Five steps to configure the ftp service in RHEL4

Ftp is essential for every operating system, and RHEL4 is no exception. configuring the ftp service in RHEL4 is a complicated process. The following describes the process in five steps:

1. Configure the basic ftp service in RHEL4
The ftp service provided by RHEL4 is vsftp, that is, very secure ftp. The ftp configuration file is/etc/vsftpd. conf.
Chkconfig -- list vsftpd shows that the ftp service is automatically started with the system at run level 5.
Service vsftpd start/stop/restart can start, stop, and restart the ftp service.

Make the following settings in the configuration file:
Anonymous_enable = YES allows anonymous users to log on
Anon_upload_enable = YES allows anonymous users to upload files. This option is valid on the premise that write_enable = YES
Anon_mkdir_write_enable = YES allows anonymous users to create new directories
Anon_root =/ftpbase/public specify the root directory of Anonymous Users
Anon_other_write_enable = YES allows anonymous users to delete files
Local_enable = YES allow local users to log on
Chroot_local_user = YES Local User restrictions on Home Directories
Local_umask = 002 umask value of the new file added by the local user. 002 is obtained because the common users to be added below belong to the ftp group. In order to allow these users to fully control the files under the ftpbase directory
Anon_umask = 002 umask value for newly added files by anonymous users

Add a user to the System
Useradd-g ftp-d/ftpbase-c "Ftp user 1" ftpuser1
Useradd-g ftp-d/ftpbase-c "Ftp user 2" ftpuser2
Set the password for ftpuser1 and ftpuser2
Passwd ftpuser1
Passwd ftpuser1

Create directory
Mkdir/ftpbase
Mkdir/ftpbase/public
Chown-R ftp: ftp/ftpbase
Chown-R ftp: ftp/ftpbase/public
Service vsftpd restart the service, and then you can connect to the ftp server on RHEL4.

Ii. Problems Related to RHEL4 configuring ftp Service Permissions
With the above settings, there are still issues related to permissions that have not been resolved.
Here, the x permission indicates that the directory is accessible.
By default, anonymous users log on to ftp and use the ftp system user name. After the permission of the public directory is set to 755, anonymous users always fail to log on and report "500 OOPS: vsftpd: refusing to run with writable anonymous root ", this information indicates that anonymous users cannot have the write permission on the root directory, that is, as long as the public directory has the u + w permission, this error will be reported, therefore, the u permission of the public directory cannot contain w. It has been tested that anonymous users can see and download files under this directory, but the minimum permission for non-deletion is 504. It is a bit strange that it is not 500, that is, why the other user must have the r permission to ensure that the anonymous user can see the content under public. The permission of the public directory is set to 575, so that ordinary users in the ftp group can control this directory.
Create the sub-directory upload under public, and set the upload directory permission to 775, so that normal and anonymous users have all the file control permissions under upload.

3. Configure the PASV mode and firewall of the ftp service in RHEL4
In the dos console, there is no problem connecting to the ftp on RHEL4 using the FTP Command provided by windows. You cannot connect to the ftp using CuteFtp, then it is found that the CuteFtp client uses PASV mode in global settings to connect to the ftp server, and changed to PORT mode to connect normally.
To use PASV mode, add pasv_enable = YES to/etc/vsftpd. conf and restart vsftpd. However, the client still cannot connect to the server in PASV mode. In PASV mode, not only does the client need to connect to the server's control port 21 by default), but also needs to connect to the data port through the data port number returned by the server, in this way, the RHEL4 firewall must allow the client to access the data port provided by the server.

Add two lines in/etc/vsftpd. conf, and limit the data connection port to 55000 ~ 56000
Pasv_min_port = 55000
Pasvanderbilt max_port = 56000
Add a line in/etc/sysconfig/iptables to allow the client ~ Access through port 56000
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 55000: 56000-j ACCEP
Restart the iptables and vsftpd services.

In addition, the ftp tool provided by windows does not support PASV mode, and there is no PASV option for connection. After using the ls or other commands, the system prompts "200 PORT command successful. consider using PASV. ", the quote pasv command server will return the" 227 Entering Passive Mode (,) "prompt, but in fact the client has changed the connection to PASV Mode, after using the ls command, a prompt is returned.

4. RHEL4 Configure ftp service to prohibit users dedicated to ftp from remotely logging on to the Operating System
The newly added ftpuser1 and ftpuser2 are designed for ftp login. Remote logon using telnet and ssh is prohibited. In the/etc/passwd file
Ftpuser1: x: 501: 50: FTP User 1 for test:/ftpbase:/bin/bash
Ftpuser2: x: 502: 50: FTP User 2 for test:/ftpbase:/bin/bash
Change
Ftpuser1: x: 501: 50: FTP User 1 for test:/ftpbase:/sbin/nologin
Ftpuser2: x: 502: 50: FTP User 2 for test:/ftpbase:/sbin/nologin

5. Questions about how to configure the ftp service in RHEL4
After ftp is used normally, several Chinese files are uploaded through the client. However, after logon using the telnet or ssh tool, Chinese characters are garbled and many are displayed as question marks (?). It is okay to display Chinese characters after local logon.
RHEL4 the default encoding method is UTF-8, and the first behavior in/etc/sysconfig/i18n is LANG = "zh_CN.UTF-8 ", change this line to LANG = "zh_CN" and then restart the machine. It must be noted that the relevant settings in the Client Connection Tool must also be changed. Taking SecureCRT as an example, Session Option-> Terminal-> Appearance-> Character must be set to default or none, if it is a UTF-8, it will still show garbled. You can also change it to LANG = "zh_CN.18030.

The preceding five steps for configuring the ftp service in RHEL4 are described in detail. I have solved almost all the problems encountered in configuring the ftp service in RHEL4, we hope to help you complete RHEL4 configuration of the ftp service.

1. Set ORACLE11g to complete RHEL kernel upgrade with RHEL in three steps
2. RHEL easily master RHEL 4 kernel Compilation
3. RHEL helps you easily install and debug RHEL Squid
4. Problem Analysis: Using RHEL to complete the five-step RHEL5 Squid configuration process
5. Detailed analysis of RHEL 5 firewall settings