1.ftp for plaintext transmission2. The client and the server use two links to carry out command and data transmission separately. The mode of data transmission is divided into active link and passive link. 3. When the client needs the data, it tells the server to take the active or passive link. 4. If it is an active link, the client initiates a data receive port on its own host, tells the server through the control port, and waits for the server to actively link the port and transmit the data. 5. Active chaining means that if the client hides behind a NAT host, it will cause the server to link to the port. The use of passive links, the need for FTP server software support, the client tells the server to use passive mode to transmit data, the server started a data listening port, the port to inform the client, and wait for the client to connect. the identity of the 6.ftp lander can be divided into three types. 1. Entity users: The FTP service does not have any restrictions on entity users by default, so entity users can take any permission action on the entire file system (Linux system users). 2. Visitor Identity: Users of this identity can only operate within the specified user space. You can restrict permissions. 3. Anonymous identity: To make a number of restrictions, such as limiting the maximum number of visits. cent OS VSFTPD installation run: 0. Installation: Yum install vsftpd1. Turn off the firewall: service iptables stop2. Close Selinux:setenforce 03. Establish the FTP entity user useradd-d/home/ftpdir ftpuser;passwd ftpuser 123456; (to have a user home directory)4. Default configuration start: Service vsftpd start Main configuration resolution: 1.anonymous_enable=no whether to allow anonymous login 2.local_enable=yes whether to allow local users (added entity user login) 3. User Directory Chroot settings:A.chroot_local_user=yesB.chroot_list_enable=yesc.chroot_list_file=/etc/vsftpd/chroot_listwhen a is not set, the user in the/etc/vsftpd/chroot_list file will be chroot. When a is set, the result is reversed.
4. User access Rights settingsA.userlist_enable=yesB.userlist_deny=noc.userlist_file=/etc/vsftpd/user_listwhen three files are written, userlist restricts access to work. When B is yes, the user in/etc/vsftpd/user_list cannot access FTP, and when B is no, only the user within the User_list can access the FTP. vsftpd access permission settings in 5.PAM permissions:in file/etc/pam.d/vsftpd, auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=su Cceed indicates that the user configured in the Ftpusers file cannot log on. You can use the man 5 vsftpd.conf command to view vsftpd.conf to see all the configuration and default values.
FTP principle and cent OS vsftpd erection