferlog_file option # default = noxferlog_enable=yes# Make sure PORT transfer Connections originate from port (ftp-data). # Whether to set the FTP server to enable connection requests for FTP data ports # FTP-DATA data transfer, 21 for connection control Port Connect_from_port_20 =yes# set whether the owner of the uploaded file is allowed to change, use with one of the following settings # Note that it is not recommended to use the root user to upload the file #chown_uploads=yes# set the owner of the upload file you want to change, if necessary, enter a system user name # You can change the uploaded files to the root owner. WhoevER: Anyone #chown_username=whoever# set the system maintenance log file for uploading and downloading of FTP server #/var/log/vsftpd.log is the default, you can also set other #xferlog_file=/var/log /vsftpd.log# whether to write the transfer log file in the standard Xferlog format # default is/var/log/xferlog, or you can set it by the xferlog_file option # default = no#xferlog_std_format= yes# The following is an additional configuration, adding the appropriate option will enable the appropriate setting # whether to generate two similar log files # Default in the/var/log/xferlog and/var/log/vsftpd.log directories # The former is the WU_FTPD type of transport log, It can be analyzed using the standard logging tool, which is the vsftpd type of log #dual_log_enable# whether the original output to the/var/log/vsftpd.log log, output to the system log #syslog_enable# Set the data transfer interrupt interval time, which indicates that the idle user session is interrupted for 600 seconds # that is, when the data transfer ends, the user should not connect to the FTP server for more than 600 seconds. The value can be modified according to the actual situation #idle_session_timeout=600# set the data connection timeout time, the statement indicates that the data connection timeout time is 120 seconds, can be modified according to the actual situation #data_connection_timeout= 120# the unprivileged system user required to run VSFTPD, the default is whether nobody#nopriv_user=ftpsecure# recognizes asynchronous Abor requests. # If the FTP client will release the "Async ABOR" command, this setting needs to be enabled # and generally this setting is not secure, so it is usually canceled #async_abor_enable=yes# whether the data is transmitted in ASCII mode. By default, the server ignores ASCII-style requests. # Enabling this option will allow the server to transmit data in ASCII mode # However, this may lead to a Dos attack caused by the "size/big/file" approach #ascii_upload_enable=yes#ascii_download_enable= yes# welcome message displayed when you log on to an FTP server # If necessary, create a file named. Message in the directory where you want to change the directory welcome information and write the welcome message after saving #ftpd_banner=Welcome to blah FTP service.# blacklist settings. If you hate some email address, you can use this setting to cancel his login privileges # Some special email address can be resisted. #deny_email_enable =yes# When the above Deny_email_enable=yes, you can use this setting to specify which mail addresses are not allowed to log on to the VSFTPD server # This file needs to be created by the user, one line an email Address to #banned_email_file=/etc/vsftpd/banned_emails# if a user has permission to access files other than their own directory after they log on to the FTP server # set to Yes when the user is locked in their home directory , VSFTPD will find the Chroot_list file in the location below the Chroot_list_file option value # must mate with the following setup items #chroot_list_enable=yes# the user who is included in this file, After logging in, you will not be able to switch to a directory other than your own directory # which facilitates the security management and privacy protection of FTP servers. This file should be built by itself #chroot_list_file=/etc/vsftpd/chroot_list# whether recursive queries are allowed. The default is off to prevent remote users from causing excessive i/o#ls_recurse_enable=yes# to allow monitoring. # If set to YES, the VSFTPD will run in stand-alone mode, and the connection request from VSFTPD to monitor and process the IPV4 port listen=yes# set whether IPV6 is supported. To listen to both the IPV4 and IPV6 ports, # You must run two sets of vsftpd with two sets of profiles # while ensuring that one of the listening options is commented out #listen_ipv6=yes# set the profile name used by the authentication service provided by the PAM plug-in module, which is/etc/ PAM.D/VSFTPD File # file=/etc/vsftpd/ftpusers field in this file, indicating that the PAM module can withstand the account content from the file/etc/vsftpd/ftpusers #pam_service_name= vsftpd# whether the user in the Ftpusers file is allowed to log on to the FTP server, the default is no# if this is set to YES, the user in the User_list file is allowed to log on to the FTP server # and if Userlist_deny=yes is set at the same time, user_ The user in the list file will not be allowed to log on to the FTP server.Even if the password prompt is not #userlist_enable=yes/no# set whether to drag the user in the User_list file to log on to the FTP server, the default is yes#userlist_deny=yes/no# whether to use Tcp_ Wrappers as the host access control mode. # Tcp_wrappers can implement host address-based access control for network services in Linux systems # Hosts.allow and Hosts.deny two files in the/etc directory are used to set the Tcp_wrappers access control # The former setting allows access to the record, The latter sets the Deny access record. # If you want to restrict anonymous access to FTP server 192.168.57.2 by some hosts, edit the/etc/hosts.allow file, such as adding two lines of command below: # Vsftpd:192.168.57.1:deny and VSFTPD : 192.168.57.9:deny# indicates that the FTP server that restricts IP to 192.168.57.1/192.168.57.9 host access IP is 192.168.57.2 # this time the FTP server can ping, but cannot connect tcp_ Wrappers=yes
View Code
Edit the User_list file to vim /etc/vsftpd/user_list
allow test users to access the default settings in FTP Note UsRistListDebug
.
By default, you can not edit the User_list file.
After you follow the steps, the effect is as follows:
FileZilla as follows:
vPrecautions
- Make sure the firewall
systemctl stop firewalld
is turned off (temporarily off) or systemctl disable firewalld
(no boot start)
- See if Telnet is installed
rpm -qa | grep telnet
- It's best to install Telnet
yum install telnet-server
The meaning of FTP digital code
110 reboot Tag answer. 120 How long is the service available? 125 Data Link port open, ready to transmit. 150 file status OK, open the data connection port. 200 command execution succeeded. 202 command execution failed. 211 System status or system help response. 212 The status of the catalog. The status of the 213 file. 214 message for help. 215 Name System type. 220 new online Services ready. 221 The control connection port of the service is off and can be logged off. 225 data connection is turned on, but no transfer action. 226 The data connection port is closed and the requested file operation succeeds. 227 Enter passive mode. 230 users log in. 250 The requested file operation is complete. 257 Displays the current path name. 331 the user name is correct and a password is required. 332 Login required account information. 350 The requested operation requires a command in the next section. 421 Unable to provide service, close control link. 425 The data link cannot be turned on. 426 Close the connection and terminate the transfer. 450 The requested operation was not performed. 451 Command termination: There is a local error. 452 command not executed: insufficient disk space. 500 format error, command not recognized. 501 parameter syntax error. 502 command execution failed. 503 Command sequence error. The 504 command received an incorrect parameter. 530 not logged in. 532 Storage file requires account login. 550 the requested operation was not performed. 551 The requested command terminates, the type is unknown. 552 the requested file terminates and the storage bit overflows. 553 The requested command is not executed, the name is incorrect.
View Code
Contos Installing the FTP service