After an FTP server is built in Linux, the next step is to manage and Set permissions for the server. This work is directly related to the file security on the FTP server and the stability of the FTP server. Therefore, as a network administrator of an enterprise, the importance of this work cannot be ignored.
In Linux, FTP server management is more complex than Windwos. In Linux, the command line is used to manage and Configure permissions. In a Windows environment, you can configure it through the graphical interface, so the latter is relatively simple. However, in terms of flexibility, the former is much more advantageous. WU-FTP, for example, is the most widely used FTP software on Linux operating systems. In terms of permission management, it is much more flexible than Microsoft's built-in FTP server. Coupled with the security of the Linux operating system itself, the security of the WU-FTP server to a higher level.
Next I will talk about how to manage FTP server permissions in Linux on the collection of WU-FTP software.
In a word, the Wu-FTP software manages its own access permissions through groups. Specifically, you can get a full picture of the server permission management from the following aspects.
1. How to define a group?
Defining an Access Group for an FTP server, also called a class, is the most basic action for FTP server permission management. Subsequent permission management is based on this group. The/etc/ftpaccess configuration file is the main parameter file used to configure WU-FTP access permissions. Most FTP server permissions are configured in this file.
To define an FTP group, add the following statement to the parameter file:
ClassQA real, guest, anonymous 192.168.1 .*
This statement defines a QA group. In this group, there are three types of users: REAL (actually defined user), GUEST (GUEST Account), and ANONYMOUS (ANONYMOUS access account ). If there are currently three types of accounts, access the FTP server from the subnet of 192.168.1. *, it will belong to the QA group. If other IP addresses are used for access, even if their users belong to these three types of accounts, they do not belong to the QA group and do not have access permissions for this group. Obviously, you can manage FTP server access permissions by Combining IP addresses and accounts. This is more secure than managing with accounts.
This configuration method also has some other variants, and it can be reasonably matched to greatly improve access security and flexibility.
The first type of Deformation: IP addresses can be defined as domain names, which are widely used in large networks, such as group enterprises. For example, there is A group enterprise, and below there are three subsidiaries A, B and C. For the convenience of File Communication between employees of the Company, the Group Company established an FTP server on the Internet. However, the Group network administrator now hopes that each subsidiary can only access the folders of its own company on the FTP server. They cannot access folders of other subsidiaries. In this case, you can create three groups corresponding to their respective domain names. For example, the network domain name of Class A Enterprise real, guest, and anonymous. This statement indicates that all accounts accessing the FTP server from Company A belong to the group "Enterprise ". Then configure related permissions for this group so that enterprise A users can only access A specific file.
Second deformation mode: Use "!" To exclude specific IP addresses. For example, some specific IP addresses may be allocated to external users. For example, when a customer visits, we assign a specific IP address to the customer. This is mainly to prevent these users from accessing our company's network resources at will. To this end, we need to use "!" Symbol to exclude some IP addresses. We only need to add this exclamation point before the IP address in the preceding example to exclude this IP address.