FTP Service setup in Linux--1. Anonymous and Permissions

Lab Environment: Install the Configuration FTP service in redhat6.5 and use a win7 system to access authentication.

Theory:

FTP connection mode
Two connection modes are supported: Active mode (Port) and passive mode (PASV), both of which are for the data link, regardless of the control link.

• Active Mode working process:

  1. The client establishes a control link from one of its own ports (N > 1024) and 21 ports on the FTP server
  2. The client then issues a port instruction to tell the server to connect its own n+1 port to establish a data channel
  3. When the FTP server receives this instruction, it uses 20 port to connect the user to the port number specified in the port instruction n+1 to send the data

• Passive mode working process:

  1. The client establishes a control link from one of its own ports (N > 1024) and 21 ports on the FTP server
  2. The client then sends a PASV instruction that tells the server to connect to a port on the server itself.
  3. If the port on the server is idle, the server returns a confirmation message and the data transfer channel is established, but if the port on the server is used by another resource, then the server returns the unacknowledged information, then this is the client sends the PASV command again.

  Operating Environment

  1 Operating system: Redhat 6.5

  IP Address: 192.168.10.128

  Host Name: zred

  2 Operating system: Win 7

  IP Address: 192.168.10.10

  Verify that two hosts are interconnected.

  Steps

  requirement : Build an FTP server in Linux to store files, create an FTP user: MoD, home directory is:/home/mod, set the user not allowed to log on to the server, and need to restrict the user from leaving their home directory.

  First, we need the VSFTP package, which shows that the VSFTP software is installed, if it is not shown, the VSFTPD software needs to be installed.

  [Email protected] vuser]# rpm-q vsftpd
  

  
  

  If not, install through the Yarm source

  Second, after the installation is complete, we go to the FTP root directory, which is configured by default in the/etc/vsftpd/file.

  /ETC/VSFTPD/VSFTPD.CONF:VSFTPD's core configuration file
  /etc/vsftpd/ftpusers: Used to specify which users cannot access the FTP server. Blacklist
  /etc/vsftpd/user_list: Specifies the user list file that is allowed to use VSFTPD. White List

  /etc/vsftpd/chroot_list: Specifies the user list file that is allowed to use VSFTPD. directory under the control list can not leave the FTP root directory,

  which

  the specific configuration of the vsftpd.conf is as follows:

  #----Anonymous user settings----anonymous_enable=no #禁止匿名用户登录 #----Local User settings----Local_enable=yes #允许本地用户登录ftp服务器 Write_enable=yes # Allows the user to perform write operations to the server local_umask=022 #设置服务器上本地用户创建文件的权限掩码

   ----welcome settings----Dirmessage_enable=yes #启用目录提示消息 #----log file Settings----Xferlog_ Enable=yes #启用日志文件功能, recorded in/var/log/xferlog xferlog_std_format=yes #启用标准的日志格式 #----FTP working mode and port settings----Connect_from_port_ 20=yes #主动模式下, whether to enable the default 20 port for data transfer #----connection-related settings----listen=no             #vsftpd不是以独立的服务运行, To be regulated by the XINETD service, the functionality will be limited Listen_ipv6=yes #----Control whether users are allowed to switch to the parent directory----Chroot_list_enable=yes         # Turn on the ability to restrict users in the home directory Chroot_list_file=/etc/vsftpd/chroot_list #在chroot_list文件中加入你要限制的用户名, one user #----virtual user settings----PAM_ SERVICE_NAME=VSFTPD       #虚拟用户使用PAM认证方式 #----Control user access (implemented via Vsftpd.user_list and ftpusers files)----userlist_ Enable=yes #是否启用userlist_file文件 userlist_file=/etc/vsftpd/user_list #允许user_list文件中加入的用户访问ftp服务器 #----Control Host access---- Tcp_wrappers=yes #vsftpd服务器检查 the settings in/etc/hosts.allow and/etc/hosts.deny to determine whether the host requesting the connection is allowed access to the FTP server #----Other settings----allow_ Writeable_chroot=yes #去除用户主目录的写权限 
    

  Third, create the MoD user and set the password.

  [[email protected] vsftpd]# useradd-d/home/mod-m MoD
  [[email protected] vsftpd]# passwd MoD
  

  
  

  Four. Turn on the service.

  shut down the firewall: [[email protected] vsftpd]# service iptables stop

  
  

  Start the FTP server: [[email protected] ~]# service vsftpd restart

  
  

  Empower to assign the FTP-specified root directory to 777 permissions:

  [Email protected] ~]# chmod 777/var/ftp/pub/
  [Email protected] ~]# ls-lh/var/ftp

  
  

  
  

  Check SELinux status and close

  /usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned on

  # Sentenforce 0 # #关闭它

  run cmd in the Win7 system and enter the FTP "Linux host IP" for access.

• 
  

  If you want anonymous users to have permission to add and delete files, you need to modify the main configuration file:

  Remove the # before the anon.

  
  

  Add a row below the mkdir.

  
  

  Restart the service so that the anonymous user has the most permissions.

  The next article then describes how to use local Users and various security policies.

  
  

FTP Service setup in Linux--1. Anonymous and Permissions