RHEL 5.2 vsftp Configuration Full tutorial share 1th/2 page _ftp server

The FTP ftp (file Transfer Protocol, FTP) is a protocol for sending files from one host to the other. The Protocol's history dates back to 1971, when the Internet was still in the middle of an experiment, but so far it has been extremely popular.

FTP is specified in RFC 959. HTTP and FTP are FTP, and they have many common characteristics, such as running on top of TCP. However, there are important differences between the two application layer protocols. The most important difference is that FTP uses two concurrent TCP connections, one is a control connection and one is a data connection. A control connection is used to send control information between a client host and a server host, such as a user name and password, a command to change a remote directory, a command to fetch or put back a file. A data connection is used to actually send a file. During the entire session, the FTP server must maintain the status of the user. Specifically, the server must associate a control connection with a particular user and must track its current directory as the user swims in the remote directory tree. Maintaining these state information for each active user session greatly limits the number of sessions that FTP can maintain at the same time. Stateless HTTP does not have to maintain any user state information. The FTP service can work in active mode (active) and passive mode (passive) in two modes:

Active mode (general FTP server default mode): The FTP client opens a randomly selected TCP port to connect to the FTP server's 21 port request. When the Three-way handshake is completed, the connection is established successfully, but this is only the establishment of the control connection. When data is required at both ends, the client uses a port command to tell the server through a command-line channel, and the client can use another TCP port to do the data channel. The server then establishes a data connection with Port 20 and the TCP port that the client has just notified. Note: The connection direction is from the server to the client, and there will be a SYN flag in the TCP packet. The client then returns a confirmation packet with an ACK flag and completes another three-way handshake process. At this point, the data connection can be successfully established. Start data transfer.

Passive mode: The FTP client opens a randomly selected TCP port to connect to the FTP server's 21 port request to establish a connection and complete the control connection. When the two ends need to transmit data, the client sends a PASV command to the server via a command-line channel, requesting access to the passive transmission mode. The server then picks up a TCP port and tells the client, as in the 2nd step of the above active mode, with a control connection. The client then uses another TCP port to connect to the TCP port that the server has just told to establish the data channel. In this case, a SYN flag is present in the group. The server confirms and sends an ACK group back. and completes all handshake process, the successful establishment data channel, starts the data transmission.

Currently, there are many software that can implement FTP service, such as IIS under Windows platform, Wuftp and vsftp under Serv-u,linux platform. VSFTP (Very Secure FTP) is a very secure and fast-stable FTP server in Unix/linux, has been adopted by many large sites, VSFTPD is also the Rhel default FTP service, this article mainly describes vsftp related configuration methods.

First, install VSFTP.

RPM-IVH vsftpd-2.0.5-12.el5.rpm

After the installation is complete, the VSFTPD configuration file is/etc/vsftpd/vsftpd.conf, and the following command launches the VSFTPD and sets it to start automatically.

Service VSFTPD Restart Chkconfig vsftpd on

Second, the first FTP site.
VSFTP is ready to use when the installation is complete and started. Anonymous users can be used by default, and the following illustration uses the FTP command.

1: Connect to the FTP server using the FTP command.
2: Because of the current use of anonymous users to connect to the FTP server, all the input of anonymous users (general FTP server anonymous anonymous, where the FTP user is installed in the vsftp automatically created, the user is also vsftp anonymous users).
After connecting to VSFTP, its default directory is the user's home directory, and the FTP user's home directory is located in/var/ftp, all. The following figure is to connect the FTP server with other users of the system (if you open SELinux in Rhel, you need to run this command set Sebool-p ftp_home_dir=1).

third, configuration parameters.

Parameters	Description
Listen_address=ip Address	Specify listening IP
Listen_port=port_value	Specify the listening port, default
Anonymous_enable=yes	Use of anonymous accounts is allowed
Local_enable=yes	Whether to allow local users to log on
Nopriv_user=ftp	Specify the running account for the VSFTPD service and use FTP when not specified
Write_enable=yes	Whether to allow write
Anon_upload_enable=yes	Whether anonymous users can upload files
Anon_mkdir_write_enable=yes	Whether anonymous users create directories
Dirmessage_enable=yes	Entering each directory is the display of welcome information, which is set up in each directory . message file to write welcome information inside
Xferlog_enable=yes	log when uploading/downloading files
Connect_from_port_20=yes	Whether to transfer data using the port ( active mode is used )
Chown_uploads=yes,chown_username=whoever	Modify the owner of an anonymous user upload file
Xferlog_file=/var/log/vsftpd.log	Log files
Xferlog_std_format=yes	Using standard file Logs
idle_session_timeout=600	Session timeout, client connected to FTP but not operational
data_connection_timeout=120	Data transfer Timeout
Async_abor_enable=yes	Whether to allow clients to use commands such as sync
Ascii_upload_enable=yes,ascii_download_enable=yes	Whether to allow uploading / downloading of binary files
Chroot_local_user=yes	Restrict all local users to their own directory
Chroot_list_enable=yes,chroot_list_file=/etc/vsftpd/chroot_list	Specifies that users who cannot leave the home directory write a row of user names in the /etc/vsftpd/chroot_list file, using this method must be chroot_local_user=no
Ls_recurse_enable=yes	Whether to allow use of commands such as ls-r
Listen=yes	Open IPv4 monitor .
Listen_ipv6=yes	Open IPv6 monitor .
pam_service_name=vsftpd	use pam module control, vsftpd file in /etc/pam.d directory
userlist_enable=yes	After this option is activated, vsftpd will read userlist_file The list of users in the file specified by the parameter. When the user in the list is logged on to the ftp server, the user is forbidden before prompting for a password. That is, after the user name is entered, vsftpdvsftpd directly prohibit the user, will not be asked password and other subsequent steps to gather
userlist_deny=yes	decision to prohibit or only allow userlist_file The user in the specified file login ftp server. This option does not take effect until the userlist_enable yesnoftp server
Tcp_wrappers=yes	Whether to allow tcp_wrappers Management
Local_root=/home/ftp	root directory for all users, invalid for anonymous user
Anon_max_rate	Maximum transmission speed for anonymous users, in units of byts/s
Local_max_rate	Maximum transfer speed for local users, in units of byts/s
Download_enable= YES	Whether to allow downloading

In all of the above parameters, as long as the parameters involved in the upload will need to have write access to the local directory.

Four, identity certification.

In the above argument, you can prevent anonymous users from accessing by setting anonymous_enable to No. After you prohibit anonymous users, you can authorize users in the following ways:

Local Users: authenticated by the user name in/etc/passwd

Virtual User: supports saving user names and passwords in database files or database servers. Compared to the local user form of FTP, the virtual user is only the exclusive user of the FTP server, and the virtual user can only access the resources provided by the FTP server, which greatly enhances the security of the system itself. In contrast to anonymous users, virtual users require a username and password to obtain files in an FTP server, increasing the manageability of users and downloads. A virtual user is an excellent solution for users who need to provide a download service but do not want everyone to be able to download it anonymously, both for the download user and for the host Security and management convenience FTP site.
Local users are not introduced here, mainly introduces the implementation of virtual user two ways:

1. Use Local Data files:

Generate a virtual user file and create a/etc/vsftpd/vuser.txt file with the following contents:

Tonyzhang #虚拟用户1 Tomqin #虚拟用户2 #虚拟用户2密码

Install the build database RPM package: Db4-utils.

RPM-IVH db4-utils-4.3.29-9.fc6.i386.rpm

Build the virtual user database.

Db_load-t-T Hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser.txt

Create a local mapping user, modify the local mapped user home directory permissions.

useradd-d/var/ftp/vuserdir-s/sbin/nologin VUser chmod O+rw/var/ftp/vuserdir

Modify the PAM authentication file/etc/pam.d/vsftpd to annotate the original content.

Auth required/lib/security/pam_userdb.so db=/etc/vsftpd/vusers Account Required/lib/security/pam_userdb.so Db=/etc/vsftpd/vusers

Modify the/etc/vsfptd/vsftp.conf to add the following content.

Guest_enable=yes Guest_username=vuser

Current 1/2 page 12 Next read the full text