Linux FTP Service
Active Mode Port : The server actively initiates a data connection. The client establishes an FTP data connection to the server port . The server sends data from port to client random port.
Passive Mode PASV : The server is passively waiting for a data connection. Passive mode is used if the client firewall prohibits active mode. The client establishes an FTP data connection to the server port . When data needs to be transferred, the client establishes a data connection to the server's set range of ports (not a ).
Begin:
Shutting down the security system
Setenforce 0
Shutting down the firewall
Service Iptables Stop
1. Install packages
Mount/dev/cdrom/mnt
rpm-ivh/mnt/packages/vsftpd-2.2.2-11.el6.i686.rpm
2. Modifying a configuration file
Vi/etc/vsftpd/vsftpd.conf
(1) Anonymous Access
To modify a configuration file statement:
Allow Anonymous access
Anonymous_enable=yes
Upload file Default mask value
local_umask=022
Allow anonymous users to upload files
Anon_upload_enable=yes
Allow anonymous users to create directories, write permissions
Anon_mkdir_write_enable=yes
Allow anonymous users to delete, overwrite, rename
Anon_other_write_enable=yes
Limit the maximum transfer rate for anonymous users
anon_max_rate=10240
Save, start the service
Service VSFTPD Start
(2) Local User Access
Vi/etc/vsftpd/vsftpd.conf
Local_enable=yes allow local users to access
local_root=/var/ftp Set Login FTP Home Directory
Write_enable=yes enabled vsftpd General Service Switch
local_umask=022 User uploads files / Directory Permission Mask
Chroot_local_user=yes lock local account home directory
Save, Service VSFTPD Reload .
Enter the local user account password directly to log in
user_list User list file
Vi/etc/vsftpd/user_list
Enter a local account name, such as Jack
Vi/etc/vsftpd/vsftpd.conf
Userlist_enable=yes Enable user list file
userlist _deny=no white list, only user_list to access the user in the FTP
userlist _deny=yes blacklist, user_list cannot access the user in the FTP
the system defaults to YES
Modify vsftpd Service listening address, Port
Listen=yes allow independent monitoring
listen_address= Monitoring service on only one interface
listen_port= Switch The listening port to
NETSTAT-ANPT | grep "VSFTPD" Confirm vsftpd Monitoring Situation
Pasv_enable=yes Allow passive connections
pasv_min_port=24500 Specify passive mode lower port
pasv_max_port=24600 Specify passive mode upper port
max_clients=20 Limit concurrent client connections up to - a
max_per_ip=2 each IP Maximum number of connections 2 a
anan_max_rate=50000 limiting the rate of anonymous user transfers 50kb/s
local_max_rate=200000 limiting the rate of anonymous user transfers 200kb/s
(3) Virtual user Access FTP
Mount first, install the package
Mount/dev/cdrom/mnt
rpm-ivh/mnt/packages/db4-utils-4.7.25-17.el6.i686.rpm
Create text Format user name password list
vi/etc/vsftpd/vusers Create a named vusers file
t01 set up your account
ABC Password
t02
Abc
Create a database file
cd/etc/vsftpd/
Convert a text file into a database file
Db_load-t-T hash-f vusers vusers.db
Change user account file permissions
chmod 600/etc/vsftpd/vusers
chmod 600/etc/vsftpd/vusers.db
Add a Virtual User mapping account
useradd-d/var/ftproot-s/sbin/nologin vusers User name vusers
Create for virtual users PAM Certification Documents
Vi/etc/pam.d/vsftpd.vu
Auth Required pam_userdb.so Db=/etc/vsftpd/vusers
Account Required Pam_userdb.so Db=/etc/vsftpd/vusers
Modify vsftpd File Configuration
Local_enable=yes
Write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Guest_enable=yes
Guest_username=vusers
Pam_service_name=vsftpd.vu
#pam_service_name =vsftpd
Save, restart vsftpd Service
you can then use t01 Login, Password ABC
Create separate profiles for different virtual users
Vi/etc/vsftpd/vsftpd.conf
User_config_dir=/etc/vsftpd/vusers_dir
Save
Mkdir/etc/vsftpd/vusers_dir
Cd/etc/vsftpd/vusers_dir
VI t01
local_root=/var/t01 Set the login home directory
Anon_upload_enable=yes allow uploading of files
Anon_mkdir_write_enable=yes Allow Write permission
Save, restart Service
mkdir/var/t01
This time with t01 when you log in, you will be logged in /var/t01 in
VI t02
local_root=/var/t02
Save, restart Service
mkdir/var/t02
with t02 when you log in, you will be logged in /var/t02 in
This article is from the "Ne Road" blog, please be sure to keep this source http://332162926.blog.51cto.com/8831013/1531024