FTP service,

FTP service,

================== FTP service:
FTP :( File Transfer Protocol) is one of the TCP/IP Protocol groups;
Architecture: C/S client/server
B/S browser/server
Link:
Command link ---------> command port 21
Data Link ---------> data
Connection Mode:
Active Mode: the server sends a connection request to the client from Port 20;

Passive Mode: a port of the server in the specified range passively waits for the client to initiate a connection request;

Transmission Mode:
Text mode: ASCII mode. Data is transmitted in a text sequence;
Binary Mode: Binary mode. Data is transmitted in Binary sequence;
Service Overview:

================ Set up the vsftpd service:

Server:

1. Install related software packages:
Yum-y install vsftpd
Service vsftpd start
Lsof-I: 21
* *****: By default, we log on using an ftp user. Only files can be downloaded, but files cannot be uploaded, therefore, when we log on to the ftp server, we can directly access the ftp user's home directory/var/ftp; create a local user to implementUpload and download files. The uploaded files are stored in the user's home directory;

2. Create a local user to upload and download files:

3. modify the configuration file:/etc/vsftpd. conf.

* ***** Man 5 vsftpd. conf command can be used to view the configuration meaning in the configuration file.
4. log on to the client and upload and download files:

 

 

==================== Anonymous user cases:

======================= Blacklist and whitelist:

 

=========== Virtual account: meets the access needs of a large number of accounts
If there are not many FTP users to access, you can directly create a system account to meet FTP access requests. However, when the number of users increases, it is unwise to create more system accounts. In this case, you need to create a virtual account For vsftpd. However, the data of the vsftpd virtual account must be stored in the data file in the Berkeley DB format, so you need to install the db4-utils tool to create such a data file:

1. Create a virtual account database:

First you need to create a plaintext password file, plaintext file odd behavior username, even behavior password, and then use the db_load tool to convert it to a database file, db_load tool needs to be obtained by installing db4-utils software, finally, you can modify file permissions to enhance data security;

2. Create the PAM file and set the verification based on the virtual account:
Linux generally sets the account authentication mechanism through the PAM file, and then creates a new PAM file to use the new data file for login authentication, the db option in the PAM file is the database file that specifies and verifies the account and password. The database file is not required. the suffix of the database name.

3. Set the shared directory of the virtual account:
Because all virtual accounts need to be mapped to a real system account, you need to add a system account and set the home directory. You can set a test file;
Useradd-s/sbin/nologin-d/home/ftp virtual
Cp/etc/passwd/home/ftp
4. Modify the main configuration file:
Similar to anonymous user settings, use the guest_enable option to enable the virtual account function;

5. Set an independent sharing path for each user:
By using the user_config_dir option in the main configuration file, you can set an account-based configuration directory under which several files with the same name as the account can be created, set independent configuration options for this account in the file, including permission and sharing path settings. In this way, you can set separate permissions for each account, of course, if you need to set permissions, speed limits, concurrency, and other options, you can refer to the anonymous account setting options to add them to the independent configuration file of the account;

6. Restart the service:
Service vsftpd restart

Related tests:

Related commands: mirror download folder
Mirror-R upload folder
Wget Command Parsing: it can only be used to download files, not to download folders. The downloaded files are stored in the current directory by default;

========================= FAQs:
1. Error Code 530: Login incorrect
It indicates that the Account Verification fails during the login process, probably because you are using a 64-bit operating system, while calling the library file in the pam file uses/lib/security/pam_usedb.so, the user name or password entered is incorrect. In addition, it may be the pam file name set by pam_service_name in the main configuration file of vsftpd and/etc/pam. d. The pam file name created in the file is inconsistent, causing the verification to fail;

2 error code: 500 OOPS: cannot change directory:/home/ftp/$ USER
This prompt indicates that the directory cannot be switched to the directory because the directory does not exist or has no permission. It may also be because SELinux cannot share the account's home directory. By default, SELinux cannot share the home directory;

3. Access to an active vsftpd server in windows is successful.
By default, windows will connect to the FTP server in passive mode. If you need to connect to the server in active mode, you need to modify the properties of the browser by searching the Advanced tab of Internet Options and finding the Passive FTP, cancel this function;

4. data cannot be uploaded after an account is logged on:
Check the settings of the main configuration file based on different login types. The anonymous account and virtual account check the permission settings starting with anon _, and the local account check the permission settings starting with local, make sure that the global write_enable is set to YES. In addition, you must modify the permission of the file system directory to ensure that the client account has the permission to access the directory;
Ll-d/var/ftp

5. An error occurred while starting the service: 500 OOPS: bad bool value in config file.
The vsftpd configuration file is set incorrectly. Check the file. The configuration file requires that each configuration item occupies an independent line and cannot contain more than one space;

======================= Log analysis and firewall problems:
Logs:

Security: