VSFTPD is very secure FTP daemon (very secure FTP daemon)
21-Port Control connection
20-Port Data connection
After installing VSFTPD on Linux
Both the default anonymous user and local user can log on
Anonymous user Login to/var/ftp, cannot upload and download
Local user Login to local user's home directory, can upload and download
Linux Client (192.168.2.2)
-------RHEL5.9 (Vmnet1)--------(VMNET1)
192.168.2.1 Win7 Client (192.168.2.3)
Lab Requirement 1:
Configure FTP services that can be uploaded anonymously
VSFTPD Configuration
1. Check if the package is installed
#rpm-Q VSFTPD
2. Install the Package
#cd/misc/cd/server
#rpm-IVH vsftpd.2.0.5-28.e15x86_64.rpm
3. Modify the master configuration file
#vi/etc/vsftpd/vsftpd.conf
...
Anon_upload_enables=yes
...
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
...
: Wq
4. Set permissions for the folder to be uploaded anonymously
#setfacl-M u:ftp:rwx/var/ftp/pub
#getfacl/var/ftp/pub
4. Start the service
#service vsftpd Restart
#chkconfig vsftpd on
5. Client-side testing (Win7)
Explorer Access://192.168.2.1
command-line access to the FTP 192.168.2.1
Test with FileZilla Client
Restore the experimental environment
#vi/etc/vsftpd/vsftpd.conf
...
#27 Anon_upload_enables=yes
...
#31 Anon_mkdir_write_enable=yes
#32 Anon_other_write_enable=yes
...
: Wq
Lab Requirement 2:
Configure Local users to access the FTP service, denying anonymous user access
Verify the black and white list and restore the environment after verification is complete
1, package installation, a little ...
2. Add user, set password
#useradd Mike.
#useradd Kaka
#useradd Lily
#echo "123456" | passwd--stdin Mike
#echo "123456" | passwd--stdin Kaka
#echo "123456" | passwd--stdin Lily
3. Modify the master configuration
#vi/etc/vsftpd/vsftpd.conf
...
12anonymous_enable=no #拒绝匿名用户登录
...
: Wq
4. Set blacklist
#vi/etc/vsftpd/ftpusers #测试黑名单文件的黑名单, no need to restart service
Lily
: Wq
5. Verify black and white list file blacklist
#vi/etc/vsftpd/user_list #测试黑白名单文件的黑名单, the client cannot log on and does not need to restart the service
Kaka
: Wq
6. Verify white list of black and white list files
#vi/etc/vsftpd/vsftpd.conf
Userlist_deny=no #在文档中添加这一行, only allow users inside the user_list to access
: Wq
7. Restart Service
#service vsftpd Restart
8. Client Testing (WIN7)
Win7doc Command-line test
FTP 192.168.2.1
9, the experimental environment to restore, a little ...
Questions:
The system has lily, Mike, Kaka users, please close the following situations, who can log in FTP. (Rejection is greater than all, refusal takes precedence)
#grep lily/etc/vsftdp/ftpusers
Lily
#grep mike/etc/vsftpd/user_list
Mike
#grep userlist_deny/etc/vsftpd/vsftpd.conf
Userlist_deny=no
Lab Requirement 3:
Imprison ordinary users in their own home directory
Change the anonymous user's site to/data/anon_pub
Change the local user's site to/data/local_pub
Set Anonymous user download rate 50kb/s, local user 100b/s
Up to 20 concurrent, up to 2 concurrent per IP address
1. Package Installation
Process a little ...
2. Modify the master configuration file
#vi/etc/vsftpd/vsftpd.conf
...
121chroot_local_user=yes #增加此行即可禁锢普通用户在自已的主目录里面
122anon_root=/data/anon_pub #更改匿名用户根目录
123local_root=/data/local_pub #更改本地用户根目录
124anon_max_rate=50000
125local_max_rate=100000
126max__clients=20
127max_per_ip=2
...
: Wq
#mkdir-P/data{anon_pub,local_pub}
#touch/data/anon_pub/anon_file1
#touch/data/local_pub/local_file1
#dd If=/dev/zero of=/data/anon_pub/anon_db bs=10m count=200
#dd If=/dev/zero of=/data/local_pub/local_db bs=10m count=200
3. Restart the service
#service vsftpd Restart
4. Client Testing
#wget ftp://192.168.2.1/anon_db #在linux下, test the download rate of anonymous users with wget download file
#wget ftp://kaka:[email protected]/local_db #在linux下, test normal user download rate with wget download file
FileZilla Client Test #测试下载速率
Win7doc (Command-line test) #测试禁锢普通用户的主目录和本地用户的站点
5, the experiment restores, slightly ...
Lab Requirement 4:
Build an FTP that is only allowed to be uploaded? Deny anonymous user login?
1, install the package, a little ...
2. Modify the master configuration file
#vi/etc/vsftpd/vsftpd.conf
...
12anonymous_enable=no #拒统匿名用户登陆
22local_umask=777 #让上传的文件没有权限导致不能下载
...
: Wq
3. Restart Service
#service vsftpd Restart
5. Client Testing
ftp://192.168.2.1 #Win7下, open the Explorer
Common commands for FTP under Win7 and Linux command lines
FTP 192.168.2.1
FTP #输入用户名
Ftp>? #敲问, get more orders, show them.
FTP>LCD #切换到本地文件夹
Ftp>!dir #查看当前的文件夹的内容
Ftp>put #上传文件
Ftp>get #下载文件
Hope to communicate with the technology can be contacted by the following ways to me:
My OPS group: 517751492
My qq:1934844044.
This article is from the "Technology sharing" blog, so be sure to keep this source http://wsyht2015.blog.51cto.com/9014030/1717060
FTP file server upload download case