First, the experimental needs
(1) |
Installing the VSFTPD service using the RPM package |
(2)
|
Enable anonymous user access, verify access and download only, not upload |
(3) |
Enable anonymous users to upload, download, modify and other full permissions (in real-world situations such as the possibility of a small) |
(4) |
To imprison the logged-in user in their home directory |
(5) |
Implement restricting access to certain users |
(6) |
Implementing Virtual User Access |
(7) |
Implementations have different permissions for different virtual users |
Second, the experimental environment
[Email protected] ~]# cat/etc/issue
CentOS Release 6.5 (Final)
[Email protected] ~]# rpm-qa | grep vsftpd
Vsftpd-2.2.2-13.el6_6.1.x86_64
Third, the experimental steps
[[email protected] ~]# service iptables Stop
Iptables:setting chains to Policy Accept:filter [OK]
iptables:flushing firewall rules: [OK]
iptables:unloading modules: [OK]
[[email protected] ~]# set enforce 0
[Email protected] ~]# yum-y install vsftpd
[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# mv vsftpd.conf Vsftpd.conf_bak
[[email protected] vsftpd]# grep ^[^#]./vsftpd.conf_bak > Vsftpd.conf
[[email protected] vsftpd]# cat vsftpd.conf
Anonymous_enable=yes #开启匿名用户访问 Local_enable=yes #开启本地账户访问 Write_enable=yes #开启写入权限 local_umask=022 #本地用户上传文件的权限是644, folder is 755 ##### #以下配置为服务默认, this experiment does not need to care about ###### Dirmessage_enable=yes Xferlog_enable=yes Connect_from_port_20=yes Xferlog_std_format=yes Listen=yes Pam_service_name=vsftpd Userlist_enable=yes |
(1), to achieve anonymous user access, authentication can only be accessed and downloaded, can not upload
Depending on the default configuration of the VSFTPD configuration file, when VSFTPD is set up, nothing can be accessed by anonymous users and local users.
We access the ftp://192.168.18.131/on the client with a folder
(1), to achieve anonymous user access, authentication can only be accessed and downloaded, can not upload
Depending on the default configuration of the VSFTPD configuration file, when VSFTPD is set up, nothing can be accessed by anonymous users and local users.
We access the ftp://192.168.18.131/on the client with a folder
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/1B/wKiom1SRQ6KzRuFtAAGjj76bRRc853.jpg "title=" Qq20141217160911.png "alt=" Wkiom1srq6kzruftaagjj76brrc853.jpg "/>
Now, let's test the upload and download permissions for anonymous users.
Note: We use the Anonymous account FTP login (no password), to see the current working directory is/, this/not the root directory of the server, but the anonymous user's own home directory, LS View found inside a pub folder
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/1B/wKiom1SRQ-6St3ViAAGnLIIN_aQ344.jpg "title=" B36fe512-da7d-433d-818d-d71cb796e4e3.png "alt=" Wkiom1srq-6st3viaagnliin_aq344.jpg "/>
The home directory is the/VAR/FTP directory on the server:
[Email protected] vsftpd]# ls-al/var/ftp/
Total 12
Drwxr-xr-x. 3 root root 4096 Dec 18 00:01.
Drwxr-xr-x. Root root 4096 Dec 18 00:01.
Drwxr-xr-x. 2 root root 4096 Oct 07:54 pub
[Email protected] vsftpd]#
We verify that anonymous users can download first to create a new file for download in the FTP directory
[[email protected] ftp]# echo "This is Test ftp" > Test.txt
[Email protected] ftp]# ll
Total 8
Drwxr-xr-x. 2 root root 4096 Oct 07:54 pub
-rw-r--r--. 1 root root (DEC) 00:16 test.txt
[Email protected] ftp]#
Back to the CMD console on the client machine
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/1B/wKiom1SRRC7xUhBOAAJHyMaIE-o146.jpg "title=" 4eda0b91-f9cb-4631-86e8-e4550c96617c.png "alt=" Wkiom1srrc7xuhboaajhymaie-o146.jpg "/>
FTP login with Anonymous account, download the Test.txt file, open the C: disk, see the downloaded file
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/57/18/wKioL1SRRQfwM_fSAAJsgQYs870371.jpg "title=" E2eec998-6fd2-4959-a6e6-02adc4fc4275.png "alt=" Wkiol1srrqfwm_fsaajsgqys870371.jpg "/>
Now to verify that the anonymous user can upload the file, we renamed the Test.txt file on the client that was just downloaded to the 11.txt file for upload testing (avoid duplicate names)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/57/1B/wKiom1SRRJGiTxMEAABCwVd6pzQ815.jpg "title=" 03470edf-2658-4866-bfdf-9cd8f2e3b359.png "alt=" Wkiom1srrjgitxmeaabcwvd6pzq815.jpg "/>
The upload was rejected, so we know that anonymous users can only download and not be able to upload.
If it is a system local account, can upload it?
[Email protected] ftp]# Useradd Scott
[Email protected] ftp]# passwd Scott
Back to the client's cmd console, log in with Scott and upload the 11.txt file, uploading successfully.
...
This article is from the "Perfection" blog, please make sure to keep this source http://alipay.blog.51cto.com/7119970/1591124
Deploy VSFTPD under CentOS6.5