FTP File Transfer Service
Requirements Description:
? Adopt FTP virtual user, add three users: Zhangsan , Lisi , Wangwu .
? user access and file permissions control
U Open anonymous access, any user can download the server /var/ftp/soft/ directory of software information.
U user Zhangsan can upload and delete the/var/ftp/soft/directory of the server .
U user lisi can download information about marketing activities and sales proposals in the server/var/market/directory.
U user Wangwu can upload and delete the server /var/market/ directory.
U all files uploaded via FTP will go except for the write permission of the theme (the permission mask is set to 022).
you prohibit any user from accessing other directories that are not explicitly authorized on the server.
? transfer rate and concurrent connection control
You allow up to four concurrent user connections, with No more than 5 concurrent connections per IP .
The download bandwidth limit for anonymous users and Lisi users is 100kb/s.
U Wangwu user's download, upload bandwidth limit is 200kb/s.
Specific steps:
1. Insert and mount the disc and install the VSFTPD package. :
2. The VSFTPD service uses a database file in the Berkeley DB format to hold the virtual user account. The db_load tool is required to build this database file, and the Db_load tool is provided by the Db4_utils package, and the Db4_utils package needs to be installed from the RHEL5 CD directory before installation can do the following:
3. Create a text-formatted user name, password list
First, you need to establish a text format user name/password list file, odd behavior user name, even behavior on the line of the user's corresponding password. :
4. Create a database file in Berkeley DB format
After you have a text-formatted username/password list file, use this file as a data stream to create a database file in the Berkeley DB format from the Db_load tool.
In the Db_load command, the "-f" option is used to specify the data source file, and the "-t" option allows non-Berkeley DB applications to use a DB data file converted from text format, and the "-t hash" option specifies the basic method of reading the data file.
In order to improve the security of the virtual user account asking price, the asking price permission should be set to 600 to avoid the data leakage. Here's how it works:
5. Add the virtual user's mapping account, create the FTP root directory
The VSFTP server controls the virtual user in a way that maps all virtual users to the same system user, which is the FTP root directory that is shared by all virtual users when they log on. It is also necessary to add a corresponding system user account (this account does not need to set the password and shell).
6. Establish PAM Authentication file for virtual user
The default Pam authentication file for the VSFTPD service is located in/etc/pam.d/vsftpd, which is used for authentication with the Linux host's system user account. To read the virtual user's account file, you need to create a new Pam authentication configuration.
In the above PAM configuration content, the "db=/etc/vsftpd/vusers" parameter specifies the location of the virtual user database file to use (omitting the. db extension), which corresponds to the/etc/vsftpd/vusers.db file.
7. Modify the vsftpd configuration to add virtual user support
Add the guest_enable, guest_username configuration entries in the vsftpd.conf configuration file, corresponding all virtual users accessing the FTP service to the same system user account virtual, and modify the Pam_serivce_name configuration item, Point to the/ETC/PAM.D/VSFTPD.VU certification file that you established in the previous step.
In the VSFTPD service, virtual users are treated by default as anonymous users to reduce permissions, so the corresponding configuration items usually start with anon_.
8. Create the directory /var/ftp/soft/, set the owner to virtual, the permission is 755. :
9. Create separate profiles for different virtual users
With the previous steps, you can actually reload VSFTPD and provide services, and use any virtual user account to log in to the FTP server and download the files. However, because all virtual uses are mapped to the same system user account, FTP access is the same, either can only be downloaded, or can be uploaded.
To set different access permissions for different virtual user accounts, you can enable the standalone profile for the FTP user by establishing a separate profile for each virtual user, and you need to add a "user_config_dir" configuration entry through the vsftpd.conf configuration file.
With the above configuration, you can create profiles for each virtual user in the/etc/vsftpd/vusers_dir/directory.
After you enable the "User_config_dir" configuration item in the Vsftpd.conf file, you should establish a separate configuration user (which can be an empty file) for each virtual user, or the user may not be able to log on. In each user's standalone profile, you can add new configuration items to restrict access, download rate, and so on.
With the virtual user database file and the virtual user support added correctly for VSFTPD, the VSFTPD service program can be reloaded. Users can access the FTP server using the FTP client program and test it with a virtual user account.
FTP Server Setup Complete!
n using the user_list user list file
When the VSFTPD server has the "local_enable" configuration entry open, all system users can log on to this FTP server by default. If you only want to open the FTP service to a small subset of system users, you need to open the relevant configuration items for user list control, including Userlist_enbale, Userlist_deny. :
N Modify The listening address, port of the VSFTPD service
After you change the port number, Linux Visit: Ftp://IP Address Port number
N allow Passive mode with FTP server
? Active Mode: the server actively initiates a data connection. The client first establishes an FTP control connection to port 21 on the server, and when the data needs to be transferred, the client notifies it with the port command "I opened a port, you came to me", and the server sent the request from Port 20 to the client and established a data connection.
? Passive mode: the server waits for a data connection passively. Passive mode is typically used if the firewall on the network where the client is located prohibits active mode connections. The FTP control connection is first established by the client to port 21 on the server side. When the data needs to be transferred, the server has PASV command tells the client "I opened a port, you come to me", so the client sends a request to the server's port (not 20) and establishes a data connection.
FTP File Transfer Service