FTP file server upload download case

VSFTPD is very secure FTP daemon (very secure FTP daemon)

21-Port Control connection

20-Port Data connection

After installing VSFTPD on Linux

Both the default anonymous user and local user can log on

Anonymous user Login to/var/ftp, cannot upload and download

Local user Login to local user's home directory, can upload and download

Linux Client (192.168.2.2)

-------RHEL5.9 (Vmnet1)--------(VMNET1)

192.168.2.1 Win7 Client (192.168.2.3)

Lab Requirement 1:

Configure FTP services that can be uploaded anonymously

VSFTPD Configuration

1. Check if the package is installed

#rpm-Q VSFTPD

2. Install the Package

#cd/misc/cd/server

#rpm-IVH vsftpd.2.0.5-28.e15x86_64.rpm

3. Modify the master configuration file

#vi/etc/vsftpd/vsftpd.conf

...

Anon_upload_enables=yes

...

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

...

: Wq

4. Set permissions for the folder to be uploaded anonymously

#setfacl-M u:ftp:rwx/var/ftp/pub

#getfacl/var/ftp/pub

4. Start the service

#service vsftpd Restart

#chkconfig vsftpd on

5. Client-side testing (Win7)

Explorer Access://192.168.2.1

command-line access to the FTP 192.168.2.1

Test with FileZilla Client

Restore the experimental environment

#vi/etc/vsftpd/vsftpd.conf

...

#27 Anon_upload_enables=yes

...

#31 Anon_mkdir_write_enable=yes

#32 Anon_other_write_enable=yes

...

: Wq

Lab Requirement 2:

Configure Local users to access the FTP service, denying anonymous user access

Verify the black and white list and restore the environment after verification is complete

1, package installation, a little ...

2. Add user, set password

#useradd Mike.

#useradd Kaka

#useradd Lily

#echo "123456" | passwd--stdin Mike

#echo "123456" | passwd--stdin Kaka

#echo "123456" | passwd--stdin Lily

3. Modify the master configuration

#vi/etc/vsftpd/vsftpd.conf

...

12anonymous_enable=no #拒绝匿名用户登录

...

: Wq

4. Set blacklist

#vi/etc/vsftpd/ftpusers #测试黑名单文件的黑名单, no need to restart service

Lily

: Wq

5. Verify black and white list file blacklist

#vi/etc/vsftpd/user_list #测试黑白名单文件的黑名单, the client cannot log on and does not need to restart the service

Kaka

: Wq

6. Verify white list of black and white list files

#vi/etc/vsftpd/vsftpd.conf

Userlist_deny=no #在文档中添加这一行, only allow users inside the user_list to access

: Wq

7. Restart Service

#service vsftpd Restart

8. Client Testing (WIN7)

Win7doc Command-line test

FTP 192.168.2.1

9, the experimental environment to restore, a little ...

Questions:

The system has lily, Mike, Kaka users, please close the following situations, who can log in FTP. (Rejection is greater than all, refusal takes precedence)

#grep lily/etc/vsftdp/ftpusers

Lily

#grep mike/etc/vsftpd/user_list

Mike

#grep userlist_deny/etc/vsftpd/vsftpd.conf

Userlist_deny=no

Lab Requirement 3:

Imprison ordinary users in their own home directory

Change the anonymous user's site to/data/anon_pub

Change the local user's site to/data/local_pub

Set Anonymous user download rate 50kb/s, local user 100b/s

Up to 20 concurrent, up to 2 concurrent per IP address

1. Package Installation

Process a little ...

2. Modify the master configuration file

#vi/etc/vsftpd/vsftpd.conf

...

121chroot_local_user=yes #增加此行即可禁锢普通用户在自已的主目录里面

122anon_root=/data/anon_pub #更改匿名用户根目录

123local_root=/data/local_pub #更改本地用户根目录

124anon_max_rate=50000

125local_max_rate=100000

126max__clients=20

127max_per_ip=2

...

: Wq

#mkdir-P/data{anon_pub,local_pub}

#touch/data/anon_pub/anon_file1

#touch/data/local_pub/local_file1

#dd If=/dev/zero of=/data/anon_pub/anon_db bs=10m count=200

#dd If=/dev/zero of=/data/local_pub/local_db bs=10m count=200

3. Restart the service

#service vsftpd Restart

4. Client Testing

#wget ftp://192.168.2.1/anon_db #在linux下, test the download rate of anonymous users with wget download file

#wget ftp://kaka:[email protected]/local_db #在linux下, test normal user download rate with wget download file

FileZilla Client Test #测试下载速率

Win7doc (Command-line test) #测试禁锢普通用户的主目录和本地用户的站点

5, the experiment restores, slightly ...

Lab Requirement 4:

Build an FTP that is only allowed to be uploaded? Deny anonymous user login?

1, install the package, a little ...

2. Modify the master configuration file

#vi/etc/vsftpd/vsftpd.conf

...

12anonymous_enable=no #拒统匿名用户登陆

22local_umask=777 #让上传的文件没有权限导致不能下载

...

: Wq

3. Restart Service

#service vsftpd Restart

5. Client Testing

ftp://192.168.2.1 #Win7下, open the Explorer

Common commands for FTP under Win7 and Linux command lines

FTP 192.168.2.1

FTP #输入用户名

Ftp>? #敲问, get more orders, show them.

FTP>LCD #切换到本地文件夹

Ftp>!dir #查看当前的文件夹的内容

Ftp>put #上传文件

Ftp>get #下载文件

Hope to communicate with the technology can be contacted by the following ways to me:

My OPS group: 517751492

My qq:1934844044.

This article is from the "Technology sharing" blog, so be sure to keep this source http://wsyht2015.blog.51cto.com/9014030/1717060

FTP file server upload download case